154100x8000000000000000483735311Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-08-29 14:48:48.201{EF490992-0550-64EE-7BC9-00000000DB02}6652C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\acrocef_1\RdrCEF.exe22.3.20322.0Adobe RdrCEFAdobe AcroCEFAdobe Systems IncorporatedAcroCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\acrocef_1\RdrCEF.exe" --backgroundcolor=16514043C:\Windows\system32\MSWIN-SERVER\Administrator{EF490992-7ED5-64E7-D2DE-160000000000}0x16ded22LowMD5=7FA89C125FA31D9C14FBAA7D7E4A3EAE,SHA256=5CDBEA6FF98ADF7397B0D4852933EB33F3781AA6465B7901DA8EA5D4330C892A{EF490992-054A-64EE-79C9-00000000DB02}5796C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Administrator\Downloads\CVE-2023-38831-winrar-exploit-main\CVE-2023-38831-winrar-exploit-main\CLASSIFIED_DOCUMENTS.pdf"MSWIN-SERVER\Administrator 154100x8000000000000000483734384Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-08-29 14:48:43.726{EF490992-054B-64EE-7AC9-00000000DB02}4540C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe22.3.20322.0Adobe Acrobat Reader Adobe Acrobat ReaderAdobe Systems IncorporatedAcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer /prefetch:1 "C:\Users\Administrator\Downloads\CVE-2023-38831-winrar-exploit-main\CVE-2023-38831-winrar-exploit-main\CLASSIFIED_DOCUMENTS.pdf"C:\Windows\system32\MSWIN-SERVER\Administrator{EF490992-7ED5-64E7-D2DE-160000000000}0x16ded22AppContainerMD5=FCCC26235A38158E42A4824DFCEE03BC,SHA256=4343566CF2D99E93E89944F8A71C020C30370BC80D691F99030C673FC11CF83F{EF490992-054A-64EE-79C9-00000000DB02}5796C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Administrator\Downloads\CVE-2023-38831-winrar-exploit-main\CVE-2023-38831-winrar-exploit-main\CLASSIFIED_DOCUMENTS.pdf"MSWIN-SERVER\Administrator 154100x8000000000000000483733679Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-08-29 14:48:42.867{EF490992-054A-64EE-79C9-00000000DB02}5796C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe22.3.20322.0Adobe Acrobat Reader Adobe Acrobat ReaderAdobe Systems IncorporatedAcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Administrator\Downloads\CVE-2023-38831-winrar-exploit-main\CVE-2023-38831-winrar-exploit-main\CLASSIFIED_DOCUMENTS.pdf"C:\Windows\system32\MSWIN-SERVER\Administrator{EF490992-7ED5-64E7-D2DE-160000000000}0x16ded22HighMD5=FCCC26235A38158E42A4824DFCEE03BC,SHA256=4343566CF2D99E93E89944F8A71C020C30370BC80D691F99030C673FC11CF83F{EF490992-053A-64EE-78C9-00000000DB02}1884C:\Windows\System32\OpenWith.exeC:\Windows\system32\OpenWith.exe -EmbeddingMSWIN-SERVER\Administrator 154100x8000000000000000483732446Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-08-29 14:48:26.273{EF490992-053A-64EE-77C9-00000000DB02}6260C:\Windows\System32\win32calc.exe10.0.14393.0 (rs1_release.160715-1616)Windows CalculatorMicrosoft® Windows® Operating SystemMicrosoft CorporationWIN32CALC.EXE"C:\Windows\System32\win32calc.exe" C:\Users\Administrator\Downloads\CVE-2023-38831-winrar-exploit-main\CVE-2023-38831-winrar-exploit-main\MSWIN-SERVER\Administrator{EF490992-7ED5-64E7-D2DE-160000000000}0x16ded22HighMD5=B31A19BA38F110838119299B50517073,SHA256=D7B378A4BC4DEAE748462D216D14A20CCB1BAC1D3FFBC67711DB2CC1D8B182B7{EF490992-053A-64EE-76C9-00000000DB02}6132C:\Windows\System32\calc.execalc.exe MSWIN-SERVER\Administrator 154100x8000000000000000483732193Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-08-29 14:48:26.095{EF490992-053A-64EE-76C9-00000000DB02}6132C:\Windows\System32\calc.exe10.0.14393.4169 (rs1_release.210107-1130)Windows CalculatorMicrosoft® Windows® Operating SystemMicrosoft CorporationCALC.EXEcalc.exe C:\Users\Administrator\Downloads\CVE-2023-38831-winrar-exploit-main\CVE-2023-38831-winrar-exploit-main\MSWIN-SERVER\Administrator{EF490992-7ED5-64E7-D2DE-160000000000}0x16ded22HighMD5=2A5CC198FEFC04C2B6B95207A91D3668,SHA256=04FA16D1FBB5F047E7BF9756E8DDC1365AFEAAB22DD4A2C3F03E067B75BED8EA{EF490992-0539-64EE-74C9-00000000DB02}6680C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\ADMINI~1\AppData\Local\Temp\2\Rar$DIa6312.48832\CLASSIFIED_DOCUMENTS.pdf .cmd" "MSWIN-SERVER\Administrator 154100x8000000000000000483732091Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-08-29 14:48:25.998{EF490992-0539-64EE-75C9-00000000DB02}7048C:\Windows\System32\conhost.exe10.0.14393.0 (rs1_release.160715-1616)Console Window HostMicrosoft® Windows® Operating SystemMicrosoft CorporationCONHOST.EXE\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1C:\WindowsMSWIN-SERVER\Administrator{EF490992-7ED5-64E7-D2DE-160000000000}0x16ded22HighMD5=D752C96401E2540A443C599154FC6FA9,SHA256=046F7A1B4DE67562547ED9A180A72F481FC41E803DE49A96D7D7C731964D53A0{EF490992-0539-64EE-74C9-00000000DB02}6680C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\ADMINI~1\AppData\Local\Temp\2\Rar$DIa6312.48832\CLASSIFIED_DOCUMENTS.pdf .cmd" "MSWIN-SERVER\Administrator 154100x8000000000000000483732085Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-08-29 14:48:25.991{EF490992-0539-64EE-74C9-00000000DB02}6680C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Users\ADMINI~1\AppData\Local\Temp\2\Rar$DIa6312.48832\CLASSIFIED_DOCUMENTS.pdf .cmd" "C:\Users\Administrator\Downloads\CVE-2023-38831-winrar-exploit-main\CVE-2023-38831-winrar-exploit-main\MSWIN-SERVER\Administrator{EF490992-7ED5-64E7-D2DE-160000000000}0x16ded22HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{EF490992-052F-64EE-71C9-00000000DB02}6312C:\Program Files\WinRAR\WinRAR.exe"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Administrator\Downloads\CVE-2023-38831-winrar-exploit-main\CVE-2023-38831-winrar-exploit-main\CVE-2023-38831-poc.rar"MSWIN-SERVER\Administrator 154100x8000000000000000483729868Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-08-29 14:48:15.909{EF490992-052F-64EE-71C9-00000000DB02}6312C:\Program Files\WinRAR\WinRAR.exe6.21.0WinRAR archiverWinRARAlexander RoshalWinRAR.exe"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Administrator\Downloads\CVE-2023-38831-winrar-exploit-main\CVE-2023-38831-winrar-exploit-main\CVE-2023-38831-poc.rar"C:\Users\Administrator\Downloads\CVE-2023-38831-winrar-exploit-main\CVE-2023-38831-winrar-exploit-main\MSWIN-SERVER\Administrator{EF490992-7ED5-64E7-D2DE-160000000000}0x16ded22HighMD5=D52AA2E22AF1908BFA94B95E54165DF5,SHA256=70A787B94DC04E63E6D779F66780DA7E35B2D1B0F4007DC4C8F6792B3F3E7879{EF490992-7ED8-64E7-F800-00000000DB02}5012C:\Windows\explorer.exeC:\Windows\Explorer.EXEMSWIN-SERVER\Administrator 154100x8000000000000000483728032Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-08-29 14:48:06.846{EF490992-0526-64EE-70C9-00000000DB02}6256C:\Program Files\WinRAR\WinRAR.exe6.21.0WinRAR archiverWinRARAlexander RoshalWinRAR.exe"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ver -imon1 -- "C:\Users\Administrator\Downloads\CVE-2023-38831-winrar-exploit-main.zip" C:\Users\Administrator\Downloads\CVE-2023-38831-winrar-exploit-main\C:\Users\Administrator\Downloads\MSWIN-SERVER\Administrator{EF490992-7ED5-64E7-D2DE-160000000000}0x16ded22HighMD5=D52AA2E22AF1908BFA94B95E54165DF5,SHA256=70A787B94DC04E63E6D779F66780DA7E35B2D1B0F4007DC4C8F6792B3F3E7879{EF490992-7ED8-64E7-F800-00000000DB02}5012C:\Windows\explorer.exeC:\Windows\Explorer.EXEMSWIN-SERVER\Administrator 154100x8000000000000000483721116Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-08-29 14:47:45.035{EF490992-0511-64EE-64C9-00000000DB02}6872C:\Users\Administrator\Downloads\winrar-x64-621.exe6.21.0WinRAR archiverWinRARAlexander RoshalWinRAR.exe"C:\Users\Administrator\Downloads\winrar-x64-621.exe" C:\Users\Administrator\Downloads\MSWIN-SERVER\Administrator{EF490992-7ED5-64E7-D2DE-160000000000}0x16ded22MediumMD5=9A548D975892206BFC4B79A41B4C3D64,SHA256=AF51D8714FBB34157E3BD53FCECDD76BCC0ED732F89CF469F544AEC968D192D9{EF490992-04B1-64EE-37C9-00000000DB02}6352C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"MSWIN-SERVER\Administrator 154100x8000000000000000483701474Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-08-29 14:46:02.988{EF490992-04AA-64EE-30C9-00000000DB02}4960C:\Program Files\Mozilla Firefox\firefox.exe116.0.2FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\MSWIN-SERVER\Administrator{EF490992-7ED5-64E7-D2DE-160000000000}0x16ded22HighMD5=9525A41BAED6025A6235C953BF4D4AD8,SHA256=F5531C516880BFD04DDDF6840729160EBD907F5FE431E08F9E7DADE5CB9192F9{EF490992-7ED8-64E7-F800-00000000DB02}5012C:\Windows\explorer.exeC:\Windows\Explorer.EXEMSWIN-SERVER\Administrator 154100x80000000000000001206605663Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:41:08.615{DC3C0328-0384-64EE-19DE-00000000E002}20320C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-0382-64EE-18DE-00000000E002}16940C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206599771Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:40:11.851{DC3C0328-034B-64EE-12DE-00000000E002}6064C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-0349-64EE-11DE-00000000E002}16488C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206585638Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:38:11.359{DC3C0328-02D3-64EE-03DE-00000000E002}10416C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-02D1-64EE-02DE-00000000E002}13740C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206578021Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:37:08.950{DC3C0328-0294-64EE-FCDD-00000000E002}10488C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-0292-64EE-FBDD-00000000E002}16416C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206569385Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:36:09.692{DC3C0328-0259-64EE-F2DD-00000000E002}20108C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-0257-64EE-F1DD-00000000E002}13648C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206562685Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:35:09.704{DC3C0328-021D-64EE-EBDD-00000000E002}1292C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-021B-64EE-EADD-00000000E002}10040C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206542748Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:32:10.658{DC3C0328-016A-64EE-D5DD-00000000E002}15020C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-0168-64EE-D4DD-00000000E002}3224C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206533733Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:31:08.763{DC3C0328-012C-64EE-CBDD-00000000E002}15244C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-012A-64EE-CADD-00000000E002}17572C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206527113Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:30:11.416{DC3C0328-00F3-64EE-C4DD-00000000E002}21292C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-00F1-64EE-C3DD-00000000E002}14976C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206518970Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:29:08.654{DC3C0328-00B4-64EE-BBDD-00000000E002}6912C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-00B2-64EE-BADD-00000000E002}8528C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206497331Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:26:09.860{DC3C0328-0001-64EE-A3DD-00000000E002}20744C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-FFFF-64ED-A2DD-00000000E002}17728C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206490653Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:25:08.719{DC3C0328-FFC4-64ED-9CDD-00000000E002}19708C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-FFC2-64ED-9BDD-00000000E002}17728C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206483426Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:24:10.109{DC3C0328-FF8A-64ED-94DD-00000000E002}17700C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-FF88-64ED-93DD-00000000E002}18044C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206476492Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:23:08.905{DC3C0328-FF4C-64ED-8DDD-00000000E002}19872C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-FF4A-64ED-8CDD-00000000E002}5556C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206454092Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:20:11.233{DC3C0328-FE9B-64ED-72DD-00000000E002}17580C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-FE98-64ED-71DD-00000000E002}380C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206447161Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:19:08.609{DC3C0328-FE5C-64ED-6ADD-00000000E002}13660C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-FE5A-64ED-69DD-00000000E002}19944C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206440001Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:18:10.139{DC3C0328-FE22-64ED-63DD-00000000E002}20308C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-FE20-64ED-62DD-00000000E002}3364C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206433090Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:17:08.921{DC3C0328-FDE4-64ED-5CDD-00000000E002}10836C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-FDE2-64ED-5BDD-00000000E002}5936C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206424821Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:16:10.547{DC3C0328-FDAA-64ED-52DD-00000000E002}7228C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-FDA8-64ED-51DD-00000000E002}19944C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206418016Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:15:08.548{DC3C0328-FD6C-64ED-4BDD-00000000E002}464C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-FD6A-64ED-4ADD-00000000E002}19876C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206411136Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:14:09.875{DC3C0328-FD31-64ED-43DD-00000000E002}12216C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-FD2F-64ED-42DD-00000000E002}19728C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206404051Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:13:08.524{DC3C0328-FCF4-64ED-3CDD-00000000E002}13428C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-FCF2-64ED-3BDD-00000000E002}14756C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206397124Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:12:10.514{DC3C0328-FCBA-64ED-35DD-00000000E002}19976C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-FCB8-64ED-34DD-00000000E002}8560C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206388679Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:11:08.952{DC3C0328-FC7C-64ED-2BDD-00000000E002}19184C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-FC7A-64ED-2ADD-00000000E002}17740C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206381966Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:10:10.375{DC3C0328-FC42-64ED-24DD-00000000E002}20592C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-FC40-64ED-23DD-00000000E002}3120C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206367621Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:08:10.871{DC3C0328-FBCA-64ED-15DD-00000000E002}20592C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-FBC8-64ED-14DD-00000000E002}8528C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206352450Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:06:10.126{DC3C0328-FB52-64ED-04DD-00000000E002}20800C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-FB50-64ED-03DD-00000000E002}3580C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206338510Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:04:10.917{DC3C0328-FADA-64ED-F5DC-00000000E002}13172C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-FAD8-64ED-F4DC-00000000E002}20876C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206331567Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:03:08.987{DC3C0328-FA9C-64ED-EEDC-00000000E002}5176C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-FA9A-64ED-EDDC-00000000E002}12216C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001206324340Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-08-29 14:02:11.536{DC3C0328-FA63-64ED-E6DC-00000000E002}19568C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "ver"C:\Windows\system32\NT AUTHORITY\SYSTEM{DC3C0328-7CF6-64E7-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{DC3C0328-FA61-64ED-E5DC-00000000E002}21396C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"C:\Program Files\SplunkUniversalForwarder\etc\apps\win_inputs_app\bin\ppredict.exe"NT AUTHORITY\SYSTEM