154100x800000000000000048413269Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-03-30 13:58:33.428{2897A50F-9589-6425-69C3-00000000C702}4680C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe18.12.4073CX Desktop App3CX Desktop App3CX Ltd.3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.14393.2608 --user-data-dir="C:\Users\Administrator\AppData\Roaming\3CXDesktopApp" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2960 --field-trial-handle=1440,i,6450657131065979424,6199605457471520123,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\ATTACKRANGE\Administrator{2897A50F-6B1C-641C-7238-170000000000}0x1738722HighMD5=BB915073385DD16A846DFA318AFA3C19,SHA256=DDE03348075512796241389DFEA5560C20A3D2A2EAC95C894E7BBED5E85A0ACC{2897A50F-950F-6425-47C3-00000000C702}5388C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe" ATTACKRANGE\Administrator
154100x800000000000000048412347Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-03-30 13:58:03.281{2897A50F-956B-6425-64C3-00000000C702}3004C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe18.12.4073CX Desktop App3CX Desktop App3CX Ltd.3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors=true --ignore-certificate-errors=true --user-data-dir="C:\Users\Administrator\AppData\Roaming\3CXDesktopApp" --standard-schemes=voipc --enable-sandbox --secure-schemes=voipc --bypasscsp-schemes --cors-schemes=voipc --fetch-schemes=voipc --service-worker-schemes=voipc --streaming-schemes --mojo-platform-channel-handle=1540 --field-trial-handle=1456,i,11977761335410465267,15633271931220721704,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\ATTACKRANGE\Administrator{2897A50F-6B1C-641C-7238-170000000000}0x1738722HighMD5=BB915073385DD16A846DFA318AFA3C19,SHA256=DDE03348075512796241389DFEA5560C20A3D2A2EAC95C894E7BBED5E85A0ACC{2897A50F-956A-6425-62C3-00000000C702}6116C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe" ATTACKRANGE\Administrator
154100x800000000000000048412268Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-03-30 13:58:03.135{2897A50F-956B-6425-63C3-00000000C702}884C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe18.12.4073CX Desktop App3CX Desktop App3CX Ltd.3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe" --type=gpu-process --user-data-dir="C:\Users\Administrator\AppData\Roaming\3CXDesktopApp" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1376 --field-trial-handle=1456,i,11977761335410465267,15633271931220721704,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\ATTACKRANGE\Administrator{2897A50F-6B1C-641C-7238-170000000000}0x1738722LowMD5=BB915073385DD16A846DFA318AFA3C19,SHA256=DDE03348075512796241389DFEA5560C20A3D2A2EAC95C894E7BBED5E85A0ACC{2897A50F-956A-6425-62C3-00000000C702}6116C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe" ATTACKRANGE\Administrator
154100x800000000000000048412100Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-03-30 13:58:02.495{2897A50F-956A-6425-62C3-00000000C702}6116C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe18.12.4073CX Desktop App3CX Desktop App3CX Ltd.3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe" C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\ATTACKRANGE\Administrator{2897A50F-6B1C-641C-7238-170000000000}0x1738722HighMD5=BB915073385DD16A846DFA318AFA3C19,SHA256=DDE03348075512796241389DFEA5560C20A3D2A2EAC95C894E7BBED5E85A0ACC{2897A50F-F9D7-6421-B978-00000000C702}3580C:\Windows\explorer.exe"C:\Windows\explorer.exe" /NOUACCHECKATTACKRANGE\Administrator
154100x800000000000000048408387Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-03-30 13:57:02.329{2897A50F-952E-6425-58C3-00000000C702}4612C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe18.12.4073CX Desktop App3CX Desktop App3CX Ltd.3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors=true --ignore-certificate-errors=true --user-data-dir="C:\Users\Administrator\AppData\Roaming\3CXDesktopApp" --standard-schemes=voipc --enable-sandbox --secure-schemes=voipc --bypasscsp-schemes --cors-schemes=voipc --fetch-schemes=voipc --service-worker-schemes=voipc --streaming-schemes --mojo-platform-channel-handle=1540 --field-trial-handle=1460,i,11406577500535910640,1017874995323467873,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\ATTACKRANGE\Administrator{2897A50F-6B1C-641C-7238-170000000000}0x1738722HighMD5=BB915073385DD16A846DFA318AFA3C19,SHA256=DDE03348075512796241389DFEA5560C20A3D2A2EAC95C894E7BBED5E85A0ACC{2897A50F-952D-6425-56C3-00000000C702}5884C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe" ATTACKRANGE\Administrator
154100x800000000000000048408312Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-03-30 13:57:02.186{2897A50F-952E-6425-57C3-00000000C702}6972C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe18.12.4073CX Desktop App3CX Desktop App3CX Ltd.3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe" --type=gpu-process --user-data-dir="C:\Users\Administrator\AppData\Roaming\3CXDesktopApp" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1400 --field-trial-handle=1460,i,11406577500535910640,1017874995323467873,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\ATTACKRANGE\Administrator{2897A50F-6B1C-641C-7238-170000000000}0x1738722LowMD5=BB915073385DD16A846DFA318AFA3C19,SHA256=DDE03348075512796241389DFEA5560C20A3D2A2EAC95C894E7BBED5E85A0ACC{2897A50F-952D-6425-56C3-00000000C702}5884C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe" ATTACKRANGE\Administrator
154100x800000000000000048408154Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-03-30 13:57:01.353{2897A50F-952D-6425-56C3-00000000C702}5884C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe18.12.4073CX Desktop App3CX Desktop App3CX Ltd.3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe" C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\ATTACKRANGE\Administrator{2897A50F-6B1C-641C-7238-170000000000}0x1738722HighMD5=BB915073385DD16A846DFA318AFA3C19,SHA256=DDE03348075512796241389DFEA5560C20A3D2A2EAC95C894E7BBED5E85A0ACC{2897A50F-952D-6425-55C3-00000000C702}5236C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\3CXDesktopApp.exe" ATTACKRANGE\Administrator
154100x800000000000000048408113Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-03-30 13:57:01.135{2897A50F-952D-6425-55C3-00000000C702}5236C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\3CXDesktopApp.exe18.12.407.03CX Desktop App3CX Desktop App3CX Ltd.-"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\3CXDesktopApp.exe" C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\ATTACKRANGE\Administrator{2897A50F-6B1C-641C-7238-170000000000}0x1738722HighMD5=08D79E1FFFA244CC0DC61F7D2036ACA9,SHA256=54004DFAA48CA5FA91E3304FB99559A2395301C570026450882D6AAD89132A02{2897A50F-F9D7-6421-B978-00000000C702}3580C:\Windows\explorer.exe"C:\Windows\explorer.exe" /NOUACCHECKATTACKRANGE\Administrator
154100x800000000000000048406928Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-03-30 13:56:36.758{2897A50F-9514-6425-52C3-00000000C702}4724C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe18.12.4073CX Desktop App3CX Desktop App3CX Ltd.3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors=true --ignore-certificate-errors=true --user-data-dir="C:\Users\Administrator\AppData\Roaming\3CXDesktopApp" --standard-schemes=voipc --enable-sandbox --secure-schemes=voipc --bypasscsp-schemes --cors-schemes=voipc --fetch-schemes=voipc --service-worker-schemes=voipc --streaming-schemes --mojo-platform-channel-handle=3200 --field-trial-handle=1440,i,6450657131065979424,6199605457471520123,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\ATTACKRANGE\Administrator{2897A50F-6B1C-641C-7238-170000000000}0x1738722HighMD5=BB915073385DD16A846DFA318AFA3C19,SHA256=DDE03348075512796241389DFEA5560C20A3D2A2EAC95C894E7BBED5E85A0ACC{2897A50F-950F-6425-47C3-00000000C702}5388C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe" ATTACKRANGE\Administrator
154100x800000000000000048406869Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-03-30 13:56:36.608{2897A50F-9514-6425-51C3-00000000C702}7096C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe18.12.4073CX Desktop App3CX Desktop App3CX Ltd.3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --ignore-certificate-errors=true --ignore-certificate-errors=true --user-data-dir="C:\Users\Administrator\AppData\Roaming\3CXDesktopApp" --standard-schemes=voipc --enable-sandbox --secure-schemes=voipc --bypasscsp-schemes --cors-schemes=voipc --fetch-schemes=voipc --service-worker-schemes=voipc --streaming-schemes --mojo-platform-channel-handle=3252 --field-trial-handle=1440,i,6450657131065979424,6199605457471520123,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\ATTACKRANGE\Administrator{2897A50F-6B1C-641C-7238-170000000000}0x1738722LowMD5=BB915073385DD16A846DFA318AFA3C19,SHA256=DDE03348075512796241389DFEA5560C20A3D2A2EAC95C894E7BBED5E85A0ACC{2897A50F-950F-6425-47C3-00000000C702}5388C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe" ATTACKRANGE\Administrator
154100x800000000000000048406747Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-03-30 13:56:35.878{2897A50F-9513-6425-50C3-00000000C702}6820C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe18.12.4073CX Desktop App3CX Desktop App3CX Ltd.3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe" --type=renderer --user-data-dir="C:\Users\Administrator\AppData\Roaming\3CXDesktopApp" --standard-schemes=voipc --enable-sandbox --secure-schemes=voipc --bypasscsp-schemes --cors-schemes=voipc --fetch-schemes=voipc --service-worker-schemes=voipc --streaming-schemes --app-user-model-id=9071E5B59CCA4D120EC8D975AF3F02AB --app-path="C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\resources\app.asar" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --launch-time-ticks=601761347221 --mojo-platform-channel-handle=2968 --field-trial-handle=1440,i,6450657131065979424,6199605457471520123,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\ATTACKRANGE\Administrator{2897A50F-6B1C-641C-7238-170000000000}0x1738722LowMD5=BB915073385DD16A846DFA318AFA3C19,SHA256=DDE03348075512796241389DFEA5560C20A3D2A2EAC95C894E7BBED5E85A0ACC{2897A50F-950F-6425-47C3-00000000C702}5388C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe" ATTACKRANGE\Administrator
154100x800000000000000048405578Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-03-30 13:56:33.949{2897A50F-9511-6425-4DC3-00000000C702}1288C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe18.12.4073CX Desktop App3CX Desktop App3CX Ltd.3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe" --type=renderer --user-data-dir="C:\Users\Administrator\AppData\Roaming\3CXDesktopApp" --standard-schemes=voipc --enable-sandbox --secure-schemes=voipc --bypasscsp-schemes --cors-schemes=voipc --fetch-schemes=voipc --service-worker-schemes=voipc --streaming-schemes --app-user-model-id=9071E5B59CCA4D120EC8D975AF3F02AB --app-path="C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=601759370546 --mojo-platform-channel-handle=2532 --field-trial-handle=1440,i,6450657131065979424,6199605457471520123,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\ATTACKRANGE\Administrator{2897A50F-6B1C-641C-7238-170000000000}0x1738722LowMD5=BB915073385DD16A846DFA318AFA3C19,SHA256=DDE03348075512796241389DFEA5560C20A3D2A2EAC95C894E7BBED5E85A0ACC{2897A50F-950F-6425-47C3-00000000C702}5388C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe" ATTACKRANGE\Administrator
154100x800000000000000048405132Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-03-30 13:56:33.664{2897A50F-9511-6425-4BC3-00000000C702}4956C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe18.12.4073CX Desktop App3CX Desktop App3CX Ltd.3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --ignore-certificate-errors=true --ignore-certificate-errors=true --user-data-dir="C:\Users\Administrator\AppData\Roaming\3CXDesktopApp" --standard-schemes=voipc --enable-sandbox --secure-schemes=voipc --bypasscsp-schemes --cors-schemes=voipc --fetch-schemes=voipc --service-worker-schemes=voipc --streaming-schemes --mojo-platform-channel-handle=1548 --field-trial-handle=1440,i,6450657131065979424,6199605457471520123,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\ATTACKRANGE\Administrator{2897A50F-6B1C-641C-7238-170000000000}0x1738722HighMD5=BB915073385DD16A846DFA318AFA3C19,SHA256=DDE03348075512796241389DFEA5560C20A3D2A2EAC95C894E7BBED5E85A0ACC{2897A50F-950F-6425-47C3-00000000C702}5388C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe" ATTACKRANGE\Administrator
154100x800000000000000048404908Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-03-30 13:56:33.535{2897A50F-9511-6425-49C3-00000000C702}4784C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeC:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v 3CXDeskTopAppC:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\ATTACKRANGE\Administrator{2897A50F-6B1C-641C-7238-170000000000}0x1738722HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD{2897A50F-950F-6425-47C3-00000000C702}5388C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe" ATTACKRANGE\Administrator
154100x800000000000000048404806Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-03-30 13:56:33.490{2897A50F-9511-6425-48C3-00000000C702}4788C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe18.12.4073CX Desktop App3CX Desktop App3CX Ltd.3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe" --type=gpu-process --user-data-dir="C:\Users\Administrator\AppData\Roaming\3CXDesktopApp" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1360 --field-trial-handle=1440,i,6450657131065979424,6199605457471520123,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\ATTACKRANGE\Administrator{2897A50F-6B1C-641C-7238-170000000000}0x1738722LowMD5=BB915073385DD16A846DFA318AFA3C19,SHA256=DDE03348075512796241389DFEA5560C20A3D2A2EAC95C894E7BBED5E85A0ACC{2897A50F-950F-6425-47C3-00000000C702}5388C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe" ATTACKRANGE\Administrator
154100x800000000000000048404192Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-03-30 13:56:31.237{2897A50F-950F-6425-47C3-00000000C702}5388C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe18.12.4073CX Desktop App3CX Desktop App3CX Ltd.3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\3CXDesktopApp.exe" C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\app\ATTACKRANGE\Administrator{2897A50F-6B1C-641C-7238-170000000000}0x1738722HighMD5=BB915073385DD16A846DFA318AFA3C19,SHA256=DDE03348075512796241389DFEA5560C20A3D2A2EAC95C894E7BBED5E85A0ACC{2897A50F-950E-6425-46C3-00000000C702}532C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\3CXDesktopApp.exe"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\3CXDesktopApp.exe" ATTACKRANGE\Administrator
154100x800000000000000048403910Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-03-30 13:56:30.773{2897A50F-950E-6425-46C3-00000000C702}532C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\3CXDesktopApp.exe18.12.407.03CX Desktop App3CX Desktop App3CX Ltd.-"C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\3CXDesktopApp.exe" C:\Users\Administrator\AppData\Local\Programs\3CXDesktopApp\ATTACKRANGE\Administrator{2897A50F-6B1C-641C-7238-170000000000}0x1738722HighMD5=08D79E1FFFA244CC0DC61F7D2036ACA9,SHA256=54004DFAA48CA5FA91E3304FB99559A2395301C570026450882D6AAD89132A02{2897A50F-9508-6425-43C3-00000000C702}5508C:\Windows\SysWOW64\msiexec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 52559C9D2BCFAE031B59CD04D26575BAATTACKRANGE\Administrator