23542300x800000000000000031594Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:12.907{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A7BA12C2A0CC2B176F326D040C13689,SHA256=9E8F9C164658AD80C33BB863DBC52C06ED34FB6E6B085B722F11168FA140C913,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058035Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:12.293{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B4AEFDB8E48705AF025292A46A581CE,SHA256=E6FD00DA6B5535D1A3351465652EAF66780E2DA5DE5AE33D977BEEC8CC16B0D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058034Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:12.191{6F5BEE90-18B8-61E9-2900-000000002102}2920NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0571bb7ceded66ec2\channels\health\surveyor-20220120080928-144MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031595Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:13.907{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3496DCA61D61388F81F62A3CE6599F6C,SHA256=F7FC3D982D511A3C1382F5D5A4D3CC086DFF46FEDC6759098E6F34EAA73AF0E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058036Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:13.311{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53CC0891C252879AFCC6E1A20E6CF538,SHA256=562DB87A99FF2D87B1340D6DE6349E7F39B08757B07BF7FC451AF96578C9D844,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031596Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:14.907{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D7D4CFCEE770B16900600A985A2D86DD,SHA256=B12EB030CCA9DCAA6267C4611F8D1A23F41448A3856B76497CB4DB651BD77E2A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058038Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:13.406{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52427-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000058037Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:14.326{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CBFD53B110C607E66F29B1B2CBBA4F3E,SHA256=000AD091C0AF51FEB4E899F69791077267258C8571FFE4220C86ACD81F5514C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031598Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:15.907{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5CCF6D5AA27BA65E0C6BC3E0DC8DA34,SHA256=D9E6BE76D04FBC4646320117D36B7C4CCA0DDDE84BF9BE20EEB979FF4CA5EFFA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058040Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:15.473{6F5BEE90-18AA-61E9-1100-000000002102}480NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=E6DA5D2E1C062D208AA03094E1FCD231,SHA256=93E2A7F3221E3F16C5C90304B56D13FC617C6144CB776A75BB9236CED8076934,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058039Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:15.357{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2576587DEC5D1440988973E55F5A9188,SHA256=3DE147A30518E48E92501B7E78DF649D4CE3D493484B757DEEF9E96FAB199007,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031597Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:12.843{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51370-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031599Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:16.907{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC427D635193187D783CCE220D6DF218,SHA256=5A4655A0545A32C690B1C53F21DDDB459225DAF7D8629719DA4624248247D574,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058041Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:16.358{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77D0675840560726E237339B2CDB7619,SHA256=40DE2618376D2862E76102DA543DF4F4CEC1F7EF612FEC954F728FEC51F19F83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031601Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:17.923{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B30510F5139B422CB4B7FEF80E2DE8E0,SHA256=AA604A03E0BE386B2ED95DA1FFED6E015BA0A8C8431ED6BCA7AA6E9BF3FFF1B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058042Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:17.369{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A98DB39FA12B86DD57EF801F7960CF86,SHA256=15F747D21402896039926120671C5B32675C7AE798DF2BED0FB4D96671323ACB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031600Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:17.314{CE7C8936-1B12-61E9-AB00-000000002202}1912NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9E11AA9F3452DB0F16F9E79CCD407159,SHA256=0B6123CF67044127245D77723D015AECD3385919E1F78356EC114EAF4F576866,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031602Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:18.939{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81E9E81CC7F36703A4ED3BE4D66E500C,SHA256=B694516BDC280680E4C037D13AECCA1F301F790F31FFE4B823E2BB118521271B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058043Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:18.403{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30F46A4E4F0A5E058ADCC1FE076A9A34,SHA256=C062A22DD77994F2FEF612B3B13FB066D46DCE852EB87202ADD8CE78C92F1A09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031604Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:19.954{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0696AD20901513AA3411E767D57E9DEB,SHA256=9BC5CB2F264E8BE630221D958A0B3DAEA33AEE65B8DD21F4E645E79074A2DF5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058044Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:19.421{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FFF0E50498F47C346DBC3456F0A5113A,SHA256=4D15DA8CBEAF24E8354DB978E297CBDCE51EF848BEA4D264C9AC21CF55CC39A4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031603Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:17.015{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51371-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000031605Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:20.954{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=37AEEDCA9B98E355818F699E1CD3E804,SHA256=7E5B8B3272C5E5A3834EDD9BD444B961112DF81A4B17C2D80CACE6847D0F6249,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058046Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:20.621{6F5BEE90-18B8-61E9-2F00-000000002102}3024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9E11AA9F3452DB0F16F9E79CCD407159,SHA256=0B6123CF67044127245D77723D015AECD3385919E1F78356EC114EAF4F576866,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058045Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:20.436{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A169CE73A55983397C3C97B346AAC13F,SHA256=03F071C1564693FE1404834CAA18A00D13BA0A1F051C8BED6542633659FEA3E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031607Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:21.970{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B53C7E5A02ED76B6E986183A320DC68,SHA256=E187798BA2D7606843E5F4ED7D9A7A2C942E63A1A587D8E6B5B31B5D1355EF72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058048Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:21.452{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9D798AB551C1DAA300A339863447BD2,SHA256=A20F90D2BBC2E727028508847947970F5898A0B4C7F6572A895DD2240B8ABC9D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031606Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:18.874{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51372-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000058047Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:19.333{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52428-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000058050Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:22.452{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E67AB4C6014ECC69F429231CAC8DD035,SHA256=9AA6EE243828E2F7EEA4D43F886D7D1E9F3C271D0F9286BA6522CD341BAE9745,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058049Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:20.894{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52429-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000058051Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:23.467{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E60A69EBA717478ECADFD70C98AF148,SHA256=2242F665866724B0882C618C65C3474A44811ED02C3B5617B80A05801A80C64C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031608Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:23.001{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=990903B1E55B655383343DD5AE3E9783,SHA256=59E91E758D815BED3240D2F7464B676C502E6DF911D53D0386CF0ACA1238D591,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058052Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:24.500{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A24F68F01227878D2106BD0E49539227,SHA256=6E17A7C83752AF332766E5489455466C024602B6ECE7792F33243DBC36065B33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031609Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:24.173{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3E333CF1BFDE2EFD60E1B4A4C8A8288,SHA256=3CE68F130A68B583DFB1FAFFCB51C8FA49A14EE783DC39B4431D3BDB18DF3FDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058053Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:25.535{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=826D04E04B242CE1CBE84B222768F6E3,SHA256=3BBD3AE4CEE808BE97D8847110B900838C4DAC4E88DE74057D4058CA72182C20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031610Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:25.173{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8DB9216503E6EE722D8F3F2D804D7710,SHA256=34FB238A6461135E8DE26D7B2A5B0DB5D320D6345D5F35987EFF0A1C592BC3BF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031612Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:24.812{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51373-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031611Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:26.189{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E72001A95EFA12DC3D5F1ECA0E717D4,SHA256=5F6FEF342A976B16EBDD43DC30BF55B79249DB9FD8956164A1C5ABAD277597D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058054Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:26.566{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B90C33B169D63D5DFE9C26FD49BFA6A,SHA256=670B45262580E93C90228224B62C9BE172375664395D0F70E222403608758A2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058056Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:27.592{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B4AC92E44A9EF8FB4EE32E859851333,SHA256=4ED1396C2F0E38E9473EAD21940EE3C615FA325FB06542AF1939EAEBC6E2F53D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031613Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:27.220{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7AED5E3DD9DC6558A09190C6FA475871,SHA256=4AB1DD806218D0D1FA8F9A2CCF011912C43BAAFD81839E52B532C39698F9FD36,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058055Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:25.346{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52430-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000058057Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:28.595{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=24FBE01C6B6B2E75D6122635D32763BD,SHA256=FA723B975C112BCE902BBA363B9DC17E9D9C4890166B8F3739F217D89CDADD1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031614Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:28.223{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85DA3F69BC25345A9FCD9FF6EDD7DE85,SHA256=D1DFD587E29D84D547DE8060206E763928A19866FE1669C7E9F9544FAF767C1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058058Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:29.596{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF3B16198FC16FA4CDB52DE98C60C8DE,SHA256=2516C4A16C269A53498DF6178D5C0B50E8000181D0A8B864C9968FD10D780EE7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031619Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:27.764{CE7C8936-1A7C-61E9-1000-000000002202}920C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse184.105.139.69scan-03.shadowserver.org39764-false10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal3389ms-wbt-server 10341000x800000000000000031618Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:29.411{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7C-61E9-0B00-000000002202}604C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031617Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:29.411{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7C-61E9-0B00-000000002202}604C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031616Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:29.411{CE7C8936-1A7C-61E9-0B00-000000002202}6043324C:\Windows\system32\lsass.exe{CE7C8936-1A7C-61E9-0A00-000000002202}596C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+1b8ad|C:\Windows\system32\lsasrv.dll+2878b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000031615Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:29.254{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=92845E5F4CD721788A028383B3AF410A,SHA256=6943290731ECDF0959EA13B8D2F203BB61FC995DF4E76055DC584C1BD7E39C5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058059Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:30.615{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9632DDC263F3B721E2CBBCB19CF5BAAB,SHA256=B9254CFBFDB9C82F787F173D28B3396A70D822897972927BF39B8E00A335F290,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031622Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:30.442{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=138581933C46B600CBAAAF2BBBEE00F9,SHA256=9E52A06F7BC66F5B755BCB56EA6FD9CCDF991E32DD62E2CEB2B477018D041CA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031621Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:30.442{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=26BEC39B4377DEAB9D32710BA5BAC2CA,SHA256=88B8D801F876FD98A6B29D69167111B8B0CB6462A1A193E4C44E36EAAF5C83D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031620Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:30.270{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32ABB42711CB8BEB7515929DA591BD61,SHA256=FA36BEF3DB6CBB2073AD0F46C2A08514EDC681631883AC131289BE228F6A4195,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031623Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:31.286{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=543282327C0AC2571D256502CF7EE600,SHA256=F1806AC586B7902BD141EF6F291603D4EE02492D5D39F024851A4FD7217559FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058061Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:31.635{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C96559D15D6F724E0E4E0A2765D7B28,SHA256=16ED8C2C743DEC8AFF5B14B8D1A5C15381242845554D393D9C8738EE820CFDC5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058060Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:29.690{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53domainfalse10.0.1.15ip-10-0-1-15.eu-central-1.compute.internal61601- 23542300x800000000000000058063Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:32.650{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4CB80DB9DA029C1EE41A9F9339540FBD,SHA256=E91FDF9F69570D2F025770C44494E0EAE7E97EAC04AB8DC124E55F8CE431AC20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031630Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:32.586{CE7C8936-1A7D-61E9-2200-000000002202}1212NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0b4c8a78fb3fad9c4\channels\health\respondent-20220120081703-136MD5=48D9DB22D5DA72E1508DB4774F89CD54,SHA256=47231F73915EFCF046725A41CCC183BD3625BDF28EF9197BB172C87CF7B7A72C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031629Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:29.940{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51374-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000031628Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:29.138{CE7C8936-1A7D-61E9-1600-000000002202}1216C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudpfalsefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal61601-false10.0.1.14-53domain 354300x800000000000000031627Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:29.138{CE7C8936-1A7D-61E9-1600-000000002202}1216C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetruea00:10f:c93:ffff:28c1:2307:1a8:ffff-60559-truee000:fc:0:0:0:0:0:0-5355llmnr 354300x800000000000000031626Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:29.138{CE7C8936-1A7D-61E9-1600-000000002202}1216C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetruefe80:0:0:0:48df:ff2f:8220:4d8awin-host-tcontreras-attack-range-276.eu-central-1.compute.internal60559-trueff02:0:0:0:0:0:1:3-5355llmnr 354300x800000000000000031625Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:29.136{CE7C8936-1A7D-61E9-1600-000000002202}1216C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetruea00:10f:c93:ffff:28c1:2307:1a8:ffff-61601-truea00:10e:0:0:0:0:0:0-53domain 23542300x800000000000000031624Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:32.317{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52A14B146599EACE67188B71625BAA9C,SHA256=5CC1F0B51203C803404373F1DB2844F24789E8B489F3132C2D6916BC2F9A0CB1,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058062Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:30.545{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52431-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000058064Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:33.665{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FBB2940C263CA03E08D4A3E464B15BA0,SHA256=B3F1D1A42FDCB67BB24DE14429DF5009AC2F9F2C90811DBF7B78C536B3464931,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031632Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:33.586{CE7C8936-1A7D-61E9-2200-000000002202}1212NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0b4c8a78fb3fad9c4\channels\health\surveyor-20220120081701-137MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031631Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:33.319{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D6BDB387D68BCDF0C1624AC42F7CE84,SHA256=55A88817135C406E62665AB556A06CE4B3F135D7D94E6041B4B12349080B6F9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058065Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:34.681{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A141F370264E1BA78791858F5E11A0D3,SHA256=3DFD661D68F73556CD9DE4CC223717998075456DE40CE5BEF6324EBAED7F4464,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031633Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:34.320{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2743CFEF8C58728C803D2B1DEF88E59B,SHA256=1C40BD8033C15E11C29BF8BEF0CD35213AB44B2FF9C058AA130D9ABF701833FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058066Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:35.704{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=379EE61A6BE9E769EE81FE0A1BE8D712,SHA256=84C0359BF7E33C847613B9F7AA503CF02DA0C8BA6F873CFEB0A828A4A16017EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031634Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:35.351{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10D56F140C53B5E369CDB5A6F6FA7B91,SHA256=D45809AE3C858B6BC3FD2F6677A0A3A1B79E690E1EF128F44974FC8FBD73ACC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058081Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.727{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=743AE026BEB3D3C931D070E7EBEB29DC,SHA256=52FFA54AF5D4E332277858ADE35A733E0E0F590901D27DBE27322A22EF8C311F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031635Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:36.382{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6CF65BD091E180830380400B5795B1F0,SHA256=441FB4D9722A7F780E93CC33AAB536016C46233E9A22C1CDF48E2921D041C156,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058080Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.588{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3AA2-61E9-5509-000000002102}3436C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6163f|C:\Windows\System32\SHELL32.dll+62725|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058079Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.588{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3AA2-61E9-5509-000000002102}3436C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6263e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058078Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.588{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3AA2-61E9-5509-000000002102}3436C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62607|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058077Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.557{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3AA2-61E9-5609-000000002102}92C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6163f|C:\Windows\System32\SHELL32.dll+62db0|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058076Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.557{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3AA2-61E9-5609-000000002102}92C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+62d6c|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058075Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.557{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3AA2-61E9-5609-000000002102}92C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62d40|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058074Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.557{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3AA2-61E9-5609-000000002102}92C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d549|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058073Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.457{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6163f|C:\Windows\System32\SHELL32.dll+62725|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058072Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.457{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6263e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058071Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.457{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62607|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058070Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.426{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6163f|C:\Windows\System32\SHELL32.dll+62db0|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058069Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.426{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+62d6c|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058068Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.426{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62d40|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058067Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.426{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d549|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058083Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:37.742{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2102E8732EA3367CC3954281CFEE9B87,SHA256=BD3DCFBD8386C69396029C1EB6064124CAADC279D7596B3FEAE54585D2F26E57,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031637Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:35.849{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51375-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031636Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:37.398{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A36CABEBDDF701DCE30B4CD73178F3C2,SHA256=F6DDE2B7A2283E156DF18CF6063A19108B5EE83753D6154687CFC18D54E4DF90,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058082Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.483{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52432-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000058114Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.928{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=639479FD1B06497CC937A57439793DFC,SHA256=C544D91D915A0A7FFBFD8656CD727C3A6EAAA6DDC5E4530B08C65DF9FF646D34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031638Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:38.414{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E88EFF90393681A66B2D8AA41E1385C,SHA256=AAE17F2497EB6D96136405CDF1A3F604F524789E63599E4DB37324F421E02CC5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058113Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.294{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058112Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.294{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058111Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.294{6F5BEE90-1B15-61E9-FA00-000000002102}46324588C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+1093d6|C:\Windows\System32\TwinUI.dll+82ba7|C:\Windows\System32\TwinUI.dll+bed5e|C:\Windows\System32\TwinUI.dll+bed29|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058110Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.294{6F5BEE90-1B15-61E9-FA00-000000002102}46324588C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+1093d6|C:\Windows\System32\TwinUI.dll+82ba7|C:\Windows\System32\TwinUI.dll+bed5e|C:\Windows\System32\TwinUI.dll+bed29|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058109Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.262{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\execmodelclient.dll+8e62|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e 10341000x800000000000000058108Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.262{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\execmodelclient.dll+8d5e|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e 10341000x800000000000000058107Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.262{6F5BEE90-1B14-61E9-F000-000000002102}49286284C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058106Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.262{6F5BEE90-1B14-61E9-F000-000000002102}49286284C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e 10341000x800000000000000058105Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.247{6F5BEE90-1B15-61E9-FA00-000000002102}46325360C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba0bc|C:\Windows\System32\TwinUI.dll+ba897|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+37c5f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000058104Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.247{6F5BEE90-1B15-61E9-FA00-000000002102}46325360C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba0bc|C:\Windows\System32\TwinUI.dll+ba897|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+37c5f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000058103Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.205{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6163f|C:\Windows\System32\SHELL32.dll+62725|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058102Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.205{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058101Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.205{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6263e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058100Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62607|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058099Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058098Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-18A9-61E9-0D00-000000002102}8885904C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058097Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-18A9-61E9-0D00-000000002102}8885904C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058096Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-18A9-61E9-0D00-000000002102}8885904C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058095Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-18A9-61E9-0D00-000000002102}8885904C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058094Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-18A9-61E9-0D00-000000002102}8885904C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058093Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-18A9-61E9-0D00-000000002102}8885904C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058092Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a384|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2064e|C:\Windows\SYSTEM32\ntdll.dll+1e864|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058091Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2064e|C:\Windows\SYSTEM32\ntdll.dll+1e864|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058090Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2064e|C:\Windows\SYSTEM32\ntdll.dll+1e864|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058089Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000058088Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000058087Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d549|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058086Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000058085Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-1B15-61E9-FA00-000000002102}46326136C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+1093d6|C:\Windows\System32\TwinUI.dll+82ba7|C:\Windows\System32\TwinUI.dll+bed5e|C:\Windows\System32\TwinUI.dll+bed29|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058084Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-1B15-61E9-FA00-000000002102}46326136C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+1093d6|C:\Windows\System32\TwinUI.dll+82ba7|C:\Windows\System32\TwinUI.dll+bed5e|C:\Windows\System32\TwinUI.dll+bed29|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058115Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:39.933{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=496A76DCBC11746FA4759E377A1D6486,SHA256=35148C248AD022C9CB32575C38DDF860034353AD41CC6EF1EE3EA09AB736D8BA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031653Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.882{CE7C8936-3B73-61E9-0306-000000002202}32841832C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031652Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.742{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3B73-61E9-0306-000000002202}3284C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031651Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.742{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031650Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.742{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031649Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.742{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031648Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.742{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031647Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.742{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031646Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.742{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031645Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.742{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031644Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.742{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031643Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.742{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031642Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.742{CE7C8936-1A7C-61E9-0500-000000002202}388940C:\Windows\system32\csrss.exe{CE7C8936-3B73-61E9-0306-000000002202}3284C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000031641Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.742{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3B73-61E9-0306-000000002202}3284C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000031640Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.743{CE7C8936-3B73-61E9-0306-000000002202}3284C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031639Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.445{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0569408BFDCFC59FE0FBA64A9A4897E7,SHA256=505936728A4710DAE7177027F583A1C87333BB191F150DD692B9046D6B8212E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058116Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:40.952{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1F2267BBB73A7F745E7B3791019D385,SHA256=05BC847F05C26035038D58C17D04D00367ECEEAF441F4E00C064949D35D2691E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031669Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.976{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=446AA6A8927869A207F0721FAADDCD57,SHA256=0DB43471A1EA4C051AA12C41421E6CD507052120B23C3BF45A355F9112D70A2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031668Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.976{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B9A563716E055571CF0E96DDC8076484,SHA256=0E965C11A2A2D731ADD6A237111D364708C144CE29D25EB3335149301ED21B96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031667Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.882{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4397F3822F3F4FA2E647123F548C278E,SHA256=7BE614842D85251443D53099A2FB771BA148B8F5F2D270A49C2D19D2A0797ABF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031666Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.414{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3B74-61E9-0406-000000002202}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031665Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.414{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031664Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.414{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031663Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.414{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031662Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.414{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031661Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.414{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031660Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.414{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031659Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.414{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031658Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.414{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031657Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.414{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031656Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.414{CE7C8936-1A7C-61E9-0500-000000002202}388504C:\Windows\system32\csrss.exe{CE7C8936-3B74-61E9-0406-000000002202}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000031655Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.414{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3B74-61E9-0406-000000002202}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000031654Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.414{CE7C8936-3B74-61E9-0406-000000002202}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031684Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.929{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E5D62731CEC13FC882019D67A4F086A2,SHA256=4F77553C7D23BD117B0D93197A942F08541D13B0F456C0F52AE084EE3F6864FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058126Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:41.968{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF20183163B89D646520780CC32D70E4,SHA256=00E103AE84EE2CA4E6338B886618D8C3BDF933F1619CAE0C8C5D1243C9C75D4D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058125Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:41.961{6F5BEE90-18AA-61E9-1400-000000002102}10926796C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058124Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:41.773{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3B75-61E9-6F09-000000002102}6192C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058123Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:41.772{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058122Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:41.770{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058121Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:41.769{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058120Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:41.768{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058119Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:41.768{6F5BEE90-18A7-61E9-0500-000000002102}392508C:\Windows\system32\csrss.exe{6F5BEE90-3B75-61E9-6F09-000000002102}6192C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058118Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:41.767{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3B75-61E9-6F09-000000002102}6192C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000058117Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:41.765{6F5BEE90-3B75-61E9-6F09-000000002102}6192C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000031683Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.077{CE7C8936-1A7C-61E9-1000-000000002202}920C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse184.105.139.69scan-03.shadowserver.org44358-false10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal3389ms-wbt-server 10341000x800000000000000031682Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.023{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3B75-61E9-0506-000000002202}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031681Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.023{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031680Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.023{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031679Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.023{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031678Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.023{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031677Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.023{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031676Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.023{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031675Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.023{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031674Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.023{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031673Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.023{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031672Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.023{CE7C8936-1A7C-61E9-0500-000000002202}388504C:\Windows\system32\csrss.exe{CE7C8936-3B75-61E9-0506-000000002202}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000031671Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.023{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3B75-61E9-0506-000000002202}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000031670Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.024{CE7C8936-3B75-61E9-0506-000000002202}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000031713Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.867{CE7C8936-3B76-61E9-0706-000000002202}29562216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031712Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.726{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3B76-61E9-0706-000000002202}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031711Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.726{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031710Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.726{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031709Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.726{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031708Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.726{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031707Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.726{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031706Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.726{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031705Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.726{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031704Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.726{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031703Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.726{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031702Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.726{CE7C8936-1A7C-61E9-0500-000000002202}388504C:\Windows\system32\csrss.exe{CE7C8936-3B76-61E9-0706-000000002202}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000031701Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.726{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3B76-61E9-0706-000000002202}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000031700Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.727{CE7C8936-3B76-61E9-0706-000000002202}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000031699Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.226{CE7C8936-3B76-61E9-0606-000000002202}36522380C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031698Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.101{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3B76-61E9-0606-000000002202}3652C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031697Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.101{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031696Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.101{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031695Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.101{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031694Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.101{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031693Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.101{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031692Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.101{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031691Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.101{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031690Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.101{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031689Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.101{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031688Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.101{CE7C8936-1A7C-61E9-0500-000000002202}388504C:\Windows\system32\csrss.exe{CE7C8936-3B76-61E9-0606-000000002202}3652C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000031687Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.101{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3B76-61E9-0606-000000002202}3652C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000031686Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.102{CE7C8936-3B76-61E9-0606-000000002202}3652C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031685Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.070{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=446AA6A8927869A207F0721FAADDCD57,SHA256=0DB43471A1EA4C051AA12C41421E6CD507052120B23C3BF45A355F9112D70A2A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058170Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.950{6F5BEE90-1B14-61E9-F000-000000002102}49286284C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058169Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.950{6F5BEE90-1B14-61E9-F000-000000002102}49286284C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e 10341000x800000000000000058168Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.950{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058167Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.950{6F5BEE90-1B14-61E9-F000-000000002102}49283944C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058166Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.950{6F5BEE90-1B14-61E9-F000-000000002102}49283944C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e 10341000x800000000000000058165Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.950{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e 10341000x800000000000000058164Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.919{6F5BEE90-1B14-61E9-F000-000000002102}49286680C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\windows.storage.dll+b7e5d|C:\Windows\System32\windows.storage.dll+147646|C:\Windows\System32\windows.storage.dll+148fa8|C:\Windows\system32\windows.cortana.onecore.dll+1602f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+8ab6b|C:\Windows\System32\combase.dll+8c0b2|C:\Windows\System32\combase.dll+39b43|C:\Windows\System32\combase.dll+8c1cd|C:\Windows\System32\combase.dll+37e8f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000058163Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.919{6F5BEE90-1B14-61E9-F000-000000002102}49286680C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\windows.storage.dll+b7e5d|C:\Windows\System32\windows.storage.dll+ba540|C:\Windows\System32\windows.storage.dll+ebc14|C:\Windows\System32\windows.storage.dll+e930b|C:\Windows\system32\windows.cortana.onecore.dll+1717e|C:\Windows\system32\windows.cortana.onecore.dll+15fb7|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+8ab6b|C:\Windows\System32\combase.dll+8c0b2|C:\Windows\System32\combase.dll+39b43|C:\Windows\System32\combase.dll+8c1cd|C:\Windows\System32\combase.dll+37e8f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa 10341000x800000000000000058162Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.919{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058161Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.919{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e 10341000x800000000000000058160Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.881{6F5BEE90-18AA-61E9-1600-000000002102}13241676C:\Windows\System32\svchost.exe{6F5BEE90-3B76-61E9-7209-000000002102}5796C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058159Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.881{6F5BEE90-18AA-61E9-1600-000000002102}13241364C:\Windows\System32\svchost.exe{6F5BEE90-3B76-61E9-7209-000000002102}5796C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058158Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.881{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-3B76-61E9-7209-000000002102}5796C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058157Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.866{6F5BEE90-1B0F-61E9-E500-000000002102}41763520C:\Windows\system32\csrss.exe{6F5BEE90-3B76-61E9-7209-000000002102}5796C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058156Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.866{6F5BEE90-18A7-61E9-0500-000000002102}392508C:\Windows\system32\csrss.exe{6F5BEE90-3B76-61E9-7209-000000002102}5796C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058155Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.866{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-3B76-61E9-7209-000000002102}5796C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+366d9|c:\windows\system32\rpcss.dll+3bec2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058154Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.850{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CB1D00F57F3BD1198782B32737CF1862,SHA256=1BC5ED67BD260AE2038955D678C795B700E2101C2ABF7BDF42380C8356F5CF82,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058153Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.850{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F44B77878DA543656D1BDD4D20FFF6A0,SHA256=2FCE086B0FB59DE8EFFA9EEA06D9D1DEC86E43E0CD62D54A2DD263B9EE28AB2F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058152Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.765{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+26297|C:\Windows\system32\windows.cortana.Desktop.dll+214fb|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058151Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.765{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+21491|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058150Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.713{6F5BEE90-18AA-61E9-1600-000000002102}13241676C:\Windows\System32\svchost.exe{6F5BEE90-3B76-61E9-7109-000000002102}7164C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058149Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.713{6F5BEE90-18AA-61E9-1600-000000002102}13241364C:\Windows\System32\svchost.exe{6F5BEE90-3B76-61E9-7109-000000002102}7164C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058148Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.680{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-3B76-61E9-7109-000000002102}7164C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058147Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.657{6F5BEE90-3B76-61E9-7009-000000002102}58842412C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058146Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.617{6F5BEE90-1B0F-61E9-E500-000000002102}41762952C:\Windows\system32\csrss.exe{6F5BEE90-3B76-61E9-7109-000000002102}7164C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 23542300x800000000000000058145Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.617{6F5BEE90-1B26-61E9-1201-000000002102}5320ATTACKRANGE\AdministratorC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\DDGKRVIA\microsoft.windows[1].xmlMD5=C644BFED912A6E3D27771F37454B7928,SHA256=2ED7DB97E6B3F178709A56FBB6436D86DA55639911CFB4B28E5224A472EBDE04,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058144Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.617{6F5BEE90-18A7-61E9-0500-000000002102}392508C:\Windows\system32\csrss.exe{6F5BEE90-3B76-61E9-7109-000000002102}7164C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058143Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.617{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-3B76-61E9-7109-000000002102}7164C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+37396|c:\windows\system32\rpcss.dll+3df7d|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058142Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.617{6F5BEE90-1B26-61E9-1201-000000002102}5320ATTACKRANGE\AdministratorC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\DDGKRVIA\microsoft.windows[1].xmlMD5=C1DDEA3EF6BBEF3E7060A1A9AD89E4C5,SHA256=B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058141Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.617{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058140Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.617{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e 354300x800000000000000058139Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:41.494{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52433-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000058138Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.332{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3B76-61E9-7009-000000002102}5884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058137Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.316{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058136Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.316{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058135Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.316{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058134Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.316{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058133Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.316{6F5BEE90-18A7-61E9-0500-000000002102}392368C:\Windows\system32\csrss.exe{6F5BEE90-3B76-61E9-7009-000000002102}5884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058132Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.316{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3B76-61E9-7009-000000002102}5884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000058131Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.311{6F5BEE90-3B76-61E9-7009-000000002102}5884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000058130Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.310{6F5BEE90-1B26-61E9-1201-000000002102}5320ATTACKRANGE\AdministratorC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\DDGKRVIA\microsoft.windows[1].xmlMD5=C1DDEA3EF6BBEF3E7060A1A9AD89E4C5,SHA256=B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058129Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.277{6F5BEE90-1B26-61E9-1201-000000002102}5320ATTACKRANGE\AdministratorC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\DDGKRVIA\microsoft.windows[1].xmlMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058128Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.246{6F5BEE90-1B15-61E9-FA00-000000002102}46325324C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+55a20|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9824|UNKNOWN(FFFFF803E7C6BFF8)|UNKNOWN(FFFFFF171F0A5B48)|UNKNOWN(FFFFFF171F0A5CC7)|UNKNOWN(FFFFFF171F0A0351)|UNKNOWN(FFFFFF171F0A1D1A)|UNKNOWN(FFFFFF171F09FFD6)|UNKNOWN(FFFFF803E7983503)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5928b|C:\Windows\System32\SHELL32.dll+dac4a|C:\Windows\System32\SHCORE.dll+33fad 10341000x800000000000000058127Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.246{6F5BEE90-1B15-61E9-FA00-000000002102}46325324C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+55501|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9824|UNKNOWN(FFFFF803E7C6BFF8)|UNKNOWN(FFFFFF171F0A5B48)|UNKNOWN(FFFFFF171F0A5CC7)|UNKNOWN(FFFFFF171F0A0351)|UNKNOWN(FFFFFF171F0A1D1A)|UNKNOWN(FFFFFF171F09FFD6)|UNKNOWN(FFFFF803E7983503)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5928b|C:\Windows\System32\SHELL32.dll+dac4a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031743Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.976{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3B77-61E9-0906-000000002202}2620C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031742Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.976{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031741Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.976{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031740Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.976{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031739Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.976{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031738Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.976{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031737Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.976{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031736Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.976{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031735Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.976{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031734Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.976{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031733Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.976{CE7C8936-1A7C-61E9-0500-000000002202}388404C:\Windows\system32\csrss.exe{CE7C8936-3B77-61E9-0906-000000002202}2620C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000031732Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.976{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3B77-61E9-0906-000000002202}2620C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000031731Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.977{CE7C8936-3B77-61E9-0906-000000002202}2620C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000031730Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.865{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51376-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000031729Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.445{CE7C8936-3B77-61E9-0806-000000002202}39923392C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031728Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3B77-61E9-0806-000000002202}3992C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031727Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031726Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031725Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031724Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031723Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031722Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031721Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031720Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031719Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031718Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1A7C-61E9-0500-000000002202}388940C:\Windows\system32\csrss.exe{CE7C8936-3B77-61E9-0806-000000002202}3992C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000031717Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3B77-61E9-0806-000000002202}3992C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000031716Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.307{CE7C8936-3B77-61E9-0806-000000002202}3992C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031715Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A20004AABCEAE139AB153ED653EFE394,SHA256=1849138721D1C1F1F4CBFE3B549D0A42F3F45F5378A443B6C15267258FDD09AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031714Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A30617711A56047B6E40E5FC8B076EB2,SHA256=629DBD1D378AFD0EF63FE548F697372ED7D11537D99C5C3AB377C54F82A5337B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058177Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:43.897{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CB1D00F57F3BD1198782B32737CF1862,SHA256=1BC5ED67BD260AE2038955D678C795B700E2101C2ABF7BDF42380C8356F5CF82,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058176Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:43.797{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000058175Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:43.797{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000058174Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:43.797{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000058173Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:43.797{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 23542300x800000000000000058172Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:43.019{6F5BEE90-1B26-61E9-1201-000000002102}5320ATTACKRANGE\AdministratorC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\DDGKRVIA\microsoft.windows[1].xmlMD5=C644BFED912A6E3D27771F37454B7928,SHA256=2ED7DB97E6B3F178709A56FBB6436D86DA55639911CFB4B28E5224A472EBDE04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058171Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.997{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=42BFDA8A0B38429798D485E9C39CFC91,SHA256=445D63275CDC82754A5A2C54950ECC19B49C67F82B4178F620FF1AA18C9212F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031745Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:44.586{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32B4F28FB42CDFD67A4F31CCF4335F07,SHA256=77FC39C4F3D6F62ADAFAF50CF70A7AEC61968940B6DCBEDFFD4876170CA3DF63,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058180Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:43.529{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local52434-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local389ldap 354300x800000000000000058179Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:43.529{6F5BEE90-18B8-61E9-2700-000000002102}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local52434-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local389ldap 23542300x800000000000000058178Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:44.034{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25246ABD9D90F9520FE8048F28E595DF,SHA256=FD8BCCB10D30F30A749BA98E44626E06CF4F8AE6BB104A31764B975BA9B9DDBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031744Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:44.351{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C5BE7F189BC0E476234203E2B4A156D9,SHA256=F7266FCFF6DE80E3CF8E307121924BDA9D07AD21AFC0C93199C8FEEC81C10B69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031746Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:45.648{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CFF9BAB19A9A871C6872133E5BCC2B31,SHA256=ABAA602D6185A61BC30B8B3FD8DD1DF96B717A947AC6A6C3110205665AC5CFBE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058215Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.936{6F5BEE90-1B14-61E9-F400-000000002102}36683156C:\Windows\System32\taskhostw.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058214Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.916{6F5BEE90-1B14-61E9-F400-000000002102}36683156C:\Windows\System32\taskhostw.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058213Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.821{6F5BEE90-1B15-61E9-FA00-000000002102}46325360C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba0bc|C:\Windows\System32\TwinUI.dll+ba897|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+37c5f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000058212Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.821{6F5BEE90-1B15-61E9-FA00-000000002102}46325360C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba0bc|C:\Windows\System32\TwinUI.dll+ba897|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+37c5f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000058211Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.767{6F5BEE90-1B15-61E9-FA00-000000002102}4632360C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+1093d6|C:\Windows\System32\TwinUI.dll+82ba7|C:\Windows\System32\TwinUI.dll+bed5e|C:\Windows\System32\TwinUI.dll+bed29|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058210Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.767{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058209Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.767{6F5BEE90-1B15-61E9-FA00-000000002102}4632360C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+1093d6|C:\Windows\System32\TwinUI.dll+82ba7|C:\Windows\System32\TwinUI.dll+bed5e|C:\Windows\System32\TwinUI.dll+bed29|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058208Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.767{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058207Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.720{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+2fc27|C:\Windows\system32\windows.cortana.Desktop.dll+2fb6b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058206Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.718{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+2fb01|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058205Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.698{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+2fc27|C:\Windows\system32\windows.cortana.Desktop.dll+2fb6b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058204Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.698{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+2fb01|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058203Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.698{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+2fc27|C:\Windows\system32\windows.cortana.Desktop.dll+2fb6b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058202Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.698{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+2fb01|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058201Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.698{6F5BEE90-1B14-61E9-F000-000000002102}49286680C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\windows.storage.dll+b7e5d|C:\Windows\System32\windows.storage.dll+ba540|C:\Windows\System32\windows.storage.dll+ebc14|C:\Windows\System32\windows.storage.dll+e930b|C:\Windows\system32\windows.cortana.onecore.dll+1717e|C:\Windows\system32\windows.cortana.onecore.dll+15f51|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+37c5f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\windows.cortana.onecore.dll+12bc0 10341000x800000000000000058200Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.698{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058199Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.698{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e 10341000x800000000000000058198Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.520{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+2fc27|C:\Windows\system32\windows.cortana.Desktop.dll+2fb6b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058197Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.520{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+2fb01|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058196Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.520{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+2fc27|C:\Windows\system32\windows.cortana.Desktop.dll+2fb6b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058195Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.520{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+2fb01|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058194Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.520{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+2fc27|C:\Windows\system32\windows.cortana.Desktop.dll+2fb6b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058193Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.520{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+2fb01|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058192Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.520{6F5BEE90-1B14-61E9-F000-000000002102}49286680C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\windows.storage.dll+b7e5d|C:\Windows\System32\windows.storage.dll+ba540|C:\Windows\System32\windows.storage.dll+ebc14|C:\Windows\System32\windows.storage.dll+e930b|C:\Windows\system32\windows.cortana.onecore.dll+1717e|C:\Windows\system32\windows.cortana.onecore.dll+15f51|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+37c5f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\windows.cortana.onecore.dll+12bc0 10341000x800000000000000058191Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.518{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058190Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.518{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e 10341000x800000000000000058189Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.250{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3B79-61E9-7309-000000002102}6660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058188Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.250{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058187Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.250{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058186Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.250{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058185Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.250{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058184Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.250{6F5BEE90-18A7-61E9-0500-000000002102}392408C:\Windows\system32\csrss.exe{6F5BEE90-3B79-61E9-7309-000000002102}6660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058183Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.250{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3B79-61E9-7309-000000002102}6660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000058182Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.251{6F5BEE90-3B79-61E9-7309-000000002102}6660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000058181Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.034{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2C34A6D2EC2145074AF0B8DAC39687D,SHA256=C0B79F97F372C8AB03B71E67F3EC314385574DB179D5099B67073496C4E155A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031747Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:46.664{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8241703A66162EF693B805CACFC8FE93,SHA256=07FAA9834C10768870424BF0E537D673F759A8184ECC5A7FB22F0DF0DE7EE196,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058227Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:46.353{6F5BEE90-3B7A-61E9-7409-000000002102}1132760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058226Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:46.299{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=16D86927F9D05D88F4CAC81CE249530A,SHA256=436E4C604729A51D3856BDFE5958702ACD9F1091FCE4ABCC0C58A95E5BA5CDD7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058225Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:46.121{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45D982E85B872F383ADC5BC9EF2024CE,SHA256=266BD803BF65137D896BB58B54E7A5A7477094514FF7E039A6C9DA2389F3E953,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058224Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:46.121{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3B7A-61E9-7409-000000002102}1132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058223Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:46.121{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1CC3B74CB1E21C08B26441E63EA73D9,SHA256=6F83DA4C8DBEE19225228584C7545526B218BB4ABF1290A3905C58C37F24CF46,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058222Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:46.119{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058221Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:46.119{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058220Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:46.118{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058219Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:46.118{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058218Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:46.118{6F5BEE90-18A7-61E9-0500-000000002102}392508C:\Windows\system32\csrss.exe{6F5BEE90-3B7A-61E9-7409-000000002102}1132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058217Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:46.118{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3B7A-61E9-7409-000000002102}1132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000058216Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:46.116{6F5BEE90-3B7A-61E9-7409-000000002102}1132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031748Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:47.767{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B6A3B62024D613DADA03695F50F0F7D4,SHA256=5BB3944B6315287027EB9CA2FD55F4E2FD792E79BFF4286357E69441A5E8C728,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058237Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:47.637{6F5BEE90-3B7B-61E9-7509-000000002102}58081924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058236Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:47.420{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3B7B-61E9-7509-000000002102}5808C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058235Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:47.418{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058234Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:47.418{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058233Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:47.418{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058232Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:47.417{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058231Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:47.417{6F5BEE90-18A7-61E9-0500-000000002102}392408C:\Windows\system32\csrss.exe{6F5BEE90-3B7B-61E9-7509-000000002102}5808C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058230Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:47.417{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3B7B-61E9-7509-000000002102}5808C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000058229Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:47.416{6F5BEE90-3B7B-61E9-7509-000000002102}5808C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000058228Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:47.137{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=63609D8B15775593AC06523597A4DC6C,SHA256=059C0A345D345F44DCC7C625F1AA576C71A1CBDC7B29BA2FD6ACF0AD7BEFB5D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031749Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:48.783{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18FB50F3C2A7A7AE8AEA2D9EA1E0062B,SHA256=B13F0892A38A5BB0B771E03D84817FC1DC0AB7B3B444498ADBE2656831B7EE18,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058249Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:47.348{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52435-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000058248Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:48.421{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3DDC645ADE5CBB141B99343CAAE08309,SHA256=63433A572C78B606681EAB1DB4D077D55C7E44265020AF07E6327ADD2829D737,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058247Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:48.323{6F5BEE90-3B7C-61E9-7609-000000002102}53481172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058246Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:48.168{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E9325325501EF466F899D073659BDB7,SHA256=AA4242F9D2CC48B70CC78D3DA380FC15B2D2DF073DC7CA7E5C503B4324C54249,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058245Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:48.084{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3B7C-61E9-7609-000000002102}5348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058244Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:48.084{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058243Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:48.084{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058242Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:48.084{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058241Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:48.084{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058240Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:48.084{6F5BEE90-18A7-61E9-0500-000000002102}392508C:\Windows\system32\csrss.exe{6F5BEE90-3B7C-61E9-7609-000000002102}5348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058239Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:48.084{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3B7C-61E9-7609-000000002102}5348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000058238Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:48.085{6F5BEE90-3B7C-61E9-7609-000000002102}5348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031751Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:49.861{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=96CB556CA84A45AA0C41A784D10C87A1,SHA256=B66E5CB08D3EFD38D31449C2B30AA96EEA99CA739AAF291EB5D5F8DF7C9E521C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058258Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:49.227{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3B7D-61E9-7709-000000002102}6480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058257Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:49.225{6F5BEE90-18A7-61E9-0500-000000002102}392508C:\Windows\system32\csrss.exe{6F5BEE90-3B7D-61E9-7709-000000002102}6480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058256Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:49.224{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058255Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:49.224{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058254Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:49.224{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058253Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:49.224{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058252Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:49.223{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3B7D-61E9-7709-000000002102}6480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000058251Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:49.222{6F5BEE90-3B7D-61E9-7709-000000002102}6480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000058250Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:49.190{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=28735A3D6D2B6173EC152C52E37C4D98,SHA256=CF3301B5E885ADFDF2D2722C4F29623446D2C9225C83CF53EEF730D5E53FF0CD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031750Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:46.833{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51377-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000058260Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:50.228{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=262940F7C19D9E03CF6F6731FFB90677,SHA256=90B6C17F38666E85B1E2E387D8796D961D33657D6B8522E7C22BC6DC959C8615,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058259Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:50.197{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FED6D9A1FFEE9AEBFDBB672524D3D7E7,SHA256=11F192564190F3A802C8CA30BD1B7205F4FB4D85C67A5D65D9F427F4D82B3A10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058270Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:51.212{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=153B99662495C47781ACA264A6A02270,SHA256=25103231BA30AC2024E617D5597CDCFE1FAEBF2E10C6D3DBCB4F83640CF45B27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031752Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:51.095{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58DECA45A7C214C4A081F501B26B0D9F,SHA256=3E732C6A9B40ED903F69BFE14D6605B7EC37E2BD692A7871BFBE20FD9E02606F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058269Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:51.096{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000058268Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:51.096{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000058267Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:51.096{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000058266Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:51.096{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000058265Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:51.096{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000058264Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:51.096{6F5BEE90-1B14-61E9-F100-000000002102}2632324C:\Windows\System32\sihost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+37dac|C:\Windows\System32\modernexecserver.dll+37d4f|C:\Windows\System32\modernexecserver.dll+375a6|C:\Windows\System32\modernexecserver.dll+1a1c4|C:\Windows\System32\modernexecserver.dll+3191d|C:\Windows\System32\modernexecserver.dll+32871|C:\Windows\System32\modernexecserver.dll+3278f|C:\Windows\SYSTEM32\ntdll.dll+2064e|C:\Windows\SYSTEM32\ntdll.dll+1e864|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058263Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:51.048{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000058262Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:51.048{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000058261Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:51.048{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 23542300x800000000000000031753Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:52.205{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9BFBD8E68310E249D6D911164694F4AF,SHA256=E54B4C1C708EAE5750CD5DAA21C8B39E3626F6C28E20E7D52DD1128CC5FEC6FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058271Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:52.213{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB5926A96763E83051E322B174DF9CC5,SHA256=4EEA8607962AF58775C396449A97FFC121DCE656379AAB2449A881EC8750D77A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031754Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:53.236{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB058A2EC1C422C4F608FB100A666966,SHA256=19A5721E23ECF99E5B3AE462F7D227304F9BCAD955B5E65A0F2E64126EE29E68,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058273Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:52.393{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52436-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000058272Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:53.229{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1E36A0046808E7EB4008E24C17D02FD,SHA256=4B3D53A97A2ED534876833F8BE5F5B8A21FD6B4B3431AFB50571418936956036,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031756Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:51.859{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51378-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031755Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:54.252{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9AD3F36B5A235A7CCFB4FDEC5D83C7DB,SHA256=02205A1C0244F974F934A8C199E735FF61F6600FA31B399F12C5620BACA2274E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058274Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:54.232{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9ED824B4DA1D9EFB6EE9833942617D5E,SHA256=18310594E81C8AAAE57FEFC477D7E91F26F4BF8F84D0CFC2A2ABC508AAF97A39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031757Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:55.299{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BFFCEE958D095B10C61522EFDDE9505E,SHA256=164697AAE5E51E07EA4F8C0E9C81CF987125F26E82A1E49CC2FFE8C67D9FDE8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058275Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:55.233{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AAEFBB6A506957FF01C27DFA71F7F06,SHA256=3F9E235AAEB43C2A7E79BA5963CD638243F5FE139BDC1208D3302E3DA7A3BDAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031758Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:56.314{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A3D67900B01215BC1CA13AF610749E5,SHA256=612E90981DFAACBCED0F58EAA2FC19087D09F52304EE061AC03D52FE55B6C2E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058276Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:56.234{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7ED785EE54C943FAA12615398575A988,SHA256=B5AA03B13F06B31CE258C6F69410DF3360908B76BE0D03623CCA759BD1312ACE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058277Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:57.254{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC13337A4F330A6A15E2F20C03E6888C,SHA256=C05637D5E289324A3797B118C09BCFEF6DE8A3FC4970B64AA6BC5403C569834E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031759Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:57.330{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17D637BA2C8BDF26FE0ED6D2176AC33D,SHA256=EB8AF9C55E0CB4DE8C266330AC8F7D53FDF19198205FCE5EF2FDBF26C05FA54F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031761Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:56.968{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51379-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031760Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:58.345{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73410725D746322D5DF487D6D71E5B4D,SHA256=C4F5B139833074D5BED54C40DDC02A2D0FF4E59BE25B3B04C31180C43DF81FE3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058283Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:57.413{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52437-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000058282Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:58.455{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058281Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:58.455{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058280Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:58.455{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058279Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:58.455{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058278Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:58.271{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E3F4C27A073338DA1093D7D1BA3C6777,SHA256=3D2962C71CF38971D4F4E73A3339C1610D09F606AF6F3D0304FF71E598B14A62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031762Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:59.361{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D488FF3D04687547FE116C66C67D7C49,SHA256=D5B3F8D1795E6E7DA3A0BDA313B76FE2020286FCFF89A40A25AA4A439F4E4731,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058308Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.918{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6163f|C:\Windows\System32\SHELL32.dll+62725|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058307Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.918{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6263e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058306Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.918{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62607|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058305Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.872{6F5BEE90-1B14-61E9-F400-000000002102}36683156C:\Windows\System32\taskhostw.exe{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058304Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.872{6F5BEE90-1B14-61E9-F400-000000002102}36683156C:\Windows\System32\taskhostw.exe{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058303Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.833{6F5BEE90-1B15-61E9-FA00-000000002102}46321004C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6163f|C:\Windows\System32\SHELL32.dll+62725|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058302Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.833{6F5BEE90-1B15-61E9-FA00-000000002102}46321004C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6263e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058301Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.833{6F5BEE90-1B15-61E9-FA00-000000002102}46321004C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62607|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058300Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.833{6F5BEE90-1B15-61E9-FA00-000000002102}46321004C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058299Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.833{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6163f|C:\Windows\System32\SHELL32.dll+62db0|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058298Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.817{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+62d6c|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058297Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.817{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62d40|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058296Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.817{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d549|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058295Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.817{6F5BEE90-18AA-61E9-1600-000000002102}13241676C:\Windows\System32\svchost.exe{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058294Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.802{6F5BEE90-18AA-61E9-1600-000000002102}13241364C:\Windows\System32\svchost.exe{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058293Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.786{6F5BEE90-3B87-61E9-7909-000000002102}50844268C:\Windows\system32\conhost.exe{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058292Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.772{6F5BEE90-1B0F-61E9-E500-000000002102}41763520C:\Windows\system32\csrss.exe{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058291Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.755{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058290Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.755{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058289Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.755{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058288Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.755{6F5BEE90-1B0F-61E9-E500-000000002102}41764072C:\Windows\system32\csrss.exe{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058287Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.755{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058286Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.755{6F5BEE90-1B15-61E9-FA00-000000002102}46325912C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+a912f|C:\Windows\System32\windows.storage.dll+a8da5|C:\Windows\System32\windows.storage.dll+a8896|C:\Windows\System32\windows.storage.dll+a9d08|C:\Windows\System32\windows.storage.dll+a86be|C:\Windows\System32\windows.storage.dll+ab4d5|C:\Windows\System32\windows.storage.dll+ab854|C:\Windows\System32\windows.storage.dll+aae90|C:\Windows\System32\windows.storage.dll+ad6ba|C:\Windows\System32\windows.storage.dll+ad472|C:\Windows\System32\SHELL32.dll+3f8bd|C:\Windows\System32\SHELL32.dll+3e456|C:\Windows\System32\SHELL32.dll+801e1|C:\Windows\System32\SHELL32.dll+6717e|C:\Windows\System32\SHELL32.dll+17c29c|C:\Windows\System32\SHELL32.dll+19ea38|C:\Windows\System32\SHELL32.dll+284513|C:\Windows\system32\explorerframe.dll+13cf7b|C:\Windows\system32\explorerframe.dll+139d07|C:\Windows\System32\SHELL32.dll+17c540 154100x800000000000000058285Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.750{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ATTACKRANGE\Administrator{6F5BEE90-1B13-61E9-8513-0D0000000000}0xd13852HighMD5=65D86C34814C02569E2AD53FD24E7F61,SHA256=8133502266008B77DE7921451E1210B0EF3F0ED2DB7D8D3EE0C3350D856FA6FA,IMPHASH=5E0145CEF36FA9BFBA7DE33AA683B8ED{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 23542300x800000000000000058284Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.286{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33AA803988DEFA5DBD7F04B5A9B664D3,SHA256=30408A4B8C8A70623839BBE33479008C823C0DAF3CA626A277EF99276AF29BD8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031763Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:00.377{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=254B61584906279021B1CAD4D2510403,SHA256=BA35A71393D43A4F3D3BCB3D424544B709373B0983AACA0AEEC4FDA505FB50F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058321Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:00.767{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B350D179A29FBC915862682C26D961F5,SHA256=334F0B303C9C8083858FB40D7E5DD9B871F525F8930A61A213EB1B42DE5D7FFA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058320Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:00.766{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C844E9D12945568AA7E3CB5D304AC243,SHA256=5E532342B0000F138FD5490CE4861EAA4408A6B87F4F8EC63E1B574B28708989,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058319Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:00.747{6F5BEE90-18A7-61E9-0B00-000000002102}608660C:\Windows\system32\lsass.exe{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058318Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:00.514{6F5BEE90-3B87-61E9-7809-000000002102}46961916C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b21c(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\windows.storage.dll+c4f96(wow64)|C:\Windows\System32\windows.storage.dll+c4ebd(wow64)|C:\Windows\System32\windows.storage.dll+c613d(wow64)|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+c2f8|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+acc5|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+95cf|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000058317Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:00.514{6F5BEE90-3B87-61E9-7809-000000002102}46961916C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b14f(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\windows.storage.dll+c4f96(wow64)|C:\Windows\System32\windows.storage.dll+c4ebd(wow64)|C:\Windows\System32\windows.storage.dll+c613d(wow64)|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+c2f8|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+acc5|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+95cf|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000058316Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:00.514{6F5BEE90-3B87-61E9-7809-000000002102}46961916C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b13a(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\windows.storage.dll+c4f96(wow64)|C:\Windows\System32\windows.storage.dll+c4ebd(wow64)|C:\Windows\System32\windows.storage.dll+c613d(wow64)|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+c2f8 10341000x800000000000000058315Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:00.514{6F5BEE90-3B87-61E9-7809-000000002102}46961916C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b13a(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\windows.storage.dll+c4f96(wow64)|C:\Windows\System32\windows.storage.dll+c4ebd(wow64)|C:\Windows\System32\windows.storage.dll+c613d(wow64)|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+c2f8|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+acc5 10341000x800000000000000058314Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:00.514{6F5BEE90-3B87-61E9-7809-000000002102}46961916C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+2995e(wow64)|C:\Windows\System32\shcore.dll+29cab(wow64)|C:\Windows\System32\windows.storage.dll+1e3eba(wow64)|C:\Windows\System32\windows.storage.dll+10ad68(wow64)|C:\Windows\System32\windows.storage.dll+c4f96(wow64)|C:\Windows\System32\windows.storage.dll+c4ebd(wow64)|C:\Windows\System32\windows.storage.dll+c613d(wow64)|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+c2f8|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+acc5|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+95cf|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000058313Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:00.514{6F5BEE90-3B87-61E9-7809-000000002102}46961916C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+1e3eac(wow64)|C:\Windows\System32\windows.storage.dll+10ad68(wow64)|C:\Windows\System32\windows.storage.dll+c4f96(wow64)|C:\Windows\System32\windows.storage.dll+c4ebd(wow64)|C:\Windows\System32\windows.storage.dll+c613d(wow64)|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+c2f8|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+acc5 10341000x800000000000000058312Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:00.514{6F5BEE90-3B87-61E9-7809-000000002102}46961916C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+1e3eac(wow64)|C:\Windows\System32\windows.storage.dll+10ad68(wow64)|C:\Windows\System32\windows.storage.dll+c4f96(wow64)|C:\Windows\System32\windows.storage.dll+c4ebd(wow64)|C:\Windows\System32\windows.storage.dll+c613d(wow64)|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+c2f8|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+acc5|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+95cf 23542300x800000000000000058311Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:00.337{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D70A97F1F65498746F548BD25B666C50,SHA256=CD4C1D8C253ED6CDAEF2D1B3F24931A446E1609258B5E8615E7AAC8C07B5C02E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058310Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:00.018{6F5BEE90-18AA-61E9-1600-000000002102}13241676C:\Windows\System32\svchost.exe{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058309Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:00.018{6F5BEE90-18AA-61E9-1600-000000002102}13241364C:\Windows\System32\svchost.exe{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000031764Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:01.408{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CB852FDF70E0EB813C98A25883A84A2,SHA256=C4673592D041C4D13391CA59815AF6AC4FC1D9535F852B00892F34FE95FE2548,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058325Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:01.732{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_vwszlxrp.c22.ps12022-01-20 10:38:01.730 10341000x800000000000000058324Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:01.668{6F5BEE90-18A7-61E9-0B00-000000002102}608660C:\Windows\system32\lsass.exe{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058323Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:01.662{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058322Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:01.364{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98CDF437511EE1BEDD645D6A3B48BD53,SHA256=334B10DA80CE0F793FB26DC11A6611054C7A8F1F701FD65FA68C31D8BC1B9AD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058332Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:02.693{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=2415696C288A43700F39D25C7B8FDC9E,SHA256=0E91725FB8B7064F0EFEB90DEE62750D3FCBD11666C5A0AB4AB2CE5C9BA0EC91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058331Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:02.371{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F9DD4970B64C1F3F4DBD0BAF81EA528,SHA256=850E2DD312A118F30DE7FA44AB921C6D6CD168658D910991F2283DC8E236AFC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031766Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:02.439{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40F5589F9DC62B421815B437D3551408,SHA256=FF25BA1838397491652C65AD8F3C50951F7B49A1900EE0AE02EF4D9015F546C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031765Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:02.377{CE7C8936-1A7C-61E9-1200-000000002202}1000NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=72C25F67A7DF7CB7F3D62B177237D91C,SHA256=36AAA1170FD46F512F920D66ECED1C6277477BE1F2BD14967A115FE7DAF69B2A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058330Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:02.324{6F5BEE90-18A7-61E9-0B00-000000002102}608660C:\Windows\system32\lsass.exe{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26327|C:\Windows\system32\lsasrv.dll+2746d|C:\Windows\system32\lsasrv.dll+261a5|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058329Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:02.324{6F5BEE90-18A7-61E9-0B00-000000002102}608660C:\Windows\system32\lsass.exe{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\system32\lsasrv.dll+260ed|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 17141700x800000000000000058328Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-CreatePipe2022-01-20 10:38:02.124{6F5BEE90-3B87-61E9-7809-000000002102}4696\PSHost.132871486797507973.4696.DefaultAppDomain.powershellC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 23542300x800000000000000058327Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:02.100{6F5BEE90-3B87-61E9-7809-000000002102}4696ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_f22igbhb.yrt.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058326Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:02.099{6F5BEE90-3B87-61E9-7809-000000002102}4696ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_vwszlxrp.c22.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031767Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:03.455{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F77EFA7832D406D6130DB87B2D2D2FAF,SHA256=1C9241E54EEAB8436E4BEB3C7C370ACCFAA3EF4897704D01463DD6BA292D013D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058335Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:02.441{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52438-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000058334Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:03.789{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=93F85733EF9B24C9E7DC1DAC2A84F7FA,SHA256=02A67112EDA64A1A9658A4964A976C7433426F3B9AB3D5AA821446F0158D7A42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058333Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:03.408{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A5FAD3E307504FC2428BF00D10B8709,SHA256=3778FE7090F7178FB61135EB6430315C2A56C4BC9F6617E650326693F97B41FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031768Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:04.455{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E27AAAB3E82A0F178427C59A56D44A0C,SHA256=E544F375ABC4893A8D9A5D11E6B3C5003A140FCB7CF07323F61F63E473D7C174,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058336Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:04.409{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8A4B2DE41C1D2F37F94BC7E7CD9301C,SHA256=DD86B0E4C56F959F5EE2CBC212001615AF6387CFAE176E6CEF28D15245166DAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058337Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:05.424{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D4587BA5CD08B23388966071D0D49AF,SHA256=5450AB205C4CFBB9A278D32EE5F8282708C6A4EB390D76A8B6D2CF7965B4BE6A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031770Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:02.906{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51380-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031769Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:05.470{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B870BBF77D456D511AAE0FB58C94C4C,SHA256=4E86C9C93B2AE5A98D858A02A1DDC18159FE79FC10670F33FF9B4AB4CC884133,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058338Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:06.439{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E1D81CEDC4FC3AE9FDF0386D8CD6230,SHA256=79F9D79B75164B617FAAAEE8F8FA9950FE02823824D9CCACEBF4194DD415BDC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031771Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:06.470{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F839444694854D2AB53EC9EDB3160576,SHA256=98D35BB02F54CA374917352200930A331DE5B3694BCB2AFA7A97A6B4E20F46FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058339Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:07.454{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=02E152DD161FC4F651E867721CE1A42D,SHA256=18ACA5E16111C56C18417A9BB373F1DBC4368C71B26F6E7771554968B758A84B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031772Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:07.486{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=376CA0462B49009B0F699E9E40A5288F,SHA256=6D2AE7BAE351CCBB8DC00CD94406FD04E65BD321DCC3F0E45183BB539D36A8D4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058342Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:07.484{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52439-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000058341Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:08.470{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC8C9D1EEF8054DE15B0541750F96BFB,SHA256=A805D75EADC940CDEE4F3C0F7CFB0F2E3A25A060504ABFDDBA148825D6448894,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031773Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:08.501{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FA101C864FCC0C7C6A5E79E83C6666EE,SHA256=AC9F6D45FB8B534794A4662AF04D6339E825F230BB9987EE3CA65556E9129E8F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058340Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:08.191{6F5BEE90-1B14-61E9-F400-000000002102}36683156C:\Windows\System32\taskhostw.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058343Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:09.492{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8112AA2FB2CFA7EF75320BDE24044ECE,SHA256=ABBD8A2E9AD8CE6572FBFE35EBA15795CC8FBBD09658F2BF32DC83D64D58E1E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031774Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:09.516{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77F93B87C06B79B3B47FE771AC8F6787,SHA256=ECC8F6E9B1C78C1305041B2B08CA54C60D2DF3973FCDABA7B15064C07DECED59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058345Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:10.517{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A296ED00B22CFD443C863E3460BB4AB,SHA256=385A388DAA9671196DD2C350D25949592E90DC9ACA5A5782065BD0DF7FC3FFD2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031776Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:08.764{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51381-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031775Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:10.516{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=209378FD58852CBF9485D2FFB83795BC,SHA256=DBA7E3F247DACC9B30819F1AF42F0F978D8D4FC6ACB49DA363EE1980E505B969,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058344Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:10.473{6F5BEE90-1B14-61E9-F400-000000002102}36683156C:\Windows\System32\taskhostw.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058346Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:11.520{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE503B6D2D75DDEF03BE05DEFB8FD8BC,SHA256=336F3F60593BC963B41D60D6696F7CA0C176A7B2B21FFD780BC43600896025CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031777Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:11.532{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78EC1707D775150F8B0DE51204225041,SHA256=20F335A630E7F61D7A3617F1BA4616696BB551BE03A29AE81B717C8A3FA59F9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058348Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:12.723{6F5BEE90-18B8-61E9-2900-000000002102}2920NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0571bb7ceded66ec2\channels\health\respondent-20220120080932-144MD5=44EE2058E1CF53803DE801177DF9FF30,SHA256=D4B695239EFC7A7D204A7F26661A6155EA831FDC6A54CE0076B22CA3E58183AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058347Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:12.535{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0EDF4562C9030ED1E6E1D91391E31AC2,SHA256=2843FC6452902B4F92BFF41CCDD71CA65458967A92E202273D9E252C59F6574D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031778Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:12.548{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7BBEBDEBF21D7FB49E55834C75922CF,SHA256=4D88F975668813CD50080E7DB759750F7B1D8C040D709EEE03478657F87A7880,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058350Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:13.724{6F5BEE90-18B8-61E9-2900-000000002102}2920NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0571bb7ceded66ec2\channels\health\surveyor-20220120080928-145MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058349Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:13.551{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDF21AD67D741858B384DAD385D69ED5,SHA256=FCCFC7C853AC0BCEBB3B8A284FE1A441FF9F7A8CBEB7F5793E8506C1A7A38F75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031779Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:13.563{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=978CEB5BDBF8E0FC84F385BD9ABE9759,SHA256=CC314163E20474D751CB797F39CDA3F4899A386CD2D1A9D712EFEE8F31A53F47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058351Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:14.570{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EBDD94801FF671E9E8EF697952618694,SHA256=77F35CD65386CBE8F5A79B83306D3C737F823F923FE9F963CBC84FC4D24B65E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031780Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:14.563{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DD3F29CC644DE9EBF337A489F855C95,SHA256=3D859D7F84FCD3E749E92E2011900179A40F5AB061B884A353D5664F8EA6F697,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058355Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:15.586{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=264A216FEE8E265F0AC92415C879DBD0,SHA256=79E8C4CA81F4B9EB17A8CAE825C6F0F3C3D6773D20FC90BA546CFA9FEA898823,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031781Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:15.579{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9DA15A1F01B6E67D423A16F2B93FC269,SHA256=13D621DA9BD91E839E5712E5D201D41E9610A6965917BFFAD53CC54C59E35EEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058354Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:15.554{6F5BEE90-3B87-61E9-7809-000000002102}4696ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCacheMD5=60EDE099EB0E0BEB7F11680662F30C5C,SHA256=D1DED6895B7E358BF6A27509168F60ED73909AFE5CAB5CFC0F7A66322D53D214,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058353Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:15.486{6F5BEE90-18AA-61E9-1100-000000002102}480NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=4A2E54D76639C9BDE1BD5BD482EFC18C,SHA256=18E9827D66F3959FC622707D1671F4963A7B621DAB226031BAC7D9E014125C77,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058352Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:13.496{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52440-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031782Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:16.594{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9D4BE53E5CE72F282E99C1EC168AA4E,SHA256=83AF4AF7DB35ECEB0E10295998AC7647304F717398DC76A46DCB53B00BC8D926,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058356Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:16.605{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA64AF2C50C2C4B1F9C8A3D88E47D06E,SHA256=34A7CDE1001DDD46A5DD03BAB5F7EBE1409E498ADF59C1317350FC1162C5DD9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058357Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:17.623{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D51E35975819EB8AE3C10FD7ACB2BF9,SHA256=EEB937ACBE6D4A8562997A9C05FFA775DD64899187C9DA7589EBD8946B555A58,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031785Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:17.610{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2F44230D1603958CD0745D0C194EB43,SHA256=4F2B946241D185F0136E68A34586BBAAB2FFC1F5900F624AD0E5676FCEDA57BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031784Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:17.344{CE7C8936-1B12-61E9-AB00-000000002202}1912NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9E11AA9F3452DB0F16F9E79CCD407159,SHA256=0B6123CF67044127245D77723D015AECD3385919E1F78356EC114EAF4F576866,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031783Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:14.780{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51382-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031786Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:18.610{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=876FE999D18B23878BB6DEC29ED9D717,SHA256=FFDC69A2A1525481201525EE12324B36258895B5E161C7F998F7B122C2E50D94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058359Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:18.624{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=374BF957B0DAC45E1763ACE8A4537D5A,SHA256=C47474F0709AA89028AF1C8E5FDAFE012055606C1009D43AC3A3AC7D921933C9,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000058358Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:38:18.571{6F5BEE90-18AA-61E9-1200-000000002102}352C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d80de9-0xd68faf7b) 23542300x800000000000000031788Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:19.626{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5495E861F90708713AA4127F69928FD8,SHA256=C46A03F565726513EE812AB5E7D2C5D0714689C3E924F1B90DD16D6C3F1C837A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058360Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:19.654{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90C0E6D8CDBD3E78F3EC8FFB80F93644,SHA256=51BB8A853080A0E26857B216AECACBBF5606CCC1021AB7376A9D84F3E76E5DFE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031787Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:17.045{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51383-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000031789Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:20.626{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D5078371DC51323412C5933BD45FA51C,SHA256=80BA94D1766F7206386E09B09023DF15D2EA1F334AAC750EA6CBEBF0C1530C05,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058370Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:19.418{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52441-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000058369Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:20.670{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=733DAF22227D9515E9BA8C1E65D05D2F,SHA256=79A458CEB60672506ACBDCF99C3B8B2D27015496126D71C4167EBE89B6CDBAD1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058368Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:20.638{6F5BEE90-18B8-61E9-2F00-000000002102}3024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9E11AA9F3452DB0F16F9E79CCD407159,SHA256=0B6123CF67044127245D77723D015AECD3385919E1F78356EC114EAF4F576866,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058367Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:20.538{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6163f|C:\Windows\System32\SHELL32.dll+62725|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058366Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:20.538{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6263e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058365Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:20.538{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62607|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058364Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:20.523{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6163f|C:\Windows\System32\SHELL32.dll+62db0|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058363Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:20.523{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+62d6c|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058362Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:20.523{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62d40|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058361Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:20.523{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d549|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058371Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:21.685{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D5D46D3B29478D37398AEC514DC309C3,SHA256=0822A93E56FE7B60CB21B5F4F369A85110FF60E7CF08F9BB94E20A2402E28D52,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031790Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:21.641{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0EBA41F1B2E4E9002B7A16808EFCCB01,SHA256=38AD475481A7F1DFF8627816813896FF86F062FD671603659E7553CA967278EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058373Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:22.706{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40B9CE5595EECA1B2972C7F3DD227006,SHA256=A0F302167B122A083B7D10481AD2CC0512FBDF7431BB04DB28010E14F93993EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031791Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:22.657{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A24686EF4DBDDE3144311CB734C2E5DC,SHA256=1EA5F68091AB053E61CBE28EBA75C5919EFDE63D64CE12894023DF18398CAA65,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058372Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:20.917{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52442-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000031793Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:23.673{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13E1C1738F90789A909AC8C149D7E174,SHA256=806DA450241CDDFEC0185CC5C16C68FFFDFD14BC9E81D270D4BEBCBC359AC3F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058375Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:23.714{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79A446B3DCF5965B8E2497AD58EF9840,SHA256=CD87655F82E64A11656B8FF06DF8CEE8B50F49C69B8EF776773AA854763CE24E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058374Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:23.230{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt2022-01-20 10:38:23.230 354300x800000000000000031792Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:20.795{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51384-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031794Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:24.673{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06496A865426B11FD11F6608C5B4F1AE,SHA256=2826ECED32623C4076F0988D3434E5AFEDBFE6FD9C29A7A46D245FD140743CB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058377Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:24.729{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73327D8D6496CA63B713D3DC41C6A6B0,SHA256=36182DE46286ED5CAAEA56B8FA08EE570AF06C13A0A4E21718F8F99D76E480D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058376Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:24.261{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=5B27C492E296F4160D8BCB16CD68728E,SHA256=80803A2BF2C1C7C617F7E7A909BE4AED6268068371F5BE1F87F03EC5B1555DE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058381Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:25.746{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2710421A765A659DC11FE93ED697D1DF,SHA256=9744C9EA4DEBCA4340E378517AFC08AB5ABCF05472755DF2D5116C6230AA49CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031795Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:25.688{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B195657E9FBD7DD532872D4318C4495,SHA256=0C055EB1BF79D5894296B4021B5742E1035E77013D808CCA391B0BD34A7AB658,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058380Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:25.160{6F5BEE90-3B87-61E9-7809-000000002102}4696ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_2ufs5i5x.rqp.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058379Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:25.160{6F5BEE90-3B87-61E9-7809-000000002102}4696ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_clvmlr13.zkv.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058378Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:25.160{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_clvmlr13.zkv.ps12022-01-20 10:38:25.160 23542300x800000000000000058384Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:26.762{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=797812CD755CC2565C04018586EC1512,SHA256=07DFFBE203745E2C33D751A852CB5C472173D4C841A64879E5BD97C640CCF106,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031796Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:26.704{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57636E99E36B3CEBF51DDD48E43EA571,SHA256=8C10DD7E7DFB64CB8BF5B7CE34FC5308202E69292DE740CFFE76EC3DABAEE09B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058383Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:24.539{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52443-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000058382Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:26.130{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=E655EF3F0823E0389AFA04577624583C,SHA256=7814C1CD7B0AA17CC0A1D3B4B684BBEA764ACF23061AB6A75B5B637B7EB9956D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058386Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:27.780{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4228FEED3CD153623E623C0571F6E0A8,SHA256=2AFD9CCBA9174B01431C1810C3BCB6F1CC9ACA0D298DB043A56F77C59C6C7005,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031797Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:27.705{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8DBBD611F07E0E95A397A639085616CA,SHA256=E03FA98E937CFF940D726BDA76571532DF9BA5788AFA1FBA72CDF3756017724E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058385Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:27.161{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=0241D4A48CE5617FC41C80BABAF46F78,SHA256=047D41D40F3177C7B48D8978A9701C9D73F8B0064BFF41CABC4A0065FCCB0E25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031798Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:28.720{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C59557925F8308F0C8698A506428B56F,SHA256=435D16F832EADCC8F329E3CB8E27AC69F7176CF781116285DBD5DC02D6F988F4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058398Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localEXE2022-01-20 10:38:28.845{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe2022-01-20 10:38:28.845 10341000x800000000000000058397Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:28.800{6F5BEE90-1B0F-61E9-E500-000000002102}41762952C:\Windows\system32\csrss.exe{6F5BEE90-3BA4-61E9-7A09-000000002102}1104C:\Windows\SysWOW64\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058396Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:28.800{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058395Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:28.800{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058394Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:28.800{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058393Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:28.800{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058392Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:28.800{6F5BEE90-3B87-61E9-7809-000000002102}4696348C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3BA4-61E9-7A09-000000002102}1104C:\Windows\SysWOW64\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9278(wow64)|C:\Windows\System32\KERNELBASE.dll+d7f5c(wow64)|C:\Windows\System32\windows.storage.dll+12427f(wow64)|C:\Windows\System32\windows.storage.dll+123f9f(wow64)|C:\Windows\System32\windows.storage.dll+123ce7(wow64)|C:\Windows\System32\windows.storage.dll+124cd5(wow64)|C:\Windows\System32\windows.storage.dll+123b11(wow64)|C:\Windows\System32\windows.storage.dll+125eea(wow64)|C:\Windows\System32\windows.storage.dll+1262f7(wow64)|C:\Windows\System32\windows.storage.dll+125915(wow64)|C:\Windows\System32\shell32.dll+1711b4(wow64)|C:\Windows\System32\shell32.dll+17108e(wow64)|C:\Windows\System32\shell32.dll+1ae43a(wow64)|C:\Windows\System32\shcore.dll+2fffa(wow64) 154100x800000000000000058391Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:28.792{6F5BEE90-3BA4-61E9-7A09-000000002102}1104C:\Windows\SysWOW64\wscript.exe5.812.10240.16384Microsoft ® Windows Based Script HostMicrosoft ® Windows Script HostMicrosoft Corporationwscript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Administrator\AppData\Local\Temp\2\Nmddfrqqrbyjeygggda.vbs" C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ATTACKRANGE\Administrator{6F5BEE90-1B13-61E9-8513-0D0000000000}0xd13852HighMD5=4F021FB3CBD3023D2E20F69176E00099,SHA256=D63ADCCC897B7F74FE56170446D100C7C0F740A6CF01AD17913409581F392E74,IMPHASH=63ECF92956704DAB3E8ACC4116ED9C44{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" 23542300x800000000000000058390Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:28.783{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=49A9CB31DAD383407F54851D7BEB0FB6,SHA256=47FB2EE7D5ACA3EC988A28D11E39FD4CCABF34A1A4DD1E52F9C08D407759A806,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058389Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:28.699{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\Nmddfrqqrbyjeygggda.vbs2022-01-20 10:38:28.699 734700x800000000000000058388Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:28.513{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Temp\Tbopbh.dll1.0.0.0---Frkmlkdkdubkznbkmcf.dllMD5=E61518AE9454A563B8F842286BBDB87B,SHA256=9EF7DBD3DA51332A78EFF19146D21C82957821E464E8133E9594A07D716D892D,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAfalse-Unavailable 734700x800000000000000058387Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:28.513{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Temp\Tbopbh.dll1.0.0.0---Frkmlkdkdubkznbkmcf.dllMD5=E61518AE9454A563B8F842286BBDB87B,SHA256=9EF7DBD3DA51332A78EFF19146D21C82957821E464E8133E9594A07D716D892D,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAfalse-Unavailable 10341000x800000000000000058800Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.990{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9278(wow64)|C:\Windows\System32\KERNELBASE.dll+15a0bb(wow64)|C:\Windows\System32\KERNELBASE.dll+159d6c(wow64)|UNKNOWN(00000000070FF988)|UNKNOWN(0000000007233D7F)|UNKNOWN(00000000070F6C3E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F8BE4)|UNKNOWN(00000000070F8AF8)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A) 154100x800000000000000058799Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.989{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exe4.8.3761.0 built by: NET48REL1.NET Framework installation utilityMicrosoft® .NET FrameworkMicrosoft CorporationInstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ATTACKRANGE\Administrator{6F5BEE90-1B13-61E9-8513-0D0000000000}0xd13852HighMD5=AF862061889F5B9B956E9469DCDAE773,SHA256=AF5CBD35C7D8DEA7D879113FDA61B0F64AC6618BCDAE15C0C732A018BABF68EE,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" 23542300x800000000000000058798Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.922{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C65C3BE41EDEA92097372CDCD287C1B7,SHA256=346E04484C9E0AFC1C2CE5032D65A4CE770F1C548415F54D880D4134245944CA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058797Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.889{6F5BEE90-18AA-61E9-1600-000000002102}13241960C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058796Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.889{6F5BEE90-18AA-61E9-1600-000000002102}13241364C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058795Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.832{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26327|C:\Windows\system32\lsasrv.dll+2746d|C:\Windows\system32\lsasrv.dll+261a5|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058794Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.832{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\system32\lsasrv.dll+260ed|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058793Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.808{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C2537A7F1D9631E239922B001C525A88,SHA256=832AA6E843F1D390F53C0D008DE83A6706BA0A9BE4189E2A6497E440BDD6BD88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058792Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.806{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B350D179A29FBC915862682C26D961F5,SHA256=334F0B303C9C8083858FB40D7E5DD9B871F525F8930A61A213EB1B42DE5D7FFA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058791Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localEXE2022-01-20 10:38:29.805{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exe2022-01-20 10:38:29.805 17141700x800000000000000058790Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-CreatePipe2022-01-20 10:38:29.789{6F5BEE90-3BA5-61E9-7D09-000000002102}4800\PSHost.132871487092321483.4800.DefaultAppDomain.powershellC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 23542300x800000000000000058789Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.784{6F5BEE90-3B87-61E9-7809-000000002102}4696ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exeMD5=17FC12902F4769AF3A9271EB4E2DACCE,SHA256=29AE7B30ED8394C509C561F6117EA671EC412DA50D435099756BBB257FAFB10B,IMPHASH=563F92D1CB750F339006B11E53047050truetrue 23542300x800000000000000058788Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.777{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD6B25B191B4D57CCE50D15128DFCD18,SHA256=BB6EE2743166F0291C0A3C2990889F98FA491E3DEDD798587F933D2B6764E83D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058787Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.773{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058786Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.770{6F5BEE90-3BA5-61E9-7D09-000000002102}4800ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_sqzfj55d.x03.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058785Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.732{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D033BA28FD06B67027134DEDAB670FBC,SHA256=A155C717A6BF7901721B130FCF7ECBA97EDB3F7472F8D4DDE8633DB76ED858CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058784Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.732{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=6ADD2E7454C4DCB7187B2879573CE631,SHA256=1C26C68135B62B5DE1F8C9EECFC72790768D61D5852AEBBCD6B2AF68D3D34E76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058783Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.685{6F5BEE90-3BA5-61E9-7D09-000000002102}4800ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_2nfcmlgm.jzx.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058782Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.680{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058781Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.680{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058780Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.679{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058779Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.679{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058778Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.553{6F5BEE90-18AA-61E9-1600-000000002102}13241960C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-8309-000000002102}6208C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058777Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.553{6F5BEE90-18AA-61E9-1600-000000002102}13241364C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-8309-000000002102}6208C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058776Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.550{6F5BEE90-3BA5-61E9-8309-000000002102}62085348C:\Windows\system32\conhost.exe{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058775Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.522{6F5BEE90-1B0F-61E9-E500-000000002102}41764072C:\Windows\system32\csrss.exe{6F5BEE90-3BA5-61E9-8309-000000002102}6208C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058774Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.516{6F5BEE90-1B0F-61E9-E500-000000002102}41762952C:\Windows\system32\csrss.exe{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 534500x800000000000000058773Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.516{6F5BEE90-3BA5-61E9-8109-000000002102}4580C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe 10341000x800000000000000058772Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.512{6F5BEE90-18A7-61E9-0500-000000002102}392408C:\Windows\system32\csrss.exe{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058771Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.511{6F5BEE90-18AA-61E9-1600-000000002102}13241960C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\seclogon.dll+17dc|c:\windows\system32\seclogon.dll+10ac|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000058770Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.504{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" rmdir 'C:\ProgramData\Microsoft\Windows Defender' -RecurseC:\Windows\System32\WindowsPowerShell\v1.0\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e72SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{6F5BEE90-3BA5-61E9-8109-000000002102}4580C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe"C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe" /EXEFilename "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" /WindowState 0 /CommandLine "rmdir 'C:\ProgramData\Microsoft\Windows Defender' -Recurse" /StartDirectory "" /RunAs 8 /Run 10341000x800000000000000058769Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.502{6F5BEE90-18AA-61E9-1600-000000002102}13241960C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-8109-000000002102}4580C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\seclogon.dll+1404|c:\windows\system32\seclogon.dll+10ac|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058768Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.502{6F5BEE90-18AA-61E9-1600-000000002102}13241960C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-8109-000000002102}4580C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe0x14c0C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\seclogon.dll+128d|c:\windows\system32\seclogon.dll+10ac|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058767Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.502{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7C09-000000002102}4792C:\Windows\servicing\TrustedInstaller.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e62|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e2c|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058766Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.501{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7E09-000000002102}1216C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058765Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.501{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058764Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.501{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7C09-000000002102}4792C:\Windows\servicing\TrustedInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058763Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.501{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058762Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.501{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058761Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.501{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3B76-61E9-7209-000000002102}5796C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058760Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.501{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3AA2-61E9-5609-000000002102}92C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058759Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.500{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3AA2-61E9-5509-000000002102}3436C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058758Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.500{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058757Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.500{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D48-61E9-B407-000000002102}4080C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058756Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.500{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D48-61E9-B307-000000002102}5484C:\Temp\hiew32demo.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058755Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.499{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D0D-61E9-AB07-000000002102}5532C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058754Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.499{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D0D-61E9-AA07-000000002102}5544C:\Temp\hiew32demo.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058753Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.499{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2AC2-61E9-3207-000000002102}1112C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058752Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.499{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2AC2-61E9-3107-000000002102}4508C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058751Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.499{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-269A-61E9-B006-000000002102}5572C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058750Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.499{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1FE8-61E9-D805-000000002102}2820C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058749Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.498{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1D12-61E9-4D04-000000002102}6952C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058748Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.498{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBF-61E9-8B03-000000002102}6916C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058747Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.498{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBD-61E9-8503-000000002102}6656C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058746Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.498{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBC-61E9-8203-000000002102}4352C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058745Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.498{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBC-61E9-8103-000000002102}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058744Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.498{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBB-61E9-7A03-000000002102}3596C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058743Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.498{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CB8-61E9-7203-000000002102}6636C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058742Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.498{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058741Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058740Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058739Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B14-61E9-F200-000000002102}5076C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058738Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B14-61E9-EF00-000000002102}4972C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058737Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B10-61E9-E900-000000002102}996C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058736Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B0F-61E9-E600-000000002102}4164C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058735Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B0F-61E9-E500-000000002102}4176C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058734Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1933-61E9-9400-000000002102}2916C:\Windows\System32\msdtc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058733Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18CD-61E9-7700-000000002102}484C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058732Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058731Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18BB-61E9-4800-000000002102}3776C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058730Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18BB-61E9-4700-000000002102}3764C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058729Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18BA-61E9-4000-000000002102}3560C:\Windows\System32\vds.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058728Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B9-61E9-3500-000000002102}3304C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058727Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-3100-000000002102}2692C:\Windows\system32\wbem\unsecapp.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 11241100x800000000000000058726Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_2nfcmlgm.jzx.ps12022-01-20 10:38:29.482 10341000x800000000000000058725Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-3000-000000002102}2372C:\Windows\system32\dfssvc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058724Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058723Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\system32\DFSRs.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058722Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2D00-000000002102}2992C:\Windows\System32\ismserv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058721Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058720Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058719Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058718Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2900-000000002102}2920C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058717Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2700-000000002102}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058716Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B7-61E9-2600-000000002102}2772C:\Windows\System32\spoolsv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058715Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B3-61E9-2300-000000002102}2608C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058714Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AF-61E9-2200-000000002102}2500C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058713Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AF-61E9-2100-000000002102}2492C:\Users\Public\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058712Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AB-61E9-1F00-000000002102}2140C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058711Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1700-000000002102}1428C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058710Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1600-000000002102}1324C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058709Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1500-000000002102}1264C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058708Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058707Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1300-000000002102}336C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058706Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1200-000000002102}352C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058705Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1100-000000002102}480C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058704Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1000-000000002102}356C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058703Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-0F00-000000002102}344C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058702Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-0E00-000000002102}984C:\Windows\system32\LogonUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058701Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A9-61E9-0D00-000000002102}888C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058700Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A9-61E9-0C00-000000002102}828C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058699Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\system32\lsass.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058698Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0A00-000000002102}600C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058697Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0900-000000002102}548C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058696Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0800-000000002102}476C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058695Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0700-000000002102}464C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058694Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0500-000000002102}392C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058693Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A4-61E9-0200-000000002102}304C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058692Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A4-61E9-0100-000000002102}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058691Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-3BA5-61E9-8109-000000002102}4580C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058690Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.479{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0900-000000002102}548C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e62|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e2c|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058689Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.479{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-8009-000000002102}5204C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058688Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.479{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7E09-000000002102}1216C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058687Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.479{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058686Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.479{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7C09-000000002102}4792C:\Windows\servicing\TrustedInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058685Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.479{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058684Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.479{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058683Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.478{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3B76-61E9-7209-000000002102}5796C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058682Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.478{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3AA2-61E9-5609-000000002102}92C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058681Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.478{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3AA2-61E9-5509-000000002102}3436C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058680Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.478{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058679Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.478{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D48-61E9-B407-000000002102}4080C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058678Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.478{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D48-61E9-B307-000000002102}5484C:\Temp\hiew32demo.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058677Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.478{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D0D-61E9-AB07-000000002102}5532C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058676Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.478{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D0D-61E9-AA07-000000002102}5544C:\Temp\hiew32demo.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058675Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.478{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2AC2-61E9-3207-000000002102}1112C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058674Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.478{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2AC2-61E9-3107-000000002102}4508C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058673Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.477{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-269A-61E9-B006-000000002102}5572C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058672Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.477{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1FE8-61E9-D805-000000002102}2820C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058671Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.477{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1D12-61E9-4D04-000000002102}6952C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058670Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.477{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBF-61E9-8B03-000000002102}6916C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058669Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.477{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBD-61E9-8503-000000002102}6656C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058668Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.477{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBC-61E9-8203-000000002102}4352C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058667Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.477{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBC-61E9-8103-000000002102}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058666Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.477{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBB-61E9-7A03-000000002102}3596C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058665Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.477{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CB8-61E9-7203-000000002102}6636C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058664Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.477{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058663Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.476{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058662Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.476{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058661Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.476{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B14-61E9-F200-000000002102}5076C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058660Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.476{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B14-61E9-EF00-000000002102}4972C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058659Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.475{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B10-61E9-E900-000000002102}996C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058658Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.475{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B0F-61E9-E600-000000002102}4164C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058657Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.475{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B0F-61E9-E500-000000002102}4176C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058656Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.475{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1933-61E9-9400-000000002102}2916C:\Windows\System32\msdtc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058655Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.475{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18CD-61E9-7700-000000002102}484C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058654Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.475{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058653Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.475{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18BB-61E9-4800-000000002102}3776C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058652Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.474{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18BB-61E9-4700-000000002102}3764C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058651Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.474{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18BA-61E9-4000-000000002102}3560C:\Windows\System32\vds.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058650Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.474{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B9-61E9-3500-000000002102}3304C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058649Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.474{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-3100-000000002102}2692C:\Windows\system32\wbem\unsecapp.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058648Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.474{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-3000-000000002102}2372C:\Windows\system32\dfssvc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058647Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.474{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058646Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.474{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\system32\DFSRs.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058645Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.473{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2D00-000000002102}2992C:\Windows\System32\ismserv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058644Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.473{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058643Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.472{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058642Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.472{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058641Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.471{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2900-000000002102}2920C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058640Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.471{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2700-000000002102}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058639Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.471{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B7-61E9-2600-000000002102}2772C:\Windows\System32\spoolsv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058638Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.471{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B3-61E9-2300-000000002102}2608C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058637Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.470{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AF-61E9-2200-000000002102}2500C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058636Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.470{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AF-61E9-2100-000000002102}2492C:\Users\Public\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058635Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.470{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058634Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.470{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AB-61E9-1F00-000000002102}2140C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058633Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.470{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058632Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.470{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1700-000000002102}1428C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058631Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.469{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1600-000000002102}1324C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058630Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.469{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1500-000000002102}1264C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058629Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.469{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058628Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.469{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058627Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.469{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058626Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.469{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1300-000000002102}336C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058625Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.469{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1200-000000002102}352C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058624Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.469{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1100-000000002102}480C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058623Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.469{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1000-000000002102}356C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058622Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.469{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-0F00-000000002102}344C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058621Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.468{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-0E00-000000002102}984C:\Windows\system32\LogonUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058620Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.468{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A9-61E9-0D00-000000002102}888C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058619Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.468{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A9-61E9-0C00-000000002102}828C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058618Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.468{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\system32\lsass.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058617Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.468{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0A00-000000002102}600C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058616Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.468{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0900-000000002102}548C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058615Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.468{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0800-000000002102}476C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058614Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.467{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058613Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.467{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0700-000000002102}464C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058612Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.467{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0500-000000002102}392C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058611Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.467{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A4-61E9-0200-000000002102}304C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058610Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.465{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A4-61E9-0100-000000002102}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058609Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.459{6F5BEE90-18A7-61E9-0B00-000000002102}608780C:\Windows\system32\lsass.exe{6F5BEE90-3BA5-61E9-8109-000000002102}4580C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058608Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.444{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058607Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.444{6F5BEE90-18AA-61E9-1600-000000002102}13241676C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-8009-000000002102}5204C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058606Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.444{6F5BEE90-18AA-61E9-1600-000000002102}13241364C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-8009-000000002102}5204C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058605Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.444{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058604Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.444{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058603Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.444{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058602Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.444{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058601Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.433{6F5BEE90-3BA5-61E9-8009-000000002102}52046080C:\Windows\system32\conhost.exe{6F5BEE90-3BA5-61E9-7F09-000000002102}2560C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058600Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.423{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058599Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.417{6F5BEE90-1B0F-61E9-E500-000000002102}41763520C:\Windows\system32\csrss.exe{6F5BEE90-3BA5-61E9-8109-000000002102}4580C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058598Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.413{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3BA5-61E9-8109-000000002102}4580C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9278(wow64)|C:\Windows\System32\KERNELBASE.dll+d7f5c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e6635c16b19ad5b6c95a34cc4e7ec8e3\System.ni.dll+23cbb2(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e6635c16b19ad5b6c95a34cc4e7ec8e3\System.ni.dll+1aaaa4(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e6635c16b19ad5b6c95a34cc4e7ec8e3\System.ni.dll+1aa39c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e6635c16b19ad5b6c95a34cc4e7ec8e3\System.ni.dll+1a759a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4) 10341000x800000000000000058597Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.413{6F5BEE90-1B0F-61E9-E500-000000002102}41764072C:\Windows\system32\csrss.exe{6F5BEE90-3BA5-61E9-8009-000000002102}5204C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 154100x800000000000000058596Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.413{6F5BEE90-3BA5-61E9-8109-000000002102}4580C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe1.22Run a program with different settings that you choose.AdvancedRunNirSoftAdvancedRun.exe"C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe" /EXEFilename "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" /WindowState 0 /CommandLine "rmdir 'C:\ProgramData\Microsoft\Windows Defender' -Recurse" /StartDirectory "" /RunAs 8 /RunC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ATTACKRANGE\Administrator{6F5BEE90-1B13-61E9-8513-0D0000000000}0xd13852HighMD5=17FC12902F4769AF3A9271EB4E2DACCE,SHA256=29AE7B30ED8394C509C561F6117EA671EC412DA50D435099756BBB257FAFB10B,IMPHASH=563F92D1CB750F339006B11E53047050{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" 10341000x800000000000000058595Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.411{6F5BEE90-1B0F-61E9-E500-000000002102}41762952C:\Windows\system32\csrss.exe{6F5BEE90-3BA5-61E9-7F09-000000002102}2560C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 534500x800000000000000058594Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.410{6F5BEE90-3BA5-61E9-7B09-000000002102}6308C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe 10341000x800000000000000058593Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.407{6F5BEE90-18A7-61E9-0500-000000002102}392508C:\Windows\system32\csrss.exe{6F5BEE90-3BA5-61E9-7F09-000000002102}2560C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058592Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.406{6F5BEE90-18AA-61E9-1600-000000002102}13241676C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-7F09-000000002102}2560C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\seclogon.dll+17dc|c:\windows\system32\seclogon.dll+10ac|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000058591Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.404{6F5BEE90-3BA5-61E9-7F09-000000002102}2560C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\System32\sc.exe" stop WinDefendC:\Windows\System32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e72SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{6F5BEE90-3BA5-61E9-7B09-000000002102}6308C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe"C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe" /EXEFilename "C:\Windows\System32\sc.exe" /WindowState 0 /CommandLine "stop WinDefend" /StartDirectory "" /RunAs 8 /Run 10341000x800000000000000058590Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.379{6F5BEE90-18AA-61E9-1600-000000002102}13241676C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-7B09-000000002102}6308C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\seclogon.dll+1404|c:\windows\system32\seclogon.dll+10ac|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058589Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.379{6F5BEE90-18AA-61E9-1600-000000002102}13241676C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-7B09-000000002102}6308C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe0x14c0C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\seclogon.dll+128d|c:\windows\system32\seclogon.dll+10ac|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058588Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.315{6F5BEE90-18AA-61E9-1600-000000002102}13241676C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-7E09-000000002102}1216C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058587Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.315{6F5BEE90-18AA-61E9-1600-000000002102}13241364C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-7E09-000000002102}1216C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058586Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.299{6F5BEE90-3BA5-61E9-7E09-000000002102}12166436C:\Windows\system32\conhost.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058585Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.279{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058584Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.279{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058583Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.279{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058582Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.278{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-18AA-61E9-1600-000000002102}1324C:\Windows\System32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26327|C:\Windows\system32\lsasrv.dll+2746d|C:\Windows\system32\lsasrv.dll+261a5|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058581Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.278{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058580Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.278{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-18AA-61E9-1600-000000002102}1324C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\system32\lsasrv.dll+260ed|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058579Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058578Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058577Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058576Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058575Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7C09-000000002102}4792C:\Windows\servicing\TrustedInstaller.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e62|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e2c|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058574Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7E09-000000002102}1216C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058573Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058572Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7C09-000000002102}4792C:\Windows\servicing\TrustedInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058571Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058570Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058569Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3B76-61E9-7209-000000002102}5796C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058568Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3AA2-61E9-5609-000000002102}92C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058567Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3AA2-61E9-5509-000000002102}3436C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058566Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x800000000000000031800Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:29.720{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D37076EFD4F247476C1465EE5871641,SHA256=9A877855C72D4AE9F89A50739FB1D4FBF2B179733E3CFA459B801B933FF32DC1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058565Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D48-61E9-B407-000000002102}4080C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058564Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D48-61E9-B307-000000002102}5484C:\Temp\hiew32demo.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058563Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D0D-61E9-AB07-000000002102}5532C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058562Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D0D-61E9-AA07-000000002102}5544C:\Temp\hiew32demo.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058561Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2AC2-61E9-3207-000000002102}1112C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058560Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2AC2-61E9-3107-000000002102}4508C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058559Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-269A-61E9-B006-000000002102}5572C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058558Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1FE8-61E9-D805-000000002102}2820C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058557Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1D12-61E9-4D04-000000002102}6952C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058556Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBF-61E9-8B03-000000002102}6916C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058555Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBD-61E9-8503-000000002102}6656C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058554Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBC-61E9-8203-000000002102}4352C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058553Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBC-61E9-8103-000000002102}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058552Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBB-61E9-7A03-000000002102}3596C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058551Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CB8-61E9-7203-000000002102}6636C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058550Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058549Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058548Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058547Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B14-61E9-F200-000000002102}5076C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058546Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B14-61E9-EF00-000000002102}4972C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058545Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B10-61E9-E900-000000002102}996C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058544Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B0F-61E9-E600-000000002102}4164C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058543Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B0F-61E9-E500-000000002102}4176C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058542Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1933-61E9-9400-000000002102}2916C:\Windows\System32\msdtc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058541Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18CD-61E9-7700-000000002102}484C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058540Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058539Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18BB-61E9-4800-000000002102}3776C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058538Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18BB-61E9-4700-000000002102}3764C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058537Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18BA-61E9-4000-000000002102}3560C:\Windows\System32\vds.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058536Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B9-61E9-3500-000000002102}3304C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058535Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-3100-000000002102}2692C:\Windows\system32\wbem\unsecapp.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058534Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-3000-000000002102}2372C:\Windows\system32\dfssvc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058533Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058532Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\system32\DFSRs.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058531Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2D00-000000002102}2992C:\Windows\System32\ismserv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058530Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058529Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058528Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058527Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2900-000000002102}2920C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058526Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2700-000000002102}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058525Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B7-61E9-2600-000000002102}2772C:\Windows\System32\spoolsv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058524Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B3-61E9-2300-000000002102}2608C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058523Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AF-61E9-2200-000000002102}2500C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058522Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AF-61E9-2100-000000002102}2492C:\Users\Public\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058521Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AB-61E9-1F00-000000002102}2140C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058520Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1700-000000002102}1428C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058519Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1600-000000002102}1324C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058518Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1500-000000002102}1264C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058517Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058516Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1300-000000002102}336C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058515Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1200-000000002102}352C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058514Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1100-000000002102}480C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058513Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1000-000000002102}356C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058512Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-0F00-000000002102}344C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058511Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-0E00-000000002102}984C:\Windows\system32\LogonUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058510Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A9-61E9-0D00-000000002102}888C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058509Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A9-61E9-0C00-000000002102}828C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058508Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\system32\lsass.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058507Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0A00-000000002102}600C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058506Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0900-000000002102}548C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058505Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0800-000000002102}476C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058504Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0700-000000002102}464C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058503Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0500-000000002102}392C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058502Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A4-61E9-0200-000000002102}304C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058501Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-3BA5-61E9-7C09-000000002102}4792C:\Windows\servicing\TrustedInstaller.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058500Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A4-61E9-0100-000000002102}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058499Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-3BA5-61E9-7B09-000000002102}6308C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058498Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0900-000000002102}548C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e62|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e2c|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058497Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7E09-000000002102}1216C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058496Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058495Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7C09-000000002102}4792C:\Windows\servicing\TrustedInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058494Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058493Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058492Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3B76-61E9-7209-000000002102}5796C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058491Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3AA2-61E9-5609-000000002102}92C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 354300x800000000000000031799Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:26.780{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51385-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000058490Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3AA2-61E9-5509-000000002102}3436C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058489Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058488Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D48-61E9-B407-000000002102}4080C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058487Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D48-61E9-B307-000000002102}5484C:\Temp\hiew32demo.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058486Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D0D-61E9-AB07-000000002102}5532C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058485Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D0D-61E9-AA07-000000002102}5544C:\Temp\hiew32demo.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058484Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2AC2-61E9-3207-000000002102}1112C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058483Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2AC2-61E9-3107-000000002102}4508C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058482Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-269A-61E9-B006-000000002102}5572C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058481Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1FE8-61E9-D805-000000002102}2820C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058480Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1D12-61E9-4D04-000000002102}6952C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058479Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBF-61E9-8B03-000000002102}6916C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058478Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBD-61E9-8503-000000002102}6656C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058477Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBC-61E9-8203-000000002102}4352C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058476Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBC-61E9-8103-000000002102}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058475Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBB-61E9-7A03-000000002102}3596C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058474Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CB8-61E9-7203-000000002102}6636C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058473Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058472Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058471Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058470Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B14-61E9-F200-000000002102}5076C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058469Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B14-61E9-EF00-000000002102}4972C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058468Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B10-61E9-E900-000000002102}996C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058467Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B0F-61E9-E600-000000002102}4164C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058466Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B0F-61E9-E500-000000002102}4176C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058465Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1933-61E9-9400-000000002102}2916C:\Windows\System32\msdtc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058464Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18CD-61E9-7700-000000002102}484C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058463Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058462Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18BB-61E9-4800-000000002102}3776C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058461Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18BB-61E9-4700-000000002102}3764C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058460Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18BA-61E9-4000-000000002102}3560C:\Windows\System32\vds.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058459Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B9-61E9-3500-000000002102}3304C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058458Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-3100-000000002102}2692C:\Windows\system32\wbem\unsecapp.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058457Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-3000-000000002102}2372C:\Windows\system32\dfssvc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058456Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058455Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\system32\DFSRs.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058454Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2D00-000000002102}2992C:\Windows\System32\ismserv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058453Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058452Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058451Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058450Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2900-000000002102}2920C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058449Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2700-000000002102}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058448Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B7-61E9-2600-000000002102}2772C:\Windows\System32\spoolsv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058447Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B3-61E9-2300-000000002102}2608C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058446Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AF-61E9-2200-000000002102}2500C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058445Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AF-61E9-2100-000000002102}2492C:\Users\Public\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058444Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AB-61E9-1F00-000000002102}2140C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058443Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1700-000000002102}1428C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058442Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1600-000000002102}1324C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058441Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1500-000000002102}1264C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058440Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058439Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1300-000000002102}336C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058438Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1200-000000002102}352C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058437Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1100-000000002102}480C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058436Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1000-000000002102}356C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058435Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-0F00-000000002102}344C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058434Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-0E00-000000002102}984C:\Windows\system32\LogonUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058433Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A9-61E9-0D00-000000002102}888C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058432Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A9-61E9-0C00-000000002102}828C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058431Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\system32\lsass.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058430Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0A00-000000002102}600C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058429Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0900-000000002102}548C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058428Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0800-000000002102}476C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058427Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0700-000000002102}464C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058426Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-1B0F-61E9-E500-000000002102}41764072C:\Windows\system32\csrss.exe{6F5BEE90-3BA5-61E9-7E09-000000002102}1216C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058425Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0500-000000002102}392C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058424Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A4-61E9-0200-000000002102}304C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058423Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.230{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A4-61E9-0100-000000002102}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058422Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.230{6F5BEE90-18A7-61E9-0A00-000000002102}6001592C:\Windows\system32\services.exe{6F5BEE90-3BA5-61E9-7C09-000000002102}4792C:\Windows\servicing\TrustedInstaller.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058421Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.230{6F5BEE90-1B0F-61E9-E500-000000002102}41763520C:\Windows\system32\csrss.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058420Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.230{6F5BEE90-3BA4-61E9-7A09-000000002102}11045876C:\Windows\SysWOW64\WScript.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9278(wow64)|C:\Windows\System32\KERNELBASE.dll+d7f5c(wow64)|C:\Windows\System32\windows.storage.dll+12427f(wow64)|C:\Windows\System32\windows.storage.dll+123f9f(wow64)|C:\Windows\System32\windows.storage.dll+123ce7(wow64)|C:\Windows\System32\windows.storage.dll+124cd5(wow64)|C:\Windows\System32\windows.storage.dll+123b11(wow64)|C:\Windows\System32\windows.storage.dll+125eea(wow64)|C:\Windows\System32\windows.storage.dll+1262f7(wow64)|C:\Windows\System32\windows.storage.dll+125915(wow64)|C:\Windows\System32\SHELL32.dll+1711b4(wow64)|C:\Windows\System32\SHELL32.dll+17108e(wow64)|C:\Windows\System32\SHELL32.dll+1ae43a(wow64)|C:\Windows\System32\shcore.dll+2fffa(wow64) 154100x800000000000000058419Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.232{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ExclusionPath 'C:\'C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ATTACKRANGE\Administrator{6F5BEE90-1B13-61E9-8513-0D0000000000}0xd13852HighMD5=65D86C34814C02569E2AD53FD24E7F61,SHA256=8133502266008B77DE7921451E1210B0EF3F0ED2DB7D8D3EE0C3350D856FA6FA,IMPHASH=5E0145CEF36FA9BFBA7DE33AA683B8ED{6F5BEE90-3BA4-61E9-7A09-000000002102}1104C:\Windows\SysWOW64\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Administrator\AppData\Local\Temp\2\Nmddfrqqrbyjeygggda.vbs" 10341000x800000000000000058418Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.230{6F5BEE90-18A7-61E9-0500-000000002102}392408C:\Windows\system32\csrss.exe{6F5BEE90-3BA5-61E9-7C09-000000002102}4792C:\Windows\servicing\TrustedInstaller.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058417Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.230{6F5BEE90-18A7-61E9-0A00-000000002102}600296C:\Windows\system32\services.exe{6F5BEE90-3BA5-61E9-7C09-000000002102}4792C:\Windows\servicing\TrustedInstaller.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d3ee|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000058416Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.229{6F5BEE90-3BA5-61E9-7C09-000000002102}4792C:\Windows\servicing\TrustedInstaller.exe10.0.14393.3564 (rs1_release.200303-1942)Windows Modules InstallerMicrosoft® Windows® Operating SystemMicrosoft CorporationTrustedInstaller.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=187076E4BC7B2F5FB7D54D1234B3CDEA,SHA256=7AE4CC64E2F0E5C58ABB6542233DA78B9AEAAD22C9D853AB96265EF3FBFEFABE,IMPHASH=648F735E453FC6802BFAECAC5ACA72A4{6F5BEE90-18A7-61E9-0A00-000000002102}600C:\Windows\System32\services.exeC:\Windows\system32\services.exe 10341000x800000000000000058415Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.216{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-18A7-61E9-0A00-000000002102}600C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+10f0e|C:\Windows\system32\lsasrv.dll+1e908|C:\Windows\system32\lsasrv.dll+1db31|C:\Windows\system32\lsasrv.dll+1c350|C:\Windows\system32\lsasrv.dll+2878b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058414Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.216{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058413Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.216{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058412Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.216{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-18A7-61E9-0A00-000000002102}600C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+1b8ad|C:\Windows\system32\lsasrv.dll+2878b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058411Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.216{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-3BA4-61E9-7A09-000000002102}1104C:\Windows\SysWOW64\WScript.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26327|C:\Windows\system32\lsasrv.dll+2746d|C:\Windows\system32\lsasrv.dll+261a5|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058410Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.216{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-3BA4-61E9-7A09-000000002102}1104C:\Windows\SysWOW64\WScript.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\system32\lsasrv.dll+260ed|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058409Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.216{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-3BA5-61E9-7B09-000000002102}6308C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058408Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.131{6F5BEE90-1B0F-61E9-E500-000000002102}41763520C:\Windows\system32\csrss.exe{6F5BEE90-3BA5-61E9-7B09-000000002102}6308C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058407Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.115{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058406Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.115{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058405Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.115{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058404Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.115{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058403Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.115{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3BA5-61E9-7B09-000000002102}6308C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9278(wow64)|C:\Windows\System32\KERNELBASE.dll+d7f5c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e6635c16b19ad5b6c95a34cc4e7ec8e3\System.ni.dll+23cbb2(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e6635c16b19ad5b6c95a34cc4e7ec8e3\System.ni.dll+1aaaa4(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e6635c16b19ad5b6c95a34cc4e7ec8e3\System.ni.dll+1aa39c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e6635c16b19ad5b6c95a34cc4e7ec8e3\System.ni.dll+1a759a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4) 154100x800000000000000058402Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.121{6F5BEE90-3BA5-61E9-7B09-000000002102}6308C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe1.22Run a program with different settings that you choose.AdvancedRunNirSoftAdvancedRun.exe"C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe" /EXEFilename "C:\Windows\System32\sc.exe" /WindowState 0 /CommandLine "stop WinDefend" /StartDirectory "" /RunAs 8 /RunC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ATTACKRANGE\Administrator{6F5BEE90-1B13-61E9-8513-0D0000000000}0xd13852HighMD5=17FC12902F4769AF3A9271EB4E2DACCE,SHA256=29AE7B30ED8394C509C561F6117EA671EC412DA50D435099756BBB257FAFB10B,IMPHASH=563F92D1CB750F339006B11E53047050{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" 10341000x800000000000000058401Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.045{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-3BA4-61E9-7A09-000000002102}1104C:\Windows\SysWOW64\WScript.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058400Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.045{6F5BEE90-18AA-61E9-1600-000000002102}13241676C:\Windows\System32\svchost.exe{6F5BEE90-3BA4-61E9-7A09-000000002102}1104C:\Windows\SysWOW64\WScript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058399Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.045{6F5BEE90-18AA-61E9-1600-000000002102}13241364C:\Windows\System32\svchost.exe{6F5BEE90-3BA4-61E9-7A09-000000002102}1104C:\Windows\SysWOW64\WScript.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000059100Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.988{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\Hibernate\LICENSE.TXT2017-11-17 19:46:18.121 23542300x800000000000000059099Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.988{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\Hibernate\LICENSE.txtMD5=175792518E4AC015AB6696D16C4F607E,SHA256=58D1E17FFE5109A7AE296CAAFCADFDBE6A7D176F0BC4AB01E12A689B0499D8BD,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059098Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.984{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\Hibernate\EC2HibernateAgent.PS12017-11-17 19:46:18.418 23542300x800000000000000059097Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.984{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\Hibernate\EC2HibernateAgent.ps1MD5=5BE64E17926A062EB2DDD67E205F1EB4,SHA256=4A75ACC290E13416E24498BE3376D19AEE109E2B0A0E01F19AD31B24F0628336,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059096Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.977{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\cfn-bootstrap\library.zipMD5=6A276BFD1A0010A58FBE18A7AB93ABCA,SHA256=BE6EB5D2BE7F3436B2EEBD0E5C421404E847561E423CD5A96EA76DE0BBA51815,IMPHASH=420F1B1EBA5D9F1DE2CCC2B639E132CDfalsetrue 23542300x800000000000000059095Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.941{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=718C3883A611693451A7A744E6F72AB8,SHA256=C331B0DDE3498A1EBB68C05116636B14F2510E61E501906B1DA99CF3C402C249,IMPHASH=00000000000000000000000000000000falsetrue 17141700x800000000000000059094Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-CreatePipe2022-01-20 10:38:30.937{6F5BEE90-3BA5-61E9-8209-000000002102}3968\PSHost.132871487095042039.3968.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x800000000000000059093Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.926{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Temp\__PSScriptPolicyTest_xyhhn5xm.r20.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059092Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.925{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Temp\__PSScriptPolicyTest_142lv4j2.ywk.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059091Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.868{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C76DEABE403D57D2747EFEE33647929A,SHA256=6554F0296224ED5725B512B63DD044D76C9B609A64CFCF75722D212F6914F6F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059090Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.817{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=E171838833D52E27A2DCDE3876DD0126,SHA256=F3EBF54CE764A27D62D155CB0310FB3A2717F23611F6D714A8C59C367460DB56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059089Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.816{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=3D198B14E3F4DE55EB59086CD3EA205F,SHA256=95A3124C83C88B51A50F3A3CC52DC5556C4BC6D209846080A07049C846792125,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059088Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.814{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=12C5169AF8A8EA209070EBD5F5227582,SHA256=B627B7576CAAB8B00D282F4C12B66E626E3CE58BDB256AB7199B4A6E82F935B7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059087Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.810{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Temp\__PSScriptPolicyTest_142lv4j2.ywk.ps12022-01-20 10:38:30.810 10341000x800000000000000059086Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.712{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000059085Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.703{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000059084Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.549{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\cfn-bootstrap\cacert.pemMD5=CC3D2CD6B035DC31B2614C1DF204848E,SHA256=6A4EEAFEAF28CC7750F5F7F6ED4F84D6F08DACB8AC151412332F732647694253,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059083Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.539{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\readme.TXT2022-01-20 07:59:12.964 23542300x800000000000000059082Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.539{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\readme.txtMD5=3130C41D18F99B83D27C2A4083F1C047,SHA256=42AEB97DFD35B5352D3F79DC32911336EF59B6B38EE5571D3E2B09460365F5FD,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059081Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.536{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\License.TXT2022-01-20 07:59:12.964 23542300x800000000000000059080Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.535{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\License.txtMD5=DA110CDCADC141BEA8E32C64F7F80FE5,SHA256=72A99A393AFA877265D336CABB6C7BD762B12CB1FA210303AD61C125665D215B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059079Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.533{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\zh-tw.TXT2022-01-20 07:59:12.964 23542300x800000000000000059078Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.532{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\zh-tw.txtMD5=ACFC57DE6B0E4489287BDAFE2062409A,SHA256=37C79297F8D4E491D681B556C23D957BC830068AE1D5F4535FD054C2233F3474,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059077Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.530{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\zh-cn.TXT2022-01-20 07:59:12.964 23542300x800000000000000059076Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\zh-cn.txtMD5=0AAE98F500CE669DA6A4FCC33AEA04E9,SHA256=7CF13E7434E6C062A29B964C026B2F66E75ECF541228665BF0C826EF7C0FE133,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059075Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.526{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\yo.TXT2022-01-20 07:59:12.964 23542300x800000000000000059074Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.526{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\yo.txtMD5=698AF9267C08D61B712417491DA6A3BB,SHA256=FFAB6B91FFD2D3C2B1F7F431B47F7D28AA17A11587B876565613BB26C173402B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059073Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.522{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\vi.TXT2022-01-20 07:59:12.964 23542300x800000000000000059072Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.522{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\vi.txtMD5=044531D134ACA40D5E57CC0AB96B4940,SHA256=3A6DCA3E1B5C8190C81FC859B5BE83EAF54EFDCAA148F4374D1225381083406F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059071Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.519{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\va.TXT2022-01-20 07:59:12.964 23542300x800000000000000059070Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.519{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\va.txtMD5=639741F687D4427C9D3B170B1CED41A9,SHA256=F43C31BD959A752EEFBB7C76ED918C4CACD50D43706121C55093D72A638FA7A5,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059069Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.516{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\uz.TXT2022-01-20 07:59:12.964 23542300x800000000000000059068Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.515{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\uz.txtMD5=3035144EEA3A382E39541B218A5D813A,SHA256=A310044DBC86E2441F0D50BB7D7DADB9879359B0C6CEB1FAF413A0459E07045B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059067Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.512{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\uz-cyrl.TXT2022-01-20 07:59:12.964 23542300x800000000000000059066Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.512{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\uz-cyrl.txtMD5=7AFEDBD6E9EF3A4A2A99BC1BCB133605,SHA256=2DD421A44AD779D961C951F01E7ABF4AC358C61CE26EA8311A0C902B4FC77CA3,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059065Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.509{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\uk.TXT2022-01-20 07:59:12.964 23542300x800000000000000059064Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.508{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\uk.txtMD5=D125EF7F9A009CFE4093152E48055AC1,SHA256=53235CB228DBBB5207F18BD0B318F54FDA9F9F5B05094EA6AC7AE368216CC4EF,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059063Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.505{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ug.TXT2022-01-20 07:59:12.964 23542300x800000000000000059062Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.504{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ug.txtMD5=EF3E8D61D03E42A3B40D6F0B12535ADB,SHA256=9D0268D1EEB8DFDEBBB8EA1033C2B99CD667A244C9859085BE5D54C9E5CED369,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059061Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.501{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\tt.TXT2022-01-20 07:59:12.964 23542300x800000000000000059060Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.501{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\tt.txtMD5=6E299B81EDACF15FACE1271D032CC5A0,SHA256=18479D66E0C8B5144EA32CC9D6B58EB8748E80D2C3BDEC0DBD99BBC3AB42495D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059059Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.495{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\tr.TXT2022-01-20 07:59:12.964 23542300x800000000000000059058Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.495{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\tr.txtMD5=C69BE29E4448A858180DAF367464D531,SHA256=4816929C4BB958CE8D64D14DF47F0B6A35DCF0E7EB88201EAA93AF541894E354,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059057Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.490{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\tk.TXT2022-01-20 07:59:12.964 23542300x800000000000000059056Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.489{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\tk.txtMD5=75C23D0431BC83CA17308F08D1173C1D,SHA256=75EFF9DE596459F3EBA755B5C4C8CE635AF2CECDBAE40749DF348C97A2E56EE0,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059055Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.485{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\th.TXT2022-01-20 07:59:12.964 23542300x800000000000000059054Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.484{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\th.txtMD5=8EE06A03DC18E5F8BC750CB6A78F6D9C,SHA256=01E7B965BD4B722003F74B4E4B30EF6A1BAEA67108816D1B9F8D6ADD39C7FA10,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059053Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.481{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\tg.TXT2022-01-20 07:59:12.949 23542300x800000000000000059052Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.480{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\tg.txtMD5=4A5529986613CDF743B3F7755F8F5CAE,SHA256=1CEDD8F699940FECACACBC5DF093BA70FB2099FAF9864376A3D990DA78B8E075,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059051Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.476{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ta.TXT2022-01-20 07:59:12.949 23542300x800000000000000059050Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.475{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ta.txtMD5=228CA6D7B8D850853233C4575A7EBF1F,SHA256=0A3B285566BBEB3F188B3C72BA21CBFC545EA05471EAB706E972C828DA5234E0,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059049Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.473{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sw.TXT2022-01-20 07:59:12.949 23542300x800000000000000059048Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.472{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sw.txtMD5=EE27959AEF24CEF2EC07684CF420B2DD,SHA256=AAEB1631458E448B678579CE369FD0A6D66E0FB02B9218328C537EE38636C557,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059047Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.469{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sv.TXT2022-01-20 07:59:12.949 23542300x800000000000000059046Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.469{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sv.txtMD5=2EC8B6F0C0C05157AE90ABA540DEBED1,SHA256=54112B265EC01759ADBF72DC856FF0F9DBB2B3029EFF8A56DE08DFFC5D3DC954,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059045Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.466{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sr-spl.TXT2022-01-20 07:59:12.949 23542300x800000000000000059044Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.465{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sr-spl.txtMD5=FD327F424C7E4F23D2C018DED334A1B5,SHA256=D5A250B45BD51267E2B0D78CF60E7F14113419565F9B95C2B1113963396570A5,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059043Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.462{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sr-spc.TXT2022-01-20 07:59:12.949 23542300x800000000000000059042Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.462{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sr-spc.txtMD5=FFD26304B9B5FAE8547703515E84460D,SHA256=283DD99EC8D13784B3D79C36766CDB16DAC0EDE0C1C09E8B1EFA64F5DC2C1A55,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059041Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.459{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sq.TXT2022-01-20 07:59:12.949 23542300x800000000000000059040Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.458{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sq.txtMD5=F5C16D9111631A7280AE99C89D5BE4E3,SHA256=40A3FC08E4B2CA3D691C08B9382B2E9FA391F9123A0769052294D93BC2983734,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059039Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.455{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sl.TXT2022-01-20 07:59:12.949 23542300x800000000000000059038Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.455{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sl.txtMD5=7004B98D09316E84156B91C54888C9D4,SHA256=548AA8422A228617B30FBD448D03C38C3A11D010051A24544CF8AE479314ACD8,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059037Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.452{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sk.TXT2022-01-20 07:59:12.949 23542300x800000000000000059036Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.451{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sk.txtMD5=CA2B22D21945A478757A099EEAFDF9A9,SHA256=E571C0D87B50F4659099B4CA618057533C22578066E411C5CEB3DF8BE1E77CFF,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059035Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.447{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\si.TXT2022-01-20 07:59:12.949 23542300x800000000000000059034Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.447{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\si.txtMD5=2B78E18BCB07CB8D59D8682502576F8E,SHA256=3899EDD17A78BC729278304F7B0AE7750C422A5BA684AAC9EDC15B8527A229DA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059033Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.443{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sa.TXT2022-01-20 07:59:12.949 23542300x800000000000000059032Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.443{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sa.txtMD5=9FE4DA297163A84FE9D0B0289B1AF077,SHA256=A44E8C328BF809890AA6CA883E2CB82B6C5207D9636E9A91253DA4CD893668C8,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059031Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.440{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ru.TXT2022-01-20 07:59:12.949 23542300x800000000000000059030Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.439{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ru.txtMD5=B5CEC4D03D2D9E162137E475C54AFBC3,SHA256=AC73D4810639114C3269E3BEAEC84ECAC9473CA6FBC248D804A09DF2B33E4351,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059029Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.436{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ro.TXT2022-01-20 07:59:12.949 23542300x800000000000000059028Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.435{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ro.txtMD5=E3EE837F02A1F6E4B2213EB36C025284,SHA256=F168BB4D026782134CC6C261006B815850E753A27FB47C4F23EE617666459A66,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059027Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.432{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\pt.TXT2022-01-20 07:59:12.949 23542300x800000000000000059026Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.432{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\pt.txtMD5=E6F09B147CB07532C12E47B05CCF87B7,SHA256=55807ED90AE0D9216B93EC7E1D0571CB16D7F9DB40723581AEFC4EA829D4D182,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059025Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.428{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\pt-br.TXT2022-01-20 07:59:12.949 23542300x800000000000000059024Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.428{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\pt-br.txtMD5=7B02E1AE16E2E709D7C97DE560B4DBE9,SHA256=DA0B58F52BBC131F967942D1D8E9DE1B5721AE864BC21852A0AD4062332297CB,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059023Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.425{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ps.TXT2022-01-20 07:59:12.949 23542300x800000000000000059022Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.424{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ps.txtMD5=8F15262B3C1CF560B6352FAE4A5FDE21,SHA256=881B19DD1F74251E475855B8BDB53CE9AF1C3D2654A9331B069A3C273F723769,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059021Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.420{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\pl.TXT2022-01-20 07:59:12.949 23542300x800000000000000059020Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.420{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\pl.txtMD5=2CDF63E6B3F3A474465D0D88E5386718,SHA256=223C109301A7BBF01FC57C42609083B28E3FCEDEDC1F6E6DCDFDC8EC1580C51D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059019Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.416{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\pa-in.TXT2022-01-20 07:59:12.949 23542300x800000000000000059018Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.416{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\pa-in.txtMD5=6C48ED7DEBA6D3EFE6447BE948471810,SHA256=377F793EEDF3A935DDD6260D72AC3CADA9391AAFDF1F019D0BE72BE2B83A5DD9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059017Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.412{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\nn.TXT2022-01-20 07:59:12.949 23542300x800000000000000059016Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.412{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\nn.txtMD5=366B85BF575444D20944DB387F94564E,SHA256=E6922E17B7622361BC4D07E76874A919E3095B477ED008986B94F84A931CB22F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059015Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.408{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\nl.TXT2022-01-20 07:59:12.949 23542300x800000000000000059014Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.408{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\nl.txtMD5=54169E744254BB5A4182BCB2678F8479,SHA256=8A74F64C91C25DA6056B054D388BF1BBD97384AD7D0086F86DF0240E077C6149,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059013Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.405{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ne.TXT2022-01-20 07:59:12.949 23542300x800000000000000059012Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.405{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ne.txtMD5=C7ED0560A6145A417B1E92546ED6B0F1,SHA256=C129F67193295736E1C1FF4AC7245CBD737A07EA6073B43FD22AC767F3D56E23,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059011Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.401{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\nb.TXT2022-01-20 07:59:12.949 23542300x800000000000000059010Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.401{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\nb.txtMD5=7071CABD6FB28CEEDDEAC8B934879855,SHA256=694481B64E223F9BDD0936F89138EF735CEB92AC962D9DD21682109BA81B9697,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059009Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.397{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ms.TXT2022-01-20 07:59:12.949 23542300x800000000000000059008Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.397{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ms.txtMD5=91DA4B7D7CB3B5EB4304394E0C4CAAF2,SHA256=31AB339E581D0D13A43CADDE7C0D1E11CC03A6D8C92B91F8FE79963A6982DFF5,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059007Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.387{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\mr.TXT2022-01-20 07:59:12.949 23542300x800000000000000059006Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.387{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\mr.txtMD5=2E9FC42DBD17E30F8DB8205FA2D18543,SHA256=08B8F7FF35DD4315133E04FD17B6FB896D63B9C87040A2CC68A83E81EA4EFD78,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059005Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.385{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\mng2.TXT2022-01-20 07:59:12.949 23542300x800000000000000059004Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.384{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\mng2.txtMD5=A0D06DC2B7F53ACD8CDEBF7864080CD1,SHA256=47BFE43F3F5A88A0F366FB317A542CDC1E216F8C368DDC67252480EDE7D130F4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059003Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.381{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\mng.TXT2022-01-20 07:59:12.949 23542300x800000000000000059002Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.381{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\mng.txtMD5=BA28C5C312D1A7827B40ED84F1F6F85B,SHA256=92898472C1DB5248B0556FB5BAFDA8090684249B561DE5EF2A84C10F2F4383CA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059001Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.378{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\mn.TXT2022-01-20 07:59:12.949 23542300x800000000000000059000Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.378{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\mn.txtMD5=8756027ADF94B3CC3D6C42F0D3FB4AF0,SHA256=CF5245D17224F85011ED85062957DBFD936DD760A214980FC8F2EB69E6BA3CFC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058999Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.375{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\mk.TXT2022-01-20 07:59:12.949 23542300x800000000000000058998Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.375{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\mk.txtMD5=71D42ABE45803AC9C3DA5FCACF9CC59C,SHA256=78F5CB9345AB258CF745EAA90D44C7A7A73D3FE06EA182B1298A989135FFA11F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058997Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.371{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\lv.TXT2022-01-20 07:59:12.949 23542300x800000000000000058996Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.371{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\lv.txtMD5=341CC2C7302AE8E91B286D9EFFF55693,SHA256=4DE5F75C5E05EC4FABFC2D266AE5B254F0C335C822523A0A7F7EDC60E35A5E0D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058995Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.367{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\lt.TXT2022-01-20 07:59:12.949 23542300x800000000000000058994Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.367{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\lt.txtMD5=92D03523DD0E7E7B2862A6396ABAD455,SHA256=C5DA5B37BE32FA4CDD8B938D479C0327B84C9F83C948EB7E65F4DDC15A6BEEAE,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058993Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.364{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\lij.TXT2022-01-20 07:59:12.949 23542300x800000000000000058992Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.363{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\lij.txtMD5=372BC4A26B676C48CF8FEFAB3711B91D,SHA256=431CAE1BB77633FDF3CE339E97BC5D5D885779DECC01ED03583E381F097A2487,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058991Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.361{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ky.TXT2022-01-20 07:59:12.949 23542300x800000000000000058990Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.360{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ky.txtMD5=7D0420EE265C9122DC11EF964871E179,SHA256=4EF68FBD8AB002BBF4CD6D1C9FD6D87A5FDE048AFD2EF162B727259EB97D70D2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058989Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.356{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ku.TXT2022-01-20 07:59:12.949 23542300x800000000000000058988Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.356{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ku.txtMD5=6E9A3E86335C08C15350BA91DF969269,SHA256=A00B21A87A58ADEFF29EA379160B6AE72DF5EC380F6E4C6A1BC352B6581FB4C4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058987Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.352{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ku-ckb.TXT2022-01-20 07:59:12.949 23542300x800000000000000058986Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.352{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ku-ckb.txtMD5=C90D029172A8533946EF7419BF383305,SHA256=19AF39960142B8599153A09EF4F03F944FC00999BEB9FE2399F5F8B236716EEF,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058985Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.348{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ko.TXT2022-01-20 07:59:12.949 23542300x800000000000000058984Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.347{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ko.txtMD5=55E8685AC21571F0B5F11A4D5FA088F9,SHA256=58A2DD10438C1199653C1BCD88C520DDB437FA8E01BCF311130ADA0A626151C7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058983Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.342{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\kk.TXT2022-01-20 07:59:12.949 23542300x800000000000000058982Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.342{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\kk.txtMD5=F4C46B450A580AD5ABF0B638DCDCC6FB,SHA256=F2E6E55C102485E232DAAD00F68D8905F7A54F8AE2128DB6AFE25231C17ACD69,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058981Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.339{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\kab.TXT2022-01-20 07:59:12.949 23542300x800000000000000058980Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.339{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\kab.txtMD5=C6AC7AAD8BCE83AC69F197DB9D4529F8,SHA256=B8A7A5182DFDACC9BACCB412E161C60864D3B5D30038935122C736AE4F4EBC22,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058979Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\kaa.TXT2022-01-20 07:59:12.933 23542300x800000000000000058978Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\kaa.txtMD5=DFBA5C2185E113EEF167A5E21C32DF76,SHA256=4D631602CE3D0C4D9162AF6BF56A90C8EEF75A24D556B729191B62F79ABA0681,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058977Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.332{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ka.TXT2022-01-20 07:59:12.933 23542300x800000000000000058976Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.332{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ka.txtMD5=EB2AF4DC4C28275AE1876523944D708E,SHA256=B78DEFEC49D07120B74C2172F3E07540314771B16729C6BBFC3A1902ECE2EDA0,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058975Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.329{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ja.TXT2022-01-20 07:59:12.933 23542300x800000000000000058974Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.329{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ja.txtMD5=470B0CA449E9F34BB34244A7EF39441B,SHA256=B0150C2B3D2AD9B37A7F47A24466AEA4A56CED728CAF12D02B407FD0080602AB,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058973Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.325{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\it.TXT2022-01-20 07:59:12.933 23542300x800000000000000058972Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.325{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\it.txtMD5=87EFE148B443C6B50EAB945E27F9B39A,SHA256=DD0A9A9CE33D25A9F6C461A6E43721E975B8B1E189C3D5B81F1DAD0FF12870BE,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058971Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.322{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\is.TXT2022-01-20 07:59:12.933 23542300x800000000000000058970Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.321{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\is.txtMD5=F361950B7D1BB073EF48CA729B7ED5EA,SHA256=F4F9D6DFD36512F027452499B083AD0656DF6503CE03E4E4CC45B925F1F1D678,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058969Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.318{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\io.TXT2022-01-20 07:59:12.933 23542300x800000000000000058968Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.318{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\io.txtMD5=DF8BD55B7A296DA48C8705E1D00BAD7E,SHA256=60EDA200D8D995626FDFB1D523F02A9AA538CE5E8EE5028B41293F615A9D451A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058967Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.315{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\id.TXT2022-01-20 07:59:12.933 23542300x800000000000000058966Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.314{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\id.txtMD5=73B9F189F0C37D7CF37DF8DB89FB52AF,SHA256=18C4531E9FC00ED242F1C0526DBCD0A3D1ADA9BCFEE651AE950328AC872A216F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058965Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.312{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\hy.TXT2022-01-20 07:59:12.933 23542300x800000000000000058964Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.311{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\hy.txtMD5=1362C3C286CFF992117D5466BBE284F6,SHA256=D8F60BF92541D20D01F6DDD56D49F25519303FD16E285E18080BE6815B74B8A8,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058963Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.308{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\hu.TXT2022-01-20 07:59:12.933 23542300x800000000000000058962Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.308{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\hu.txtMD5=EEBEA9C4E71A5D2820F5E8972822800F,SHA256=EF79E98FC911E0D0D16BD061A65F50F5E50CAA011699852E1608A2629B8BA37D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058961Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.305{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\hr.TXT2022-01-20 07:59:12.933 23542300x800000000000000058960Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.305{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\hr.txtMD5=A0A8A75560EFCF15801C96E6D71BECC3,SHA256=A72F01215EBA3BE3AF6659129DD20F7A42D74F1DA08658A9C8CE8E303C3E8F64,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058959Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.300{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\hi.TXT2022-01-20 07:59:12.933 23542300x800000000000000058958Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.299{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\hi.txtMD5=A0FC3C3D880A54918D86B40FFDA12F23,SHA256=8CCE5E5A846196DAC3649483290160177F47D88A7DCF0E85ACFD3131856A266A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058957Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.296{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\he.TXT2022-01-20 07:59:12.933 23542300x800000000000000058956Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.295{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\he.txtMD5=1B53819F8D58FD734B5FD985756B557C,SHA256=DCD061A0A7B29F55FA28D4396F60881836C2DF07CD936412C476A7F149540CC4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058955Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.291{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\gu.TXT2022-01-20 07:59:12.918 23542300x800000000000000058954Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.290{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\gu.txtMD5=410C8A33C66B4B2BC707E113D9C76914,SHA256=9025D8A58E0C76B186C943EF8A73A1BBA6C08945E346DE14D3C255CCFA3A10E6,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058953Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.288{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\gl.TXT2022-01-20 07:59:12.918 23542300x800000000000000058952Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.287{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\gl.txtMD5=492E51B4B5B287FE2B90A5F0BD433847,SHA256=54F676333CE58AF67B839B0F0470F99F405B5CE7FDB9C345A19D00B6423277E5,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058951Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.284{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ga.TXT2022-01-20 07:59:12.918 23542300x800000000000000058950Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.284{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ga.txtMD5=B4295E254B9DFC90E0093188257C007C,SHA256=406669ECBDF562E773B9CDF831CF5F63C3DD1A012C3521A41227C9141511D959,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058949Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.279{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=E099A9CE19DDAC7415911FB2B94051F3,SHA256=7B7C29671AD33F7657F16ABECCE1144E5EE06EA34FEE9E2004DB7AF1EDAEFFE0,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058948Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.278{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\fy.TXT2022-01-20 07:59:12.902 23542300x800000000000000058947Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.278{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\fy.txtMD5=0111890C0137974FCE2D79B6D22E5686,SHA256=9FE460264AF4ABD9FF23EAB79387EBB52B4498758645CD5721E75FD7B747E536,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058946Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.278{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=924D2D6A0B078A9C1A854124DD8C65C5,SHA256=018287FDDD3595C0C9C5E6BE621D733989CC5077C499F3658ACA2B9F4954D29F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058945Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.274{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\fur.TXT2022-01-20 07:59:12.902 23542300x800000000000000058944Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.274{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\fur.txtMD5=DFD698A0F6ED7BF405A8FDD6F33B2315,SHA256=FC944EAA7883341372EBD5EF0E2F236CA248B2996A902240A75218541B600E72,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058943Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.269{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\fr.TXT2022-01-20 07:59:12.902 23542300x800000000000000058942Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.269{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\fr.txtMD5=B1B6E1C3CF5247EC1618A88F9853D54D,SHA256=CC283E9B0C1822F757372C21F179710C4592A2F7755E706C48065BCFE70BBA5B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058941Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.265{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\fi.TXT2022-01-20 07:59:12.902 23542300x800000000000000058940Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.265{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\fi.txtMD5=7AC9D88F81AACEF8759E510E9601A4B9,SHA256=24D66C5733314F3F72B7CA0F5CEB5A3246726DDDEFCF2F033715188EDB062DB5,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058939Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.261{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\fa.TXT2022-01-20 07:59:12.902 23542300x800000000000000058938Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.260{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\fa.txtMD5=952328B44391B1D4196DFE1F832A16A2,SHA256=05851BA54B24D7FD45179419AEE91A2D40BCAB62E6AAB99C1A92189FB636BBB2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058937Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.256{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ext.TXT2022-01-20 07:59:12.902 23542300x800000000000000058936Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.256{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ext.txtMD5=F048977CDC74FF4D1F045FB3FD5D0118,SHA256=3CD8B8633FBC076EE07BF58DA6E01AB692DF461381A2BAD4EF5512C653DA46E4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058935Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.251{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\eu.TXT2022-01-20 07:59:12.902 23542300x800000000000000058934Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.250{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\eu.txtMD5=29EC04893F6B2C9058A8F1E0BEAF9081,SHA256=536D93CA6D7C96D203B51333C4E78DE2429F78D32CC321461589626759C84127,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058933Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.247{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\et.TXT2022-01-20 07:59:12.902 23542300x800000000000000058932Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.246{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\et.txtMD5=54D610C174514D0F60B382249885963C,SHA256=D3FC7E1DD6F0486C99997B75D9D8C5592DA6CFB9B89C3EC4F59E7BC5826B3456,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058931Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.244{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2AE2463D43E9B74716A19517CEE74BE0,SHA256=4B25236DDD5F4BB99908C5C454200030FA2DDA04BBB56AE9C935D0A6415AB037,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058930Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.243{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\es.TXT2022-01-20 07:59:12.902 23542300x800000000000000058929Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.243{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\es.txtMD5=5A449308A0176D6401181BEF4AF13765,SHA256=7DDDAE25296F14C1F45AC032D9C950C3A8D39A41489F9D2B06000EDCFA7A6660,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058928Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.237{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\eo.TXT2022-01-20 07:59:12.902 23542300x800000000000000058927Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.237{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\eo.txtMD5=53BC9385D0EA9E7E601BBE9B2CD5E3CF,SHA256=D598733B1DD7FA37FD156348BC2BAE5549DBD6C709125D1D40F43EFF6BEC2445,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058926Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.233{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\el.TXT2022-01-20 07:59:12.902 23542300x800000000000000058925Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.233{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\el.txtMD5=812DF218DAE08F9F883A7455015707B2,SHA256=CF90A21C69A13E0D674B6B74E2904F7D9D3BEE594D89862155D94105311F47A7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058924Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.230{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\de.TXT2022-01-20 07:59:12.902 23542300x800000000000000058923Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.229{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\de.txtMD5=40AE22F5BCBEAB6F622771562D584F2B,SHA256=06E5265A2B30807296480DC0B0D3A27E41F1381D61229E4EB239C4930D14A43E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058922Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.225{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\da.TXT2022-01-20 07:59:12.902 23542300x800000000000000058921Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.224{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\da.txtMD5=D8ABA2DA47C1031832957B75A6524737,SHA256=F65026AE33D4302A7EF06A856F6F062C9730100F5A87D5C00FB3FEAF5FCD5805,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058920Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.221{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\cy.TXT2022-01-20 07:59:12.902 23542300x800000000000000058919Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.221{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\cy.txtMD5=0F5662A68805D859F871EDC07E766A57,SHA256=931DE741A6C8F1348A946623776FE36C55DD2FC384C7B1478225F7467853199E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058918Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.215{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\cs.TXT2022-01-20 07:59:12.902 23542300x800000000000000058917Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.215{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\cs.txtMD5=641B90F9AEDFC68486D0D20B40F7ECA6,SHA256=87A4B9369FD51D76C9032C0E65C3C6221659E086798829072785BE589E55B839,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058916Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.212{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\co.TXT2022-01-20 07:59:12.902 23542300x800000000000000058915Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.211{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\co.txtMD5=C76B8C615C11469D5F6DFF0ABF39171E,SHA256=5470B36A4A715DECA06035333A01E0A2899FCE1CF6C29A6ECE4C35CFCC843CFD,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058914Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.208{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ca.TXT2022-01-20 07:59:12.902 23542300x800000000000000058913Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.208{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ca.txtMD5=1657720023A267B5B625DE17BF292299,SHA256=ED8748DA8FA99DB775FF621D3E801E2830E6C04DA42C0B701095580191A700A6,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058912Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.204{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\br.TXT2022-01-20 07:59:12.902 23542300x800000000000000058911Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.204{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\br.txtMD5=C2EB67D788756BE5ECAA0A8CFB3D1E0B,SHA256=0F6BF6749C42C844980DB32EE56CADC987CE245EF650BC7D626D56468A7CBE6A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058910Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.200{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\bn.TXT2022-01-20 07:59:12.902 23542300x800000000000000058909Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.200{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\bn.txtMD5=D0E788F64268D15B4391F052B1F4B18A,SHA256=216CC780E371DC318C8B15B84DE8A5EC0E28F712B3109A991C8A09CDDAA2A81A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058908Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.197{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\bg.TXT2022-01-20 07:59:12.886 23542300x800000000000000058907Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.196{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\bg.txtMD5=833AFB4F88FDB5F48245C9B65577DC19,SHA256=4DCABCC8AB8069DB79143E4C62B6B76D2CF42666A09389EACFC35074B61779E3,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058906Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.193{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\be.TXT2022-01-20 07:59:12.886 23542300x800000000000000058905Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.193{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\be.txtMD5=3C21135144AC7452E7DB66F0214F9D68,SHA256=D095879B8BBC67A1C9875C5E9896942BACF730BD76155C06105544408068C59E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058904Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.190{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ba.TXT2022-01-20 07:59:12.886 23542300x800000000000000058903Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.190{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ba.txtMD5=D83B65AC086DA0C94D6EB57BEE669C2B,SHA256=2901B54F7621C95429658CB4EDB28ABD0CB5B6E257C7D9A364FC468A8B86BAAE,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058902Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.186{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\az.TXT2022-01-20 07:59:12.886 23542300x800000000000000058901Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.186{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\az.txtMD5=81B732A8B4206FB747BFBFE524DDE192,SHA256=CAEC460E73BD0403C2BCDE7E773459BEA9112D1BFACBE413D4F21E51A5762BA6,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058900Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.183{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ast.TXT2022-01-20 07:59:12.886 23542300x800000000000000058899Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.183{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ast.txtMD5=1F86AE235BC747A279C9E9EC72675CE4,SHA256=8FCD1B8CE6FED05F406C4B81AEA821132800BC494D3FD6F42A4258A81F8998EC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058898Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.180{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ar.TXT2022-01-20 07:59:12.886 23542300x800000000000000058897Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.180{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ar.txtMD5=1C45E6A6ECB3B71A7316C466B6A77C1C,SHA256=972261B53289DE2BD8A65E787A6E7CD6DEFC2B5F7E344128F2FE0492ED30CCF1,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058896Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.177{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\an.TXT2022-01-20 07:59:12.886 23542300x800000000000000058895Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.176{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\an.txtMD5=BF8564B2DAD5D2506887F87AEE169A0A,SHA256=0E8DD119DFA6C6C1B3ACA993715092CDF1560947871092876D309DBC1940A14A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058894Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.173{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\af.TXT2022-01-20 07:59:12.886 23542300x800000000000000058893Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.172{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\af.txtMD5=FBBE51ACB879B525CC6B19D386697924,SHA256=3793FB69EE9FD958CF15A272B1ED54E4B3D75592836EBCD085DC0E7B1400D1CB,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058892Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.169{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\History.TXT2022-01-20 07:59:12.886 23542300x800000000000000058891Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.169{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\History.txtMD5=D68C7D03873EB191F46BCC0CB6A89664,SHA256=5355372CAD5A5142BC7A0991BD84DBB751BF65A4C272E9C7EDDF48CEE79DD24B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058890Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.163{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ConfigureRemotingForAnsible.PS12022-01-20 07:54:50.096 23542300x800000000000000058889Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.163{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ConfigureRemotingForAnsible.ps1MD5=CBB522658DEF53FF775CF80FB8AFD328,SHA256=4B51CC6165414B2BF7A2F32CE161EB1029CDFD916EAFAC8AD7FFEF9418C37C2B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058888Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.160{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\caldera_manx_agent.PS12022-01-20 08:06:29.495 23542300x800000000000000058887Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.160{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\caldera_manx_agent.ps1MD5=6AD07097CEA7A6CB6979C3AC69D8D72D,SHA256=1486E9F02BC766DFA0D120B156487E3C59B9AD85CA3157D833C62E4B83EC710C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058886Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.157{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\caldera_agent.PS12022-01-20 08:06:16.226 23542300x800000000000000058885Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.157{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\caldera_agent.ps1MD5=9294487DA7B23C6DC47040B8AE6D4CEC,SHA256=3008ACD5FBB98120EAB50E5E7D008E2F28A5E1A63395B858287C550C95841BCB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058884Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.121{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39830AE2E5ED10092562BA031897C9E4,SHA256=2DAABB6A47B808E6C24402A61D475B1053B6AD3A72046EDDCEA90C0E60ED4AD8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058883Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.104{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\$Recycle.Bin\S-1-5-21-3390778582-3319667597-4011983492-500\desktop.iniMD5=A526B9E7C716B3489D8CC062FBCE4005,SHA256=E1B9CE9B57957B1A0607A72A057D6B7A9B34EA60F3F8AA8F38A3AF979BD23066,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058882Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.091{6F5BEE90-18AA-61E9-1600-000000002102}13241960C:\Windows\System32\svchost.exe{6F5BEE90-3BA6-61E9-8509-000000002102}6432C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058881Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.091{6F5BEE90-18AA-61E9-1600-000000002102}13241364C:\Windows\System32\svchost.exe{6F5BEE90-3BA6-61E9-8509-000000002102}6432C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058880Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.087{6F5BEE90-3BA6-61E9-8509-000000002102}64326912C:\Windows\system32\conhost.exe{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058879Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.079{6F5BEE90-1B0F-61E9-E500-000000002102}41762952C:\Windows\system32\csrss.exe{6F5BEE90-3BA6-61E9-8509-000000002102}6432C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 23542300x800000000000000058878Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.073{6F5BEE90-3B87-61E9-7809-000000002102}4696ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-InteractiveMD5=D06F48411211A2CE42A58DC26126DC05,SHA256=DE4C5F1651647161E035AA83936EFB85E0C294E1ED7A135088360EDD9876C6DE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058877Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.050{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058876Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.050{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3BA5-61E9-8309-000000002102}6208C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058875Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.050{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058874Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.049{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3BA5-61E9-7E09-000000002102}1216C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058873Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.049{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058872Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.049{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3BA5-61E9-7C09-000000002102}4792C:\Windows\servicing\TrustedInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058871Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.049{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058870Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.049{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3B76-61E9-7209-000000002102}5796C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058869Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.049{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3AA2-61E9-5609-000000002102}92C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058868Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.048{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3AA2-61E9-5509-000000002102}3436C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058867Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.048{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058866Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.048{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-2D48-61E9-B407-000000002102}4080C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058865Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.048{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-2D48-61E9-B307-000000002102}5484C:\Temp\hiew32demo.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058864Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.047{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-2D0D-61E9-AB07-000000002102}5532C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058863Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.046{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-2D0D-61E9-AA07-000000002102}5544C:\Temp\hiew32demo.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058862Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.046{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-2AC2-61E9-3207-000000002102}1112C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058861Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.045{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-2AC2-61E9-3107-000000002102}4508C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058860Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.045{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-269A-61E9-B006-000000002102}5572C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058859Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.045{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1FE8-61E9-D805-000000002102}2820C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058858Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.045{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1D12-61E9-4D04-000000002102}6952C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058857Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.045{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1CBF-61E9-8B03-000000002102}6916C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058856Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.044{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1CBD-61E9-8503-000000002102}6656C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058855Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.044{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1CBC-61E9-8203-000000002102}4352C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058854Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.044{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1CBC-61E9-8103-000000002102}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058853Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.044{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1CBB-61E9-7A03-000000002102}3596C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058852Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.044{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1CB8-61E9-7203-000000002102}6636C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058851Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.043{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058850Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.043{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058849Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.043{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058848Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.041{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B14-61E9-F200-000000002102}5076C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058847Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.041{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B14-61E9-EF00-000000002102}4972C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058846Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.040{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B10-61E9-E900-000000002102}996C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058845Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.040{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1933-61E9-9400-000000002102}2916C:\Windows\System32\msdtc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058844Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.040{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B0F-61E9-E600-000000002102}4164C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058843Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.040{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18CD-61E9-7700-000000002102}484C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058842Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.040{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058841Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.039{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18BB-61E9-4800-000000002102}3776C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058840Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.039{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18BB-61E9-4700-000000002102}3764C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058839Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.039{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18BA-61E9-4000-000000002102}3560C:\Windows\System32\vds.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058838Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.039{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18B9-61E9-3500-000000002102}3304C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058837Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.039{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18B8-61E9-3100-000000002102}2692C:\Windows\system32\wbem\unsecapp.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058836Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.039{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18B8-61E9-3000-000000002102}2372C:\Windows\system32\dfssvc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058835Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.039{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058834Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.039{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\system32\DFSRs.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058833Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.038{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18B8-61E9-2D00-000000002102}2992C:\Windows\System32\ismserv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058832Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.038{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058831Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.038{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058830Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.038{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058829Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.037{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18B8-61E9-2900-000000002102}2920C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058828Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.037{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18B8-61E9-2700-000000002102}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058827Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.037{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18B7-61E9-2600-000000002102}2772C:\Windows\System32\spoolsv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058826Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.037{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18B3-61E9-2300-000000002102}2608C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058825Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.036{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18AF-61E9-2200-000000002102}2500C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058824Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.036{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18AF-61E9-2100-000000002102}2492C:\Users\Public\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 23542300x800000000000000058823Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.036{6F5BEE90-3BA5-61E9-7D09-000000002102}4800ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_u42uo2ui.03x.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058822Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.036{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18AB-61E9-1F00-000000002102}2140C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058821Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.035{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18AA-61E9-1700-000000002102}1428C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058820Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.035{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18AA-61E9-1600-000000002102}1324C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058819Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.035{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18AA-61E9-1500-000000002102}1264C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 23542300x800000000000000058818Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.035{6F5BEE90-3BA5-61E9-7D09-000000002102}4800ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_vu33ljna.45p.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058817Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.035{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058816Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.035{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18AA-61E9-1300-000000002102}336C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058815Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.035{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18AA-61E9-1200-000000002102}352C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058814Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.035{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18AA-61E9-1100-000000002102}480C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058813Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.035{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18AA-61E9-1000-000000002102}356C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058812Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.034{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18AA-61E9-0F00-000000002102}344C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058811Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.034{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18AA-61E9-0E00-000000002102}984C:\Windows\system32\LogonUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058810Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.034{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18A9-61E9-0D00-000000002102}888C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058809Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.034{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18A9-61E9-0C00-000000002102}828C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058808Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.034{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\system32\lsass.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 11241100x800000000000000058807Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.032{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_vu33ljna.45p.ps12022-01-20 10:38:30.032 10341000x800000000000000058806Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.031{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18A7-61E9-0900-000000002102}548C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058805Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.997{6F5BEE90-1B0F-61E9-E500-000000002102}41764072C:\Windows\system32\csrss.exe{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058804Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.997{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058803Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.997{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058802Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.996{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058801Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.996{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000031801Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:30.736{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D985F1EAD1C5B0D77426C78C3B5F7708,SHA256=C974D490FCB55D3179E1D6F5AD65D517BDC4037F3136A2EE29C135E51CB88DF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059238Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.983{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\hr-HR\mpuxagent.dll.muiMD5=D6F9AFCC916DBED55F85C92AD37789E0,SHA256=8FEB606A96406D9D577FED85746CABFC2BD732E4E69FA6E672FAAEE368C33901,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059237Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.983{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\en_ie.msgMD5=30E351D26DC3D514BC4BF4E4C1C34D6F,SHA256=E7868C80FD59D18BB15345D29F5292856F639559CFFD42EE649C16C7938BF58D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059236Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.980{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74BD56118F172647D50F93BEF2F9C8C6,SHA256=F6A17B1BBAFF703E9E2F3C6091C14B1A3DA7ED8B5494B539AC8AE20BD628AAC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059235Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.980{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\hr-HR\MpAsDesc.dll.muiMD5=2070095BD1B455178CF0308064EA9E03,SHA256=7D0A7E01D342D95CEE088D0406B54D38478DD2B717DF1E46BA8F9D33F0F36D65,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059234Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.980{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\en_hk.msgMD5=27B4185EB5B4CAAD8F38AE554231B49A,SHA256=C9BE2C9AD31D516B508D01E85BCCA375AAF807D6D8CD7C658085D5007069FFFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059233Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\en_gb.msgMD5=07C16C81F1B59444508D0F475C2DB175,SHA256=AE38AD5452314B0946C5CB9D3C89CDFC2AD214E146EB683B8D0CE3FE84070FE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059232Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.932{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\hi-IN\mpuxagent.dll.muiMD5=52D701C3D270A2783E89EF8711ED4383,SHA256=4EC411DDEE07C86BBA7F9342A2AA57233EE6903AD4EFB7DE0EC35FD701708CF4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059231Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.932{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\en_ca.msgMD5=F9A9EE00A4A2A899EDCCA6D82B3FA02A,SHA256=C9FE2223C4949AC0A193F321FC0FD7C344A9E49A54B00F8A4C30404798658631,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059230Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\he-IL\mpuxagent.dll.muiMD5=E4E9EFAB27C62A9D23047178AFC9A83C,SHA256=1D409D392501FF2F8C33719F614B19CDBCF37DD582E643FE94B73AA26FA67BF1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059229Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\en_bw.msgMD5=ECC735522806B18738512DC678D01A09,SHA256=340804F73B620686AB698B2202191D69227E736B1652271C99F2CFEF03D72296,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059228Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.909{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\en_be.msgMD5=A0BB5A5CC6C37C12CB24523198B82F1C,SHA256=596AC02204C845AA74451FC527645549F2A3318CB63051FCACB2BF948FD77351,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059227Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.907{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\he-IL\MpAsDesc.dll.muiMD5=27268B44DE213002D6C564F0649D5884,SHA256=D1CC6105357A902F8246087E6339293F45EA0F4B64818B33BFD789087B05A159,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059226Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.894{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\en_au.msgMD5=F8AE50E60590CC1FF7CCC43F55B5B8A8,SHA256=B85C9A373FF0F036151432652DD55C182B0704BD0625EA84BED1727EC0DE3DD8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059225Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.885{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\el.msgMD5=E152787B40C5E30699AD5E9B0C60DC07,SHA256=9B2F91BE34024FBCF645F6EF92460E5F944CA6A16268B79478AB904B2934D357,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059224Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.885{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\gu-IN\mpuxagent.dll.muiMD5=F86C2F189DDA9D4108B3FDB79D5810D0,SHA256=768F2C4ABC1D699534336D1EBDCBF91A1161C225997F77F500B45D536FE7606B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059223Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.877{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\de_be.msgMD5=A741CF1A27C77CFF2913076AC9EE9DDC,SHA256=7573581DEC27E90B0C7D34057D9F4EF89727317D55F2C4E0428A47740FB1EB7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059222Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.873{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\gl-ES\mpuxagent.dll.muiMD5=22E9CD2195300F874E22D56F229BE641,SHA256=D7A9C4A0DB73D912AAEDF82B356746E0962D8737ED57B99FBED757ADFC569D97,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059221Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.872{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\de_at.msgMD5=63B8EBBA990D1DE3D83D09375E19F6AC,SHA256=80513A9969A12A8FB01802D6FC3015712A4EFDDA64552911A1BB3EA7A098D02C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059220Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.852{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\gd-GB\mpuxagent.dll.muiMD5=41145004FF8DD45A36D5CD7858D087D1,SHA256=32C4F684C3CDD43275402E451868C92B492A2A1A0E7766271F32F85FBF8D4A07,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059219Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.844{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\de.msgMD5=68882CCA0886535A613ECFE528BB81FC,SHA256=CC3672969C1DD223EADD9A226E00CAC731D8245532408B75AB9A70E9EDD28673,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059218Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.843{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ga-IE\mpuxagent.dll.muiMD5=946C26A01CE0B43BCE855766D8A2FBDA,SHA256=0B65D0F9B5E6F8EAD3F0F5DF10D7D5C4054E7F8AE2CA063075337EA33F44424D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059217Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.840{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\da.msgMD5=F012F45523AA0F8CFEACC44187FF1243,SHA256=CA58FF5BAA9681D9162E094E833470077B7555BB09EEE8E8DD41881B108008A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059216Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.836{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\cs.msgMD5=4C5679B0880394397022A70932F02442,SHA256=49CF452EEF0B8970BC56A7B8E040BA088215508228A77032CBA0035522412F86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059215Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.835{6F5BEE90-3BA5-61E9-7D09-000000002102}4800ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059214Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.832{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\fr-FR\ProtectionManagement.dll.muiMD5=C341F1BAB98F727E1EA335C60C74D688,SHA256=C3410C3E57AC4B396F4D660D2B069998FDDAC50FA7F595C38F200C9B204182EF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059213Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.830{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ca.msgMD5=9378A5AD135137759D46A7CC4E4270E0,SHA256=14FF564FAB584571E954BE20D61C2FACB096FE2B3EF369CC5ECB7C25C2D92D5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059212Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.828{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\fr-FR\mpuxagent.dll.muiMD5=23C5A9CECD33866C21A7B070E3416BBA,SHA256=69E95CF187C3FD04A40F1C7F0458AC091FDD6A4C51F91AEAD972EF60B8BC9A1F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059211Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.822{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\bn_in.msgMD5=764E70363A437ECA938DEC17E615608B,SHA256=7D3A956663C529D07C8A9610414356DE717F3A2A2CE9B331B052367270ACEA94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059210Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.822{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\fr-FR\MpEvMsg.dll.muiMD5=355210542B63AEF819AF79C277934A80,SHA256=70B660D64AB8266452B7273D938F9AC15626A4E1BB2D81049A3A84FA1F608AD9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059209Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.819{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\bn.msgMD5=B387D4A2AB661112F2ABF57CEDAA24A5,SHA256=297D4D7CAE6E99DB3CA6EE793519512BFF65013CF261CF90DED4D28D3D4F826F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059208Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.818{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\fr-FR\MpAsDesc.dll.muiMD5=44B5E862B194D925A5ED71A1BEFC7F21,SHA256=09DDB691F5E89918D3F92F34599BEB55DEBF83057B51DAE49ECDE57E865C28A6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059207Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.816{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\bg.msgMD5=11FA3BA30A0EE6A7B2B9D67B439C240D,SHA256=E737D8DC724AA3B9EC07165C13E8628C6A8AC1E80345E10DC77E1FC62A6D86F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059206Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.812{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\be.msgMD5=1A3ABFBC61EF757B45FF841C197BB6C3,SHA256=D790E54217A4BF9A7E1DCB4F3399B5861728918E93CD3F00B63F1349BDB71C57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059205Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.811{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\fr-CA\mpuxagent.dll.muiMD5=CBF02EF073E0A7E07C4C59C4FBEF8C72,SHA256=D8E1C88B12FA699ED1444022726AADB2464334CA00D9895EFC45A56864594DC9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059204Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.809{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ar_sy.msgMD5=EC736BFD4355D842E5BE217A7183D950,SHA256=AEF17B94A0DB878E2F0FB49D982057C5B663289E3A8E0E2B195DCEC37E8555B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059203Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.807{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\fr-CA\MpAsDesc.dll.muiMD5=7449A7FA39DE266A5DA058FA94933C1E,SHA256=E5E4519B6F9EC15AFD5E1C1B8DF028741239B91DE7D0180856D0B51D57E37DE0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059202Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.801{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ar_lb.msgMD5=3789E03CF926D4F12AFD30FC7229B78D,SHA256=7C970EFEB55C53758143DF42CC452A3632F805487CA69DB57E37C1F478A7571B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059201Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.798{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\fil-PH\mpuxagent.dll.muiMD5=DB490CD5090EB998C109D4F6C9F6B914,SHA256=FC43DD264BE0FE99AC8E2D18B740EC0B73561582266D02D83EC1A47B175D4732,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059200Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.798{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ar_jo.msgMD5=4338BD4F064A6CDC5BFED2D90B55D4E8,SHA256=78116E7E706C7D1E3E7446094709819FB39A50C2A2302F92D6A498E06ED4A31B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059199Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.789{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\fi-FI\mpuxagent.dll.muiMD5=2951324A4D9633A4A8920464A73DA9CE,SHA256=97EF042D4E86CC9E9808A75D2E139163FBDE643AF128C4F7EF0E9623AAFFEBF3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059198Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.782{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\fi-FI\MpEvMsg.dll.muiMD5=7072A9CB63B9CB656A956520202F7CF9,SHA256=09BE50B13ECC453C1ECC58DD010E571203F21C54A07D0378E9F38E21C71F3596,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059197Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.781{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ar_in.msgMD5=EEB42BA91CC7EF4F89A8C1831ABE7B03,SHA256=29A70EAC43B1F3AA189D8AE4D92658E07783965BAE417FB66EE5F69CFCB564F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059196Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.778{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\fi-FI\MpAsDesc.dll.muiMD5=F2D957706D1265AA7B251713A3220A20,SHA256=77D9FD696576B30926E34F7695151F88211223C8554614F77EB0F9D7E7F440B8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059195Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.778{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ar.msgMD5=0A88A6BFF15A6DABAAE48A78D01CFAF1,SHA256=BF984EC7CF619E700FE7E00381FF58ABE9BD2F4B3DD622EB2EDACCC5E6681050,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059194Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.750{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\af_za.msgMD5=27C356DF1BED4B22DFA55835115BE082,SHA256=3C2F5F631ED3603EF0D5BCB31C51B2353C5C27839C806A036F3B7007AF7F3DE8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059193Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.749{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\fa-IR\mpuxagent.dll.muiMD5=2B63BA7C3221EF6A93F9C2619E2C8A84,SHA256=DE20279D35B8D326D76479B3FF7DBE7A61173FAF3D449058070542D9D58CB6A2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059192Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.748{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=3F23528A1C9705B9A060D35722BE51ED,SHA256=73EA4728C7D1C3094676C6BC97E4AF046D8C3DE237B0F6CE1F42F5447B342F69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059191Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.745{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\af.msgMD5=3A3B4D3B137E7270105DC7B359A2E5C2,SHA256=2981965BD23A93A09EB5B4A334ACB15D00645D645C596A5ECADB88BFA0B6A908,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059190Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.737{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\eu-ES\mpuxagent.dll.muiMD5=5B10AF1242CA7F648B490741F2DF8520,SHA256=AA5C7A32CE883F00D45F4AEAE72DFE705AE507181CC2CE689BF2426740EF2B83,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059189Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.730{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF18C54A2811CC4E946680CAE6BF63EB,SHA256=072EA1E1DDA46B1ADA897EDD4849ED14ECAB309F4C122429D6AC11D965F87FE6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059188Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.728{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\et-EE\mpuxagent.dll.muiMD5=FB98D0BE2991E0FE20A069D56CD23B42,SHA256=ACC123176D10917CDF790A10081628D31E7AACEC9C8ECDC97A44E3A6E3C25080,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059187Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.723{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\python3.9\site-packages\libxml2.pyMD5=6D64AFB0DFED5D3D2BB1CE44AA354415,SHA256=75EB729EAEC55D0605281CF95D0B9EA5F789682062F6212D451BB67E55D4B286,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059186Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.720{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\et-EE\MpAsDesc.dll.muiMD5=97EDA100F26EAF8E95056AE742554177,SHA256=A326D66D07ED074A9494E53193584BB675C29CA70198A14C9ADBA3CE8CBC3BBB,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059185Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.716{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\es-MX\mpuxagent.dll.muiMD5=D69771B02DB93D6F6E8A343978F499A7,SHA256=9FCBDA0A30314F5A45CB005475AC90FFDC60585EF7816CBE691544F1E2299BA1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059184Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.712{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\es-MX\MpAsDesc.dll.muiMD5=D1CBA62B76E5E851B8922EABFF2DEF6D,SHA256=1F9767C1C1EFE0C4D19D0F22C8FA6ADB60E4E88013CF8112D0BC60608EDDEE5C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059183Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.710{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\python3.9\site-packages\drv_libxml2.pyMD5=E7A27833223ACE01915682066108EC20,SHA256=A5E89415342706AC6F6060034DE1E3746D3E3599C205A01331432E7F5C604716,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059182Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.699{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\es-ES\ProtectionManagement.dll.muiMD5=1933FC68D4038B5431F7CB7AE468F393,SHA256=961DF898ABCAC1F2911002445BFC624327BC153874D5E3E7556E467B360A55E2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059181Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\etc\pki\ca-trust\extracted\pem\tls-ca-bundle.pemMD5=90305734BC747686902A268B5492C280,SHA256=533425A9055CC8D17A5C05B04454DDB5EC45F0C8E7F05D2F035866154C62B8A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059180Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.695{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\es-ES\mpuxagent.dll.muiMD5=2FDE66202B0916607183D62E68CFB1B5,SHA256=AF712FBC07C22C3950C81F0F207EC5CB078591E16857DE6373ACDE71B814305E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059179Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.690{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\es-ES\MpEvMsg.dll.muiMD5=1CEB1C751D2CF63A0856B30A74486565,SHA256=4421F31079246BD5A8B2C76B305BD88251DE81DAA0DBFDC393ACE55198B58F34,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059178Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.687{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\etc\pki\ca-trust\extracted\pem\objsign-ca-bundle.pemMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059177Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.679{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\es-ES\MpAsDesc.dll.muiMD5=B6A28B3D905B28545AC4EC448846C6F4,SHA256=89404202E75E8D03AF2458906D9622C7ECD43F4B30180B079B143B77EA6BA6A4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059176Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.677{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\etc\pki\ca-trust\extracted\pem\email-ca-bundle.pemMD5=5F1387A78748BE52694097E69547ED3D,SHA256=55A92E2F83086FD553A22BEEEDA1CEA75347EA8673C5CEEB4A67746285DB9558,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059175Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.673{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\en-US\ProtectionManagement.dll.muiMD5=57DD5DCD626332FA892BF1526D09C1D9,SHA256=385171BD15127FB8546EF4378CBEA2BF25F5063E6E731DFEB4EF868829FB25B9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059174Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.670{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\en-US\mpuxagent.dll.muiMD5=FEA5726C8962F98A3601E47EADB5A3E9,SHA256=FC18C509866893EB03BC82F49C0EF07C344640CF8D6FA3963247ABB7521A4A56,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059173Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.669{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\etc\pki\ca-trust\extracted\openssl\ca-bundle.trust.crtMD5=9929D5928DD5ABE2935460B871355976,SHA256=53E2BE799A5716D4BD7F17A4D9C7D217D79902AD151617BAC035E2B9BADBB0AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059172Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.667{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\en-US\MpEvMsg.dll.muiMD5=0D87F3932078B4049523B8CDD3EE5692,SHA256=46022C8F7CC601BF73D231C213612BFAED0E95A76BC510DA08B7323EC1CCB2EE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059171Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.639{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\en-US\MpAsDesc.dll.muiMD5=BC78A3B5260E268C292724EA573194F9,SHA256=2C4B8F48370B6ADEA49A21F2D89F2400E54C3EE937120152B50A94FFE5F5F7A9,IMPHASH=00000000000000000000000000000000truetrue 11241100x800000000000000059170Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.626{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\LICENSE.TXT2022-01-20 07:58:58.585 23542300x800000000000000059169Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.625{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\LICENSE.txtMD5=7C0D7EF03A7EB04CE795B0F60E68E7E1,SHA256=5B2198D1645F767585E8A88AC0499B04472164C0D2DA22E75ECF97EF443AB32E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059168Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.609{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\en-GB\mpuxagent.dll.muiMD5=DD65190763621E8E1B642A4305D5E801,SHA256=8CBEC55311F2B7234D1FBD9C46AB6CF33A165610960132FE73C19FF725579658,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059167Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.609{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\en-GB\MpAsDesc.dll.muiMD5=8DE66C308CA2A9340CC9E84F753FAA56,SHA256=AE6A41CA40A926287BCC94503AC9AD42568D6BB62B4CF2DF60F0599FA9E988FF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059166Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.609{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\etc\pki\ca-trust\extracted\pem\tls-ca-bundle.pemMD5=DAD3BF974463F0084D3BFE93B5D1819C,SHA256=E3E8744818327496A1990E273235CDA1A36E0FA13A57D96AA17C1C8C33C04023,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059165Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.609{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\el-GR\mpuxagent.dll.muiMD5=222D67D112493530069E47CD64364BAF,SHA256=B6E4B5BF805802069890DF5FD769D48F370620E607809E48E233C78EFE6F90F1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059164Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.609{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\el-GR\MpEvMsg.dll.muiMD5=9B6F194F0D0EB1ED21B000E07B0CBDCD,SHA256=E1A7E2391FFF39162293DD3AE201ADC393D8CC91E83A4B33C2C9A089EE69D203,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059163Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.594{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\el-GR\MpAsDesc.dll.muiMD5=53B61803FB8BDC469ED5D04FB8983233,SHA256=BE1609A94963D07A591C7D38947B28AE79A9D070385E70BD594A1DBD6DF7EB31,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059162Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.594{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\etc\pki\ca-trust\extracted\pem\objsign-ca-bundle.pemMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059161Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.578{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\etc\pki\ca-trust\extracted\pem\email-ca-bundle.pemMD5=1A9E87A0C9CE7347C12AEB1C4B2E31F3,SHA256=99067FBB3DE75D631A67CB0C0FAD11248E0FA080543386F1C02A2AED9F14F226,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059160Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.578{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Drivers\WdNisDrv.sysMD5=9C4361259D5F0D7A36A10BD28D000F90,SHA256=7445476DE9BAB0D9C975DBDF63BD928D7E3139DF3FC69463BF08897E3B087575,IMPHASH=B2232D76DB16949062B092AC66B306E5truetrue 23542300x800000000000000059159Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.578{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Drivers\WdFilter.sysMD5=B6C6FFC05B52D2F8A433DD12C3A11D30,SHA256=666259E830F5EAC0707B2D957944B7468FA645271C60B8EA54E5130B8336D1F6,IMPHASH=D148E8A715DE2CD7B90529132F014544truetrue 23542300x800000000000000059158Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.563{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\etc\pki\ca-trust\extracted\openssl\ca-bundle.trust.crtMD5=9C7D35DE9807C2BFE86C18AE1013B2F2,SHA256=9B72D3B397D25707950987F4C780EE04347F387A8936656E00CA05DA39C98803,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059157Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.531{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Drivers\WdDevFlt.sysMD5=26B890C2237E48DAF8B9B901EBE7A0C1,SHA256=B1D793E12DBF2CE5197960454F0A5AE6C93703FA5BF2D7622EC0FDFBAC183211,IMPHASH=61C274FC875F096B5217A7AC611C5557truetrue 11241100x800000000000000059156Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.531{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\etc\package-versions.TXT2022-01-20 07:58:39.460 23542300x800000000000000059155Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.531{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\etc\package-versions.txtMD5=D349E83A7A077DEEC917AEBCDEBAC6CA,SHA256=8431664A3F0B771C80D5BB11ACD2A80EDC01FAA6C484D6A90837C7DC2AE34344,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059154Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.531{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\etc\install-options.TXT2022-01-20 07:58:58.663 23542300x800000000000000059153Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.531{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Drivers\WdBoot.sysMD5=1BF7CF2DBA97C71FF1876F0DE67421C3,SHA256=B946398AB34EF5BF16DC3461D32261664760C0F86E8A281BCD90361A170E27FD,IMPHASH=4B7A0029980F4F757F052F90FE2D4610truetrue 23542300x800000000000000059152Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.531{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\etc\install-options.txtMD5=7C2A76AF7C79FE51F8156BD1C0189AB2,SHA256=88CA6FF41B5BCFB27CD2735BD5DF588DB9C5C9F82F65B10A032BDA001797E8FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059151Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.531{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\etc\docx2txt.configMD5=A9E573C74B430F619A2E282BAC850555,SHA256=47CB8C83799B40B01DD4EEB3F3293C438CA4A869FE98D5556FAB85F8545993B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059150Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.531{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\de-DE\ProtectionManagement.dll.muiMD5=381A9FC19B05718037AA3A552715C54F,SHA256=EA4DDE3088A05BA4A894FB81A8ABF0769DB0A8F79F9D1E5E96BEB916610710C4,IMPHASH=00000000000000000000000000000000truetrue 11241100x800000000000000059149Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.531{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\cmd\start-ssh-pageant.CMD2022-01-20 07:58:39.522 23542300x800000000000000059148Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.531{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\cmd\start-ssh-pageant.cmdMD5=FE57499D10C5FD319BCE323AAC321F71,SHA256=80B0B11EFE5A2F9B4CD92F28C260D0B3AAD8B809C34ED95237C59B73E08ADE0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059147Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.527{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\de-DE\mpuxagent.dll.muiMD5=16C6FFA34E0C59EE77F916EBF9148AFC,SHA256=6EE8E608A103E991460B51D87AEFCA126EC8744642559B536F70330A848CFB08,IMPHASH=00000000000000000000000000000000truetrue 11241100x800000000000000059146Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.509{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\cmd\start-ssh-agent.CMD2022-01-20 07:58:39.522 23542300x800000000000000059145Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.509{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\cmd\start-ssh-agent.cmdMD5=0237D6B0CAC0980ABD035E0AF2959E36,SHA256=F16B345ABA17ACD124AB5940635DFA2D87445DF73EEDBEB80E0285F29C85415A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059144Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.478{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\de-DE\MpEvMsg.dll.muiMD5=7AF483C2AFFDD95213DDDC495D001DC0,SHA256=155EC9FBBE052BCCF189B89EF0F802DA48547D107A26A9E342BF9A23B4F1ADFF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059143Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.478{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\desktop.iniMD5=6383522C180BADC4E1D5C30A5C4F4913,SHA256=4705BA6793DC93C1BBE2A9E790E9E22778D217531B1750471206FD5C52BBD2B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059142Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.447{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\de-DE\MpAsDesc.dll.muiMD5=FF00B121B166AB8E4857EABE4AAB9BCC,SHA256=9285FDDC5E40919E750A95C255588332876547495F6E245BAD983D612DAA4704,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059141Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.431{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\da-DK\mpuxagent.dll.muiMD5=C63C9C4C55D3B4172BADC2FB45014D5D,SHA256=88346BDE6D5FC1C0CADFA5755944F466F8960C9CC17A5339851A2BAD42376C70,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059140Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.422{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\da-DK\MpEvMsg.dll.muiMD5=849192FB21F761073C9ED4A3F5BD4688,SHA256=1EAC8A8C05B8AAFB4505A7828D7E7F98567BD0C71DEE4E08AF467F31D34A9828,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059139Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.414{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\da-DK\MpAsDesc.dll.muiMD5=BB1447340673FA9F6B96A9987290F278,SHA256=A166D52AA0AB379DE33CF5796A5B1861246A36BB8B17D8C87E0F0529338C0AC3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059138Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.407{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\cy-GB\mpuxagent.dll.muiMD5=CF1FB8FA2725C2DC530AE045F1ED8A6B,SHA256=EEB5D85389F768042AFEB2B1203BCC151069F53DAFED28DB404122013041241F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059137Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.403{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\cs-CZ\mpuxagent.dll.muiMD5=FFE6628B2AD343CDA7FDFEF38B84B48C,SHA256=B5E81F2E96B81367B16D77BDB21FF45C92B880DF501AD17FEE4F8B1E756C636D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059136Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.401{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\cs-CZ\MpEvMsg.dll.muiMD5=C40C173214A061E8BCDF28F6328CAD40,SHA256=17B281694628800A6B1541826B912F8FF0788D171A900F6DF4BA8A6AC01B3A46,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059135Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.397{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\cs-CZ\MpAsDesc.dll.muiMD5=71EA670E1886321DDDDF005D7B47A7FD,SHA256=BC031DC51AE7128AEE1ADCCDA0F7ACC9EB3BBE8DE121B206B0E9801E956F82B7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059134Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.392{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ca-ES-valencia\mpuxagent.dll.muiMD5=C9E9AE82C7782DC0E66BFE5EFEFF336C,SHA256=CA202FDD69FB81DBF24708D144E942FC10ACCFA4703BE979AAD55FD88B62E7F6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059133Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.389{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ca-ES\mpuxagent.dll.muiMD5=0EC7F6A6BDC86183AA58893F948989A2,SHA256=02FC3320529F9A51D88030CE7C03AC3A62517B8141768FE001B995DCFBB202F4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059132Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.385{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ca-ES\MpAsDesc.dll.muiMD5=D2A485200AE94654A45301149D87A8A1,SHA256=9164442B33BAA1DAAF4609189D8169CA9DFA67BB673683F66A49ED9145DA7585,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059131Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.385{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Common Files\microsoft shared\Stationery\Desktop.iniMD5=6BD5FB46283AA48E638BEF47510C47DA,SHA256=44FE5EEBD80E46F903D68C07BCF06D187A3698BF3953BC58BB578465E2E0FE6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059130Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.381{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\bs-Latn-BA\mpuxagent.dll.muiMD5=6C4B5C9E187A6B13C39FAA41C742EDD6,SHA256=9C776358CD7A47CCBA26F992472A0A739C6F0C152B89B5AEDDCACA8AC43684F0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059129Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.378{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\bn-IN\mpuxagent.dll.muiMD5=231D5D0EC76C7498E5A94E120943699F,SHA256=1807A40E971F9A586671F144CFB34404D2AFAA027EC9E670E323BA70577FC9E4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059128Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.375{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\bg-BG\mpuxagent.dll.muiMD5=6275E196D18A7E2E298B30AF3ED5C880,SHA256=06B162090901AC0604283E1CE2EC1928E0A7C651332C3E7BE593E438DB02AC88,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059127Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.372{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\bg-BG\MpAsDesc.dll.muiMD5=DDFB72494C7DAB2C2DCBBF58F1384BB8,SHA256=7E28FA6FC9DD05652F3DDCC4B9BC54469DD44995EC69EF149B9477B4C0CE53D6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059126Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.368{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\az-Latn-AZ\mpuxagent.dll.muiMD5=06A297C9B8293DA4AC3B56D304874F2A,SHA256=C5D1763D4F042FE777BB02E47E26F76EC9008AF689679BDA6480E1541A1158BF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059125Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.366{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\as-IN\mpuxagent.dll.muiMD5=D359F26A958650D3B5A28495DC39D409,SHA256=F2A33F57BED6013E9850AB150C83577862DE7FADA3CAA1C87C94100F486D92A7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059124Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.362{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ar-SA\mpuxagent.dll.muiMD5=53F858DC25ADF3684E7E025277A57023,SHA256=D57524C7B0D7FE779DC3803F041C341F818381E19703D32BAA988F1697D1175C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059123Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.354{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ar-SA\MpAsDesc.dll.muiMD5=628870D988EFBFC39C06E7BA62495FFE,SHA256=161D58719676884DB3BDFEA9A5770A55EC7BEBE839D97B6ECA3D20EC5A3D6B2D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059122Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.354{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\ansible\Sysmon.zipMD5=AAFD6A6773A693214BFD475E764A75B5,SHA256=113AC251472E6648DC99C31E5A9D5BABF448B40A9AA71881B2EA2BC169E122D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059121Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.348{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\am-ET\mpuxagent.dll.muiMD5=F5F731716CA6C6CEFF57DEE03EB33376,SHA256=A2E33041860906CEF0BCE5B2F3FD2AF88E3DB61E97FF9EB16D650CAD1F69F708,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059120Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.342{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\af-ZA\mpuxagent.dll.muiMD5=2A54A6EFE0D70D2F8120E4F9AE10F2AE,SHA256=F90B4913826DA577A68006FC7211E2390534BE9639934AFC5A375436373B1C71,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059119Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.337{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txtMD5=F49BC2F27AC3DEB9807126CD604B494E,SHA256=349E4C7475FB5E7F590E7B622543F0498E185EA4A8749183B3830A6BF643C46E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000059118Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.998{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local65421- 354300x800000000000000059117Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.540{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52444-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 11241100x800000000000000059116Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.321{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\ansible\sysmon\Eula.TXT2022-01-20 08:06:57.815 23542300x800000000000000059115Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.320{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\ansible\sysmon\Eula.txtMD5=8C24C4084CDC3B7E7F7A88444A012BFC,SHA256=8329BCBADC7F81539A4969CA13F0BE5B8EB7652B912324A1926FC9BFB6EC005A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059114Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.305{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\ansible\AttackRangeSysmon.xml.bakMD5=B5AB4D6F9CA17BD5762726F3AE978416,SHA256=6DAC889080B8F081C9FF3F2C009FE4F3D8C39F08021CE169F17A92B43FF812D7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059113Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.298{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\XenTools\PreparationText.RTF2022-01-03 22:28:18.000 23542300x800000000000000059112Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.297{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\XenTools\PreparationText.rtfMD5=74FEC71288E7374507FF15CB0697B6C5,SHA256=AC9001E712D16AE4091019A513061730A7AFF7F27A54EA1767593787851B18D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059111Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.282{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\XenTools\Installer.exe.configMD5=AC8CBE09AC87C29FB067B862F650DF27,SHA256=11716E0949DF3EB34FD11AAAA8D23BAA21525619350D2D5CCF4CE9A8CF11019D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059110Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.274{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\XenTools\AWSPVDriverMSI.logMD5=9ABB83DB265DD5BBBA1E47155F6422FD,SHA256=3E0DEA028F48D724883FB56AE9D7B4DC1A0A5479FA4C7887F20F42824560BC29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059109Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.197{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\SSM\Plugins\awsDomainJoin\log4net.configMD5=74F18BA17A760B562ECB8A7B7E66F5AF,SHA256=480ED6BDE17847CA5723E32DE155E9945F116DC22BE58DB4CCDF9647ED2B4A22,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000059108Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.197{6F5BEE90-18AA-61E9-1600-000000002102}13241960C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000059107Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.197{6F5BEE90-18AA-61E9-1600-000000002102}13241364C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000059106Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.174{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\SSM\Plugins\awsDomainJoin\AWS.DomainJoin.exe.configMD5=293CB6CFB6486BC6645F351C77147DC8,SHA256=D0BA25EBE600A60DC9AFD053CD1387FC11B6F73605F2CB2A7C194041042A2108,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000059105Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.140{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26327|C:\Windows\system32\lsasrv.dll+2746d|C:\Windows\system32\lsasrv.dll+261a5|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000059104Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.140{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\system32\lsasrv.dll+260ed|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000059103Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.061{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\SSM\Plugins\awsCloudWatch\AWS.CloudWatch.log4net.configMD5=B916A89066F3188F67D8E6AED9CEE208,SHA256=B1844067F6ACD33FF3C0067BFD5A704CB7725CD761842573682B5CB66B55F2A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059102Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.056{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\SSM\Plugins\awsCloudWatch\AWS.CloudWatch.exe.configMD5=DF3E5E010E337A31AFF56D2E78934B15,SHA256=C3640DF5F16A146EC64F5E56466D539B2B92A37A2A9E3B3D54A753A3A5C843FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059101Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.003{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C2537A7F1D9631E239922B001C525A88,SHA256=832AA6E843F1D390F53C0D008DE83A6706BA0A9BE4189E2A6497E440BDD6BD88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031802Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:31.752{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F169558409BE24551C7AC68073B848F,SHA256=343BD0A9A3C833A5399FEF3879E6C8179AE52B1FFD89E31C379791BFE4D1E102,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059656Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.913{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-mailsplit.htmlMD5=628CB5C0A9B5F4257ED2F7E7B8A197F3,SHA256=F5F8C7D5EC8258EDBBCA12E8F070216F372F54F39DB50C9351219F2CA9B676DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059655Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.898{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-mailinfo.htmlMD5=3753ECDB579E91420328A52ECB642191,SHA256=0A6E8188BBBDAF9BCBD3C607EEF0C3254AD0931467B79C279F4AD3EA5CDF6DC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059654Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.898{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-ls-tree.htmlMD5=CCBD1CBC1F523B52E4A57AB369C417DD,SHA256=16362EB8AE4B615264D42C8E60280F71DC75145778E67396D082C7E461E57C8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059653Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.898{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-ls-remote.htmlMD5=7B4DC8BF11862AF5E5898A50251C9B0E,SHA256=D3B8DBDB682570B7B3AB91892D509AB6BFA74210671598DC93844C4205195168,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059652Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.898{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-ls-files.htmlMD5=E1E7007DF12164CB162969463044ED47,SHA256=FC97E9C02A0269C9FC26FB291B019B6EF64F0930C9CAFDC580433F801B104091,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059651Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.882{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-log.htmlMD5=9C42D6360158063EB202508DE9579472,SHA256=1127E76B7EACBAB5FB028D3D9C669D6A30CDA8F8CB07BC5E417624E92C85492B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059650Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.882{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-interpret-trailers.htmlMD5=381A128D1B85CAAABA558063F96F4930,SHA256=865B9DB5DE69544D4D035DA05BA6E51F066D1BD8DF6FE57ECAE5AB66BEF9AE50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059649Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.882{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-instaweb.htmlMD5=7217983DE3E85ADEC2A44AE53E247D98,SHA256=F7977521B6E2D142C84D64DE80C887B3411E7CC040D1AC1F548DF52251AAE6FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059648Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.881{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-init.htmlMD5=604EAD220E761DA92D96A4DFE399A7CF,SHA256=962729E44A591D3D2DC01625B90B82778F1B9FE224979DF3464941EBCB631605,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059647Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.877{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-init-db.htmlMD5=925AEB8C77D58CBAF097F82615297417,SHA256=C33C0ADAC38DEF551F26A72B96AE201BF4E82048346274429DD4A3F66BA6508A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059646Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.877{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpRtp.dllMD5=EABFAF1CE6CB8843DA42FBA01E8BF069,SHA256=CA99B8EAA6ED8C706590551BE37107D027BBD53CC9E52805446ADF59B3AEDC1E,IMPHASH=37FBA5E19A556368C80635383A68D429truetrue 23542300x800000000000000059645Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.860{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-index-pack.htmlMD5=6717D1FCA14E86636A280E1E0E614C45,SHA256=D26D208A6B76C37C25605FCCC20FC3C5C8EF95EFEC11B2C1FC7565E70A4ABBCD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059644Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.860{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-imap-send.htmlMD5=361655708A454667610548F88C34C764,SHA256=8211CE8E4C20E3BC6F8C4327F81FD96B9D30FEACD9FB6EB103D1756B37D04713,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059643Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.860{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-http-push.htmlMD5=08F8F23E2C7AD1AB8059A63DB63ABA79,SHA256=69D186CA773B8129DDEA69E8E1784D2CFAF012484949656855D6A5789674F221,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059642Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.860{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-http-fetch.htmlMD5=0B31F1659C95606B509B8BE12D9C79C5,SHA256=6B8BD5B45C3B21CA979BCE03AD5FEB6E410602AEC20D0E283A85548BB4CEF8E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059641Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.845{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-http-backend.htmlMD5=2AFD38C32664F70B02B287C46B90DD30,SHA256=80A056C457EB618A3E4A1AB885CEBBE6767DCBC88F399C6F58638D9609103477,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059640Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.845{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-help.htmlMD5=47821892E0E61141ACA1E88C3FC08A85,SHA256=FEEAE0D7D2B9128A94DAC09D0191B39B93EE02BC3AB2CBBFE2EDAAD45AD195FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059639Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.845{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-hash-object.htmlMD5=342A79656D3F00A913C75665C48CE128,SHA256=2E4B5C2D3B2EA5DB1E25A35C8A8C5027BF2D2291400EDE76A72AFC5757D56BC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059638Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.845{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-gui.htmlMD5=AAA2492F65D16DA71F3621F4D4C0A0CD,SHA256=5A76AF60792D5EED994F5F8C4951E7CD1047004FCC6A80E85479F4816A78140C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059637Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.829{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-grep.htmlMD5=C9F67B09FA5EE0D4415266ED4D568C13,SHA256=F44043F0DB4FCE407EA08D42D9861E43EDEBC19273F041100CA087E2A24FF3CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059636Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.829{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-get-tar-commit-id.htmlMD5=73E65D539C2B988E5BFB666F4B49B6D4,SHA256=AC50D36D124305150006A7760B9B134B0BDBCDE8FD0F769F2BE9D6F5E985C1B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059635Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.829{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-gc.htmlMD5=C396B1C70C7608CAC39BCA557C87CAF8,SHA256=5BD4381E2C2DD7FE81FFA6894DA06335198F3D17BBAA402325D5DA1A17AB9107,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059634Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.829{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpOAV.dllMD5=507A1C4DC135D31E60E46C911F518352,SHA256=07AA7775DEC86AFEF867C3B902BCF47CCB36E224433171EB6C4C0E3D80F753AB,IMPHASH=03EE692DE6217827EFB332DB1F358A4Ctruetrue 23542300x800000000000000059633Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.829{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-fsmonitor--daemon.htmlMD5=8E05702F77816CBE195348E7E49CB391,SHA256=3E5A00A96134099194E87161E01F629B6D874CAF33478FE31A0BD181D9FD696C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059632Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.813{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-fsck.htmlMD5=C63F7683C87C79AE093E72EA6FFA2878,SHA256=E939BFE0E14CF1F718CFD8E81B3C932FE36E9A6BB5E3B82351DBDE85CABBAA2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059631Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.813{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-fsck-objects.htmlMD5=C5964F18B2ABADAE2989F2ED441C43B2,SHA256=9A59D19316140D73168B04A06075FF8F1557DAD45476FA84D10138217C647898,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059630Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.813{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-format-patch.htmlMD5=61D1915293736235D58FF96F3127E51C,SHA256=E9C2ACB3B6F45273E4B2DEFC34CA6B9B47CF97F49F9BC8D1207987304C9E99A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059629Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.798{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-for-each-repo.htmlMD5=CDFE4FE9E372ADB4F6010387ACF911D3,SHA256=4E3FD0CBA7F86F24BC719C4704D7CA2D22B3654B8DD085AB5863E94F5D7FC966,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059628Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.798{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-for-each-ref.htmlMD5=1B28D0A97D818C6C777538187AA0EB86,SHA256=D20451DEEEBB225FC8AF7DDCCBCDD5F6CFF9E492F9E6432FF0AB962A5F2BDF0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059627Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.798{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-fmt-merge-msg.htmlMD5=A7EA0A8B02B4949DAB6E877F09B190E4,SHA256=76D33F3E9BCF928DE5A475E59648534C933BF5EE1B40DEB098BB1BA02F512569,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059626Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.798{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-filter-branch.htmlMD5=4BB49ECBF190BED5863B82ED01308858,SHA256=88A19957BB65FFEEEAA77A961AA6E7535C21CFE14315FD86F1ECC45392594D48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059625Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.782{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-fetch.htmlMD5=59E01DF56A053C0116608974C434628E,SHA256=153D909E2B2424D0AD69F5154B0DB0CEC0642F48B0C19A0D726A5243EED7005A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059624Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.782{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpEvMsg.dllMD5=E6BA4B06A514B05F1A6F67E02776CB12,SHA256=3E69F409180506A6636CA8F0620AB0CC9B57F1393AC5986CC8BBE50BEF12C9C2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059623Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.782{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-fetch-pack.htmlMD5=F783F0184A57D7A2DCF05F08D42B8A55,SHA256=350993B1E75480D412DCB0FC42E980975EA046732A39862D4764A1B4BDE94080,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059622Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.782{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpDlpCmd.exeMD5=9DA1C405AF787EFBAF735B76388F867F,SHA256=7E7180B5534BE4BF2E531DCCE4BD8C0CB55EEC93759625283A162C0F6149464F,IMPHASH=ADA70A1CDA9F7CFE0EE9ADC707952597truetrue 23542300x800000000000000059621Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.782{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-fast-import.htmlMD5=E9AF57D55FE59F59A6CD485EABF90EAE,SHA256=CFDDE4B358FFB3FF0EFD5974922CDB6CB11F7C44B924E4DF420F8F83A31BFAB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059620Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.781{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-fast-export.htmlMD5=A29089EABB54F7C5E70350BD3271580C,SHA256=3D5ACBC14CE16B058D28B25D29804439FFD0DCAA86BD00FC97C3FA8AD3E3F4DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059619Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.780{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpDetoursCopyAccelerator.dllMD5=50E2C916D6B2E5CDCED1BF18BEF5B9E6,SHA256=C880E519887E5AFD35612BDAF4F987D79ED294050A4D291B54B18F7F3C80A89D,IMPHASH=F50111F80E604507B2C7408826513BE5truetrue 23542300x800000000000000059618Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.777{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-difftool.htmlMD5=9008ACEB23AFB3609B56265DD5DB037D,SHA256=9CCF43F59F82D04504D4223A835DF892D13536106EF8D9F1627A65E3BB4D5294,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059617Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.760{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpDetours.dllMD5=6694C427D876FEEC65126E7734886E88,SHA256=A76E653BA8D251379133B748B685C08672A69D1CF95493549E563CFAD8A8D7A5,IMPHASH=347E3515FA426FC23AFC3969AC2AA015truetrue 23542300x800000000000000059616Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.760{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-diff.htmlMD5=A56BBA7763998E7AC34D710ADA725C99,SHA256=B06B1843D38DCFE9E29116D1187FF3EDB5B1C02257C2886B984576A271C4FC81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059615Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.760{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpCopyAccelerator.exeMD5=B613F7C352DB0471338A01FA7CF94521,SHA256=71ABD7C64E51AF9A750A31BAC218F9E6781C913869D97AA4024C2456E101CB20,IMPHASH=775658B4F88AC7DE8C3C8D449492BD1Ctruetrue 23542300x800000000000000059614Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.760{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-diff-tree.htmlMD5=8C920E3D2B5C59FA19E215F491D7CA0E,SHA256=131117718369C739F579F24E17D6A03FEF61DC30DDC136FCCB46CA563F59891A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059613Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.760{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpCommu.dllMD5=98DE76E6BD6919C81785F34F3E4E4025,SHA256=A5D1C85E15E4454D0CF4E613107F688B540A046659F1DDECA859B395335BD50D,IMPHASH=35E8A857FF827D9A41B3350558B1A472truetrue 23542300x800000000000000059612Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.760{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-diff-index.htmlMD5=3057F59B209E69CB314A9C234866DCBE,SHA256=AF862CA3954346B883C1D38ED4E4F8EC490B823E9502EDCC593CF9308E2D4127,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059611Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.745{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-diff-files.htmlMD5=37CAE84F19122F559E030CB50C5E030A,SHA256=8AF546B373B2AC5FB8953A436133835B45CF63C2929E5E95BD4370EFC2F9ED09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059610Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.745{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-describe.htmlMD5=AA8338891ACFE8F5D39031E7F798FD2F,SHA256=AFF8AAA22B0117DEC0E2308FAE584A246A59B95C7339770159B677C3284E8627,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059609Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.745{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-daemon.htmlMD5=2AA3E15EC2CCD12A9DF25315F2973956,SHA256=873BAAB159A529F76FF9EFC5888504C2BB2C4F4ECCF48B2A0BEDD9605E804420,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059608Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.729{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-credential.htmlMD5=85E056326CFE3B6268BF90C45E41E165,SHA256=9C2E951405F1A95CEF59764138BAB4B50C14FAAEE9949CDFA41B419F900B15E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059607Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.729{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-credential-store.htmlMD5=08653E0A7BCF5C0ABAA746B6209E36A7,SHA256=FBB0B89698A91BC5D87BD7F361D12840EC9E1E27E917A68A858D90BAAD4EFDC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059606Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.729{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-credential-cache.htmlMD5=CAFF8776D4B300A74CCC15F5E2F11FFA,SHA256=F3173C219B24045940DE45B5F63B0A872D76A569F9C151A2221FC52ADDFE588C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059605Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.729{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-credential-cache--daemon.htmlMD5=23CDC7B903D9DBF655192A5D3648CFFF,SHA256=8B2C268C45508B57E1D800B7B3284BBC7C326339F393E11E36EFF1897FDABA00,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059604Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.714{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-count-objects.htmlMD5=23345F591F699540E003082C71C88656,SHA256=44CE1E779253E7285F0DD014658482E653D9FB588E5A9D23B7322F05D19830DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059603Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.714{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-config.htmlMD5=99A62045D703C974FE8AC8FDC6F73B4B,SHA256=B30F7899C10D2F9BA399C5C1A60280F11E33F0F0D4FCC83EA916233C2950FCB7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000059602Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.714{6F5BEE90-18A7-61E9-0B00-000000002102}608780C:\Windows\system32\lsass.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000059601Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.714{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpCmdRun.exeMD5=D50CBCB0B8B3282CD169E0032361D418,SHA256=F7B6EB6E4D8E04C7243AB0AB73CEC6E20E980F07E03267ED4B0CA69CF9CDAB3D,IMPHASH=64204466147057F73085F9FF5ED1840Atruetrue 23542300x800000000000000059600Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.714{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-commit.htmlMD5=436919800790748887286C187C42B6F4,SHA256=3634DF6DDE261DCF6619C68106F019128D6FF8288071D0ED6422CF061EFA885C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000059599Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.714{6F5BEE90-18A7-61E9-0B00-000000002102}608780C:\Windows\system32\lsass.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000059598Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-commit-tree.htmlMD5=212AE34E1A4CEEF446D602BAEBCF532F,SHA256=9F2D9FDFFACB1740AA5D9DF331DE95E8A9264617F025A3821CB64D92B612338E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059597Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-commit-graph.htmlMD5=B4FFDC3DA7C80160A4315312EF3EF852,SHA256=7302C47E907D2E5AE5E558B0CA21D921E4ACDCB386FDEE7E43F219DDCFFBB418,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059596Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-column.htmlMD5=F18F35CC76CC22A7C2B0A68A84A2A693,SHA256=4DB3FF99C647669E7AA4B673AB29F411886311F2F5D4C05799D34143F3553BDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059595Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.698{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpClient.dllMD5=FD7D2158F21085FF8E8C46829839708E,SHA256=DE50D8BB61B7F0BB423E4A50A6775192C4809F63C18BE9426C4AC2E127BB9DA9,IMPHASH=0D1EE75448E1ED838607628FA1A8D94Etruetrue 23542300x800000000000000059594Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.682{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-clone.htmlMD5=CFD45A8C5007F79ACAB9ACC8632C5980,SHA256=BBEA8E1AC96D29FF917784FFC1B1A08EAEC13A5FDE1A8103D920E2CB4136AAF3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059593Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.682{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-clean.htmlMD5=D14EE33C14FB31051C5C538B7274F5EA,SHA256=B3338BFB2450BA92E6140A758DB28383A03B5E5809E87CE2893748D4ADFD8CC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059592Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.682{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-citool.htmlMD5=44361C38AA66A61DE2C2D2B4ECD3193A,SHA256=B32329AD3552A47D5FB161F9E8F46A7B87D452DD10BFE9B9BBBDA352476492F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059591Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.682{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-cherry.htmlMD5=F6C98027D7A87E9B360A21EBF59C6A68,SHA256=52E2D94AEC180DD54504228DD9345D3BE0E5B74A7C5FB81287B7DDE490CEAB5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059590Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.681{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-cherry-pick.htmlMD5=B1F835AD43FD8D434AAD7B6759DA0CC8,SHA256=7AECA74DD3A6EEC1F281C9940377E03AEFB268877C2A8153792AAFB9CB6E6BBC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059589Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.676{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-checkout.htmlMD5=A511CC65F62F99F39DDBD5D875619A0E,SHA256=F1DFD87944CE5CB8FCEE2229B05A24D0D6CB1410F0C1A2A8FDB2CB3A4B168CC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059588Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.661{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-checkout-index.htmlMD5=B707B91852C1D94B3CAF433DDB35FF87,SHA256=C20B4ED2B3CEDFF5679B8DA068326AAEFE6F840D9200BC2433043243664EF5C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059587Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.661{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-check-ref-format.htmlMD5=E002924EA0C652ACB353F2F79BDC93FF,SHA256=AB838923D4AB69AD0578F468FB888D697D6C9953A62F9A6751E03A85BC821D83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059586Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.661{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-check-mailmap.htmlMD5=63B29A4AD1607B67B6F6B77B9013F24A,SHA256=93239A1AAD1F8714F1EC790F0722FE6CFD413A43936A37E6D97D00504DA2F228,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059585Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-check-ignore.htmlMD5=EAF8DDB363C60AE5C43467C6FC0EE8AE,SHA256=8B4BDEC84B9C56DAA3764C3109C259E14A0A250573ED40B9EE55DECF075B6A89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059584Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-check-attr.htmlMD5=310F82356576BDEDC3B78B91F2C91671,SHA256=1D4F2FD451563FF0FA77E66E607A297B46E668B9B443AF5314157D6ADD622E35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059583Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-cat-file.htmlMD5=7B6D14CDA05C7A4556987A3C46C00878,SHA256=D88DB2FFF1FA98F1AD1C97B51394F7037866FC60F9701B008B9A9DE34DD23B4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059582Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-bundle.htmlMD5=980700FD861C46D53FC7665C602D0109,SHA256=3B89FB5898D5E847FB13DAC51987F5CCDBC41C705A2D5832E6F7A75C240A43E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059581Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-bugreport.htmlMD5=50EA24CDD98440F49DD2BABCDC32561B,SHA256=9E57512D573A365C9502E44A4C7A57AD194D6147D430EE44D2433D2C45D8FEF3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059580Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-branch.htmlMD5=974FE3DC74C89D7F92C61C5A5166780F,SHA256=E4BFA804B74342E2E17C0AB5FDD82080AD9A4616D877737F6553C8C0E749EF16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059579Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-blame.htmlMD5=D4C64598A2A6E38225BCE51EBD7A17BF,SHA256=E5AD2A2AF398E5A20847010669745A27AFF84E14647156727BDFF6688E048519,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059578Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-bisect.htmlMD5=3BB397EE4A90522166C3B250A5A73FAA,SHA256=036CEA76B91FEE41FF59704709A8EE2CDE8D4DCD6C31328CB76A71B73D9BD436,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059577Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.629{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F46861F9B9B07C53492874CA4F279FD9,SHA256=B6995ACB898DD232E6BEF769AF07D1608023FBD028D2E74AD19189069728ED5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059576Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.629{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpAzSubmit.dllMD5=C10F256B7606EE5B1BED880020F68912,SHA256=C649EC99F87F684D22157755E5F8E0AF7C1EFD54853493965A673A3F0FFB4AC6,IMPHASH=300ED5E63E8A71D34B395F9FB0DBF683truetrue 23542300x800000000000000059575Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-bisect-lk2009.htmlMD5=75966CE69B48919CACABCFD330BB105D,SHA256=88F4D9E15B4DC8D2393707972E864026CD1C93E5FFD714FE9703534BE3278246,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059574Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-bash.htmlMD5=12D584D2E4DB63CD57761EC933E18761,SHA256=233985883EEA9570642F95F8D5D05DC831D0B86BDB6351E2B05DB2FEFE9E5718,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059573Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-archive.htmlMD5=99417AAD06E515F49390EF7D80B08734,SHA256=17B7089A0B5997363C44B6D3A92ECBF962448D92839573C593959B96E22F6123,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059572Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-apply.htmlMD5=51A2EE060C89F62D3FDED5EE219A7FA7,SHA256=EDF3714B117FD2DC38BED4D6D06A44AA23D1BB2456A24B3A274121C20A8C1D77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059571Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-annotate.htmlMD5=F103E7EE56B11C0CEC5A4C4B85C7B72E,SHA256=4D997EF2F8F252CA044621F3DEF3F4F8B465D68B1122AFCB80CADBFDBCCABAE6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059570Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-am.htmlMD5=75CA00FA14A446EA5D3019F693347E86,SHA256=2B62603603AAAFFFE07095B9767C36FC299EE27FDDEA795333E6E50ADBEB8E06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059569Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-add.htmlMD5=1067A9BC745C31ECEBEFC0D05B583C44,SHA256=6E3C99CDD45ADBBE82CC48649632BB33FE418790638F36CBC5069CE81FBDA6A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059568Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\everyday.htmlMD5=37DBD1E181C056133BA18651CD7C9472,SHA256=92A90448173B5451DAF4D9100C38A872A51FD20E24B5071888CD0E7E00DB458E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059567Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.582{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\connect\manual.TXT2022-01-20 07:58:45.116 23542300x800000000000000059566Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.582{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\connect\manual.txtMD5=1351B390AE62D5623B2373AD1FF4CC2D,SHA256=1C3C79672658E589232D081DD10FEB5620768A9F6A68E930D453093D36A79CDC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059565Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.582{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\connect\manual.htmlMD5=5ECE43F1CB07EE9C0F4D216F2CC81E5E,SHA256=79C24EC5DA507000CE16D2904867C91107B2A1C7159079DC1BCFB592094197C1,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059564Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.582{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\UTF-8.TXT2022-01-20 07:58:45.116 23542300x800000000000000059563Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.582{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\UTF-8.txtMD5=C31BDDB42E69DE8E6EB52F00D43BD108,SHA256=2401EE812FF859A85F3B737BE7DAF32F19C11946ECAA5F5E66468ABAE4FE2D43,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059562Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.582{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\roman.TXT2022-01-20 07:58:45.116 23542300x800000000000000059561Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.582{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\roman.txtMD5=E7F3FC02807179D7D3961C56FDB9E1B3,SHA256=28A1AFA59F16F188EBD459995FB11C8679B07D30FD208B9C4009FBF9BB103274,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059560Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.582{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\MacRoman.TXT2022-01-20 07:58:45.116 23542300x800000000000000059559Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.582{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\MacRoman.txtMD5=A08A3363AA070353BB61E0932CAF0F40,SHA256=7FABDB769C535B7F195DDF7C422A156DB203EF97F11600278AFB9FE297BECCB3,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059558Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.581{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\MacCyrillic.TXT2022-01-20 07:58:45.100 23542300x800000000000000059557Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\MacCyrillic.txtMD5=87E3BB393D087BDC8057E33BE6F366DD,SHA256=A915D23B499D8D94D6E1AD2DBDCCA06E1A5C4F36FFA37E7152B4591F1CB074F8,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059556Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.578{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\koi8-u.TXT2022-01-20 07:58:45.100 23542300x800000000000000059555Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.577{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\koi8-u.txtMD5=B89334D5F29B1630C195355120FF8836,SHA256=28C0691EA7D03241FD6D96F2BAB3973CDADA800C4A20AF458543800279885728,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059554Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\koi8-r.TXT2022-01-20 07:58:45.100 23542300x800000000000000059553Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\koi8-r.txtMD5=A66FB8E72381BF5AF69D69F1EE6E0FF0,SHA256=D635512126976AEC2C4FAB3AEEB346BB653E9211C44D2A018DD27FBE86C654EC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059552Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp866.TXT2022-01-20 07:58:45.100 23542300x800000000000000059551Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp866.txtMD5=B6D058F54D857344D4701A94BC88FCB4,SHA256=64BAADCBCCC437E8E87E12C53478DB8B459174C66FD269BF16CFDEB69CBB70FA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059550Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp864.TXT2022-01-20 07:58:45.100 23542300x800000000000000059549Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp864.txtMD5=42AD2BD496EA0C3F64E259917C3B8B83,SHA256=BFAC522704129492B0669E9C5B07727BB56E076CC18F455566A117BFB8BE924A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059548Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp862.TXT2022-01-20 07:58:45.100 23542300x800000000000000059547Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp862.txtMD5=3B05F95118D90D1EE79C560AF417551D,SHA256=273EBE82ED409AE00C26BD8C6FD77ADF4859B041FCB0A627C42F4A437C5E42DC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059546Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp852.TXT2022-01-20 07:58:45.069 23542300x800000000000000059545Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp852.txtMD5=7AC39EAC594D187AFFA3D8ED5AB07A1A,SHA256=1937D70560031A7D21755E1F947D7719F719296DC12023CBA38CFBCDCE44273D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059544Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp850.TXT2022-01-20 07:58:45.069 23542300x800000000000000059543Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp850.txtMD5=9DD494E7D591740C12DE4A8FA1651FEE,SHA256=359D83A9335BCD298A14F1D30368803B2D327983FCFF29DA14A27AED0A9ECCB9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059542Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp437.TXT2022-01-20 07:58:45.069 23542300x800000000000000059541Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp437.txtMD5=8C9ACC2E686B6CDE6FD8D8CD87EB5B76,SHA256=6E4E148EECD8C352CAA0A07E5BC5BDD84966D5253235FAB62E99BA36730092A3,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059540Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp1252.TXT2022-01-20 07:58:45.069 23542300x800000000000000059539Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp1252.txtMD5=93FB108016F8A1E87E4129B21FE9984B,SHA256=FCA3AB5882F0A562794F05D7F15A39157C59D7C07FCBAC79AB7CF3D12C979541,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059538Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp1251.TXT2022-01-20 07:58:45.069 23542300x800000000000000059537Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp1251.txtMD5=2926366654DBC6711EE71BA2589161C3,SHA256=F87ED4480CFDDB8F5F6226292338CA407CCC7B1A543F3832F1D20AFF6CB72A58,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059536Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.545{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpAsDesc.dllMD5=A27F0ABF90F3B468C6F15CDAFBBC3312,SHA256=503DF4EF842D6621139D4A15D68955E4926C0C6B5CCCEF60323290A6FC08343F,IMPHASH=00000000000000000000000000000000truetrue 11241100x800000000000000059535Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp1250.TXT2022-01-20 07:58:45.069 23542300x800000000000000059534Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp1250.txtMD5=3C9476725FBFEEFFB9F549D995EE2815,SHA256=CF79BA755416AE5628A9DD1F870306B5A45FD6B256EFED0C2AC1CC2CCB3307F0,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059533Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-9.TXT2022-01-20 07:58:45.069 23542300x800000000000000059532Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-9.txtMD5=DC12E2B5E874EDC397380FFD8AE55ED2,SHA256=976D48DFFF033C7BFEDD08BC61D26F0A5FEFB4C3F48F8735F454E100CF40294C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059531Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-8.TXT2022-01-20 07:58:45.069 23542300x800000000000000059530Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-8.txtMD5=C77336D026DC44CB4BFA23DD89FA9DDE,SHA256=4BEA5CF4B048E3B7CCF704EA153EDCF77D2A4C627DD8710F8F7E037AFB62A171,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059529Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-7.TXT2022-01-20 07:58:45.069 23542300x800000000000000059528Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-7.txtMD5=1E6FE1C4FCA8C960780A7E721DC29448,SHA256=73B347025D12C050D82C1385D3756A5EB79F6E7B21E1ED91EE344590A2D1EE3F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059527Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-6.TXT2022-01-20 07:58:45.069 23542300x800000000000000059526Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-6.txtMD5=0B6FCA3CF6CED7832EC98BD83E9D8573,SHA256=A2917A1017ECB3C82FC44CD57365DBDA0788F7CC1E8DA94D8175F6600CF03548,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059525Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-5.TXT2022-01-20 07:58:45.054 23542300x800000000000000059524Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-5.txtMD5=4C2E46C0B5C710935C6D48A96A930F55,SHA256=C1244FABAD6E9B7A8053DA89448C42388BBE93681742E01E74F7A22B7F08E3ED,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059523Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-4.TXT2022-01-20 07:58:45.054 23542300x800000000000000059522Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-4.txtMD5=DE68D2887E903B683AC7DE31FCF86E04,SHA256=5BB8F1FA3FDF6DF88EE3D1A17F58BDF5E336F6B665D58EA04BF7BD7BDBF259DC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059521Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-3.TXT2022-01-20 07:58:45.054 23542300x800000000000000059520Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-3.txtMD5=508E6E6C9944169639D3110E0B973CE0,SHA256=A7906A91EC3A4AC7F10EC7E25966D36D98FB720F401D595DE5F9F06AB1F2B2A7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059519Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-2.TXT2022-01-20 07:58:45.054 23542300x800000000000000059518Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-2.txtMD5=9C338678A16843FD60FCD12602F767E5,SHA256=5C81ECA66455C5B36853C8A66495F58636643F6DDB261083D877A7F2A48287B7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059517Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-16.TXT2022-01-20 07:58:45.054 23542300x800000000000000059516Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-16.txtMD5=E4054D6687231B28907D0146A3A4C827,SHA256=C2ED919E5A107C07B13D702320EB532C83360452BB0D3FBF09FB1D920343EAD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059515Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.514{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Microsoft-Windows-Windows Defender.manMD5=36F8A68EECFB5B89C4C571F6A63E3ECA,SHA256=4D76246642181E38F87B623AF82BF7454050D05775F546506CFACA1608BE9633,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059514Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-15.TXT2022-01-20 07:58:45.054 23542300x800000000000000059513Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-15.txtMD5=B1233F8FB662A710D5CF9FFA8B603BF5,SHA256=0E8C5AA710FC1E8537E84DCD86704A4A4EBB289791121ACEA82AC5474B1BC123,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059512Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-14.TXT2022-01-20 07:58:45.054 23542300x800000000000000059511Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-14.txtMD5=FA40746824C8B2361C6E7D390B16C468,SHA256=79143EE49AB465F2317B9D3ADE16F07EC6CF6314506426FA5B366A6E742FC15A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059510Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Microsoft-Antimalware-Service.manMD5=B003B1DFFD9221745ED31E2979B28574,SHA256=5AE7493F638252D49F18B084D7CEA4E88D3AF6B1170C8C16EABF5C6AE849E3C9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059509Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-13.TXT2022-01-20 07:58:45.054 23542300x800000000000000059508Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Microsoft-Antimalware-RTP.manMD5=35AC30A8637BC0EB2F7902B8C69BF904,SHA256=FE761134076253DC11CF8C154CA43E762C61C28D0A817E76351FFEF32CCF59C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059507Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-13.txtMD5=F97C84A786088BD85262F57DF05408FD,SHA256=6E07D8120D8225F0556C9C7F477C7D4392141290C3AE7F6A81C3926C34C0E52C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059506Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Microsoft-Antimalware-Protection.manMD5=E4AD891E7B62475FCA109C0DF4DEF16E,SHA256=DF9AD93CDB61587A35FCDCE996955A64413439A474D85C86133A9E9C185D1966,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059505Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-11.TXT2022-01-20 07:58:45.054 23542300x800000000000000059504Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-11.txtMD5=52F00F158B1B3554D4A2A0924F6DE3D5,SHA256=9063AA1EE6C9B54B7E95661F41B3EF7F1C9BEEC99158C98B04DA43325BE5A4DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059503Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Microsoft-Antimalware-NIS.manMD5=5562965C32F03AE0DF8B9DEF950F8651,SHA256=EA64BE59286B67AE930729FA92B2B08DCE5C2EAEB70FEABE2320C47FB6DDAC6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059502Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Microsoft-Antimalware-AMFilter.manMD5=B6D65A86FC1999A62DA10EA3C4CAD3E4,SHA256=05B2BFD40FB3A344C3AE178C420A7FEA9595815CB1CC07843078112F5F551EAF,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059501Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-10.TXT2022-01-20 07:58:45.054 23542300x800000000000000059500Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-10.txtMD5=1756FE8A4076A0ACBAA84F31F73A5E18,SHA256=13339AD725052723FF6AAC91CEEF1A120A3231C4FAC647E0B63D5565EFDD2A53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059499Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\endpointdlp.dllMD5=BBDFA9DA2F8E10903C095F504A2188B1,SHA256=4B3DE446F41D0410C06E9FAFF8823D380BCBDADB5B381C702CE3A5E2535A7142,IMPHASH=4E716FB51FA8B3F8D25BBE321A933985truetrue 11241100x800000000000000059498Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.482{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-1.TXT2022-01-20 07:58:45.054 23542300x800000000000000059497Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.482{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-1.txtMD5=12E09BD6C9C501B55E0F27ACAF60C672,SHA256=884EB5AE5AA74867C7B2C93A40B9460920E26731DFAFA58F783E9D568FC79055,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059496Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.482{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\libexec\git-core\GitHub.UI.exe.configMD5=FF6B196838ACB06FAC7526A610F87C26,SHA256=F46FDA9621B8060930E1FE1A656594358D838CC0750016871BA15F861B056891,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059495Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.482{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ConfigSecurityPolicy.exeMD5=065E4E5BE96865266D1FC4449274CE20,SHA256=98E3951BA9FACFB2B878D98D237D63C675878A09D9B6E18640C96746B6665041,IMPHASH=C1B5D6B4F7C8A5BCC84810A010E14536truetrue 23542300x800000000000000059494Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.482{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\libexec\git-core\git-credential-manager-core.exe.configMD5=FF6B196838ACB06FAC7526A610F87C26,SHA256=F46FDA9621B8060930E1FE1A656594358D838CC0750016871BA15F861B056891,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059493Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.481{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\libexec\git-core\Atlassian.Bitbucket.UI.exe.configMD5=FF6B196838ACB06FAC7526A610F87C26,SHA256=F46FDA9621B8060930E1FE1A656594358D838CC0750016871BA15F861B056891,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059492Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.479{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\com.microsoft.defender.be.chrome.jsonMD5=60A2FC65D3CC1D3DE9ECD2C5319738FC,SHA256=6C6F52B13235148AF305BD614779EA885C00B64D0BB7CC764E3C67198CC524A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059491Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.478{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\zh-TW\ProtectionManagement.dll.muiMD5=5EEAFAC8017831BED41402B0CFB7CD1A,SHA256=AC5968C53994D55E2FBC20A5BA9DF19F9A6B7F3619E56E859BC9A85E7ED3CEDF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059490Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.476{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\sv.msgMD5=DB1712B1C1FF0E3A46F8E86FBB78AA4D,SHA256=B76EBFA21BC1E937A04A04E5122BE64B5CDEE1F47C7058B71D8B923D70C3B17B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059489Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.461{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\zh-TW\mpuxagent.dll.muiMD5=9FD7C75F65C5AB7CD0379337ACE6777D,SHA256=4D4D6B443BF0C29D97517763702B24229E0656312D1B3810104B60B3CE4A026C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059488Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.461{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\zh-TW\MpEvMsg.dll.muiMD5=3B15F377EF6F4A43466F4D8CA2ADAC8A,SHA256=322B9C5DE528180BDBF2F8E0BDEAA724779BFEB4A1A84F30875FFB2CD4BB7F5E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059487Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.461{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\ru.msgMD5=D7C27DBDF7B349BE13E09F35BA61A5F8,SHA256=C863DEBAB79F9682FD0D52D864E328E7333D03F4E9A75DBB342C30807EFDCFFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059486Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.461{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\zh-TW\MpAsDesc.dll.muiMD5=72632B8E416A153787D2D010D6C374E0,SHA256=CE2B21F5F25E574ED7B5FC7C381B82A46274C69A803393183E03773404B9C384,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059485Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.461{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\pt.msgMD5=236356817E391D8871EA59667F47DA0C,SHA256=AD0E466131D3789DE321D9D0588E19E4647BA82EDE41EEE6EBEF464786F8BDBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059484Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.461{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\zh-CN\ProtectionManagement.dll.muiMD5=E648AA637FDBB85D8E5513FC36367941,SHA256=0E827FA44D0228A1819611BB935FEE4B49B77F225D1A0AB1106052271489B7BF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059483Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.461{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\pl.msgMD5=17B63EFE0A99F44D27DD41C4CC0A8A7B,SHA256=1993B4EC2DC009D2E6CA185D0BD565D3F33A4EFA79BACA39E4F97F574D63F305,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059482Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.461{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\zh-CN\mpuxagent.dll.muiMD5=ECA0F1F0613ADC6AB3AD41A4231644DA,SHA256=C32E60C50963BA642B2B147A4ADB208338DDA9AB6A5F7220C8845950D72F7BAB,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059481Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.461{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\zh-CN\MpEvMsg.dll.muiMD5=5FD7A02D2B6C5EE2ED14E07A4A6F36BD,SHA256=7EB646897BD9FF85CD859A48BFF19D994AA44137AD6B06E90AD2C7F0F2A65C9D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059480Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.461{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\nl.msgMD5=B628EAFD489335ED620014B56821B792,SHA256=D3D07AAD792C0E83F4704B304931EA549D12CBB3D99A573D9815E954A5710707,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059479Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.461{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\zh-CN\MpAsDesc.dll.muiMD5=6B9084CA751B5AE068F5162096D2A1CF,SHA256=A6D1822E0600E72B0BF263A93084EA5641472E0EE4ED0CBFC2F51C5371927905,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059478Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.461{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\it.msgMD5=ADB80EC5B23FC906A1A3313A30D789E6,SHA256=9F83DD0309ED621100F3187FFCDAE50B75F5973BBE74AF550A78EF0010495DED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059477Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.445{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\X86\MsMpLics.dllMD5=30AC9560D381D704B9F7ADDAF0F82A94,SHA256=E1FA909C9A6BFE68C219734F54A1605A0920E6E0914D780DF59F7855BE6A0F5C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059476Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.445{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\hu.msgMD5=E1BA9C40A350BAD78611839A59065BF0,SHA256=C8134EAD129E44E9C5043E1DAD81A6A900F0DE71DB3468E2603840038687F1D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059475Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.445{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\X86\MpOAV.dllMD5=F963795F0C4B10F6A06D44A89025A235,SHA256=C0C9B303A85E085CAF876CD46EB30152F4D5557F404B2F896728802C4A427E4C,IMPHASH=B153971B18B753F5A5050CE54B02C2E0truetrue 23542300x800000000000000059474Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.445{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\fr.msgMD5=9FC55235C334F6F6026D5B38AFFB9E10,SHA256=0A8BBB4D1FD87BF7A90DDFA50F4724994C9CE78D1F3E91CF40C1177DB7941DC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059473Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.445{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\es.msgMD5=93FFA957E3DCF851DD7EBE587A38F2D5,SHA256=91DC4718DC8566C36E4BCD0C292C01F467CA7661EFF601B870ABCDFE4A94ECBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059472Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.445{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\X86\MpDetoursCopyAccelerator.dllMD5=E14F76935B760B68B34AAB00CC6A7116,SHA256=20B97E552984F597711D8A8C766A809F51657F1F59A9BA3CEE13E7CD97717FAF,IMPHASH=74478D3FF071B77E9B32D63F1F5AA17Atruetrue 23542300x800000000000000059471Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.445{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\eo.msgMD5=09EF4B30B49A71FD4DEA931E334896E1,SHA256=5DE113DC4CE0DF0D8C54D4812C15EC31387127BF9AFEA028D20C6A5AA8E3AB85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059470Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.445{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\X86\MpDetours.dllMD5=B8D9BDFE2B9E5CC434D08C2D58EE362A,SHA256=5EABB3CA44F9247703978939C1C1759CBF9D69BD0D53F4B9D3BEFDF476415DB8,IMPHASH=6E757FB64260833FA5C6C4D97D8045D3truetrue 23542300x800000000000000059469Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.430{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\en_gb.msgMD5=EC6A7E69AB0B8B767367DB54CC0499A8,SHA256=FB93D455A9D9CF3F822C968DFB273ED931E433F2494D71D6B5F8D83DDE7EACC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059468Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.430{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\en.msgMD5=64725ED622DBF1CB3F00479BA84157D7,SHA256=673C76A48ADA09A154CB038534BF90E3B9C0BA5FD6B1619DB33507DE65553362,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059467Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.430{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\X86\MpCmdRun.exeMD5=ECA84EEA3FC50DBC31A17D271B7062AF,SHA256=B0337D5C7D36278EC6707749F35341EB6EAAD8B1713125C043E298021BA07401,IMPHASH=95D49CB882332BDC4900DE33E1D18DB9truetrue 23542300x800000000000000059466Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.430{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\el.msgMD5=C802EA5388476451CD76934417761AA6,SHA256=1D56D0A7C07D34BB8165CBA47FA49351B8BC5A9DB244290B9601C5885D16155C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059465Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.430{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\de.msgMD5=07DF877A1166E81256273F1183B5BDC9,SHA256=06DD7572626DF5CB0A8D3AFFBAC9BB74CB12469076836D66FD19AE5B5FAB42C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059464Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.430{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\da.msgMD5=C414C6972F0AAD5DFA31297919D0587F,SHA256=85E6CEE6001927376725F91EAA55D17B3D9E38643E17755A42C05FE491C63BDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059463Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.414{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\cs.msgMD5=EBAFA3EE899EBB06D52C204493CEE27A,SHA256=D1B0FED0BEA51B3FAF08D8634034C7388BE7148F9B807460B7D185706DB8416F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059462Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.414{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\X86\MpClient.dllMD5=6080672558962E1E2AAD8CFDF838A294,SHA256=3986D2EB04BC82362722BB70C71BCBABBD0FCF567B278BA6DC3770ADDDCC45C5,IMPHASH=9F614314F6D26F33EFAA597705EF50CCtruetrue 23542300x800000000000000059461Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.414{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\images\tai-ku.gifMD5=048AFE69735F6974D2CA7384B879820C,SHA256=E538F8F4934CA6E1CE29416D292171F28E67DA6C72ED9D236BA42F37445EA41E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059460Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.414{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\images\pwrdLogo75.gifMD5=7013CFC23ED23BFF3BDA4952266FA7F4,SHA256=462A8FF8FD051A8100E8C6C086F497E4056ACE5B20B44791F4AAB964B010A448,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059459Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.414{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\images\pwrdLogo200.gifMD5=A5E4284D75C457F7A33587E7CE0D1D99,SHA256=BAD9116386343F4A4C394BDB87146E49F674F687D52BB847BD9E8198FDA382CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059458Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.398{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\images\pwrdLogo175.gifMD5=DA5FB10F4215E9A1F4B162257972F9F3,SHA256=62866E95501C436B329A15432355743C6EFD64A37CFB65BCECE465AB63ECF240,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059457Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.398{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\images\pwrdLogo150.gifMD5=711F4E22670FC5798E4F84250C0D0EAA,SHA256=5FC25C30AEE76477F1C4E922931CC806823DF059525583FF5705705D9E913C1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059456Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.398{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\images\pwrdLogo100.gifMD5=DBFAE61191B9FADD4041F4637963D84F,SHA256=BCC0E6458249433E8CBA6C58122B7C0EFA9557CBC8FB5F9392EED5D2579FC70B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059455Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.398{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\images\logoMed.gifMD5=BD12B645A9B0036A9C24298CD7A81E5A,SHA256=4D0BD3228AB4CC3E5159F4337BE969EC7B7334E265C99B7633E3DAF3C3FCFB62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059454Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.383{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\images\logoLarge.gifMD5=45D9B00C4CF82CC53723B00D876B5E7E,SHA256=0F404764D07A6AE2EF9E1E0E8EAAC278B7D488D61CF1C084146F2F33B485F2ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059453Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.383{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\images\logo64.gifMD5=B226CC3DA70AAB2EBB8DFFD0C953933D,SHA256=138C240382304F350383B02ED56C69103A9431C0544EB1EC5DCD7DEC7A555DD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059452Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.383{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\images\logo100.gifMD5=FF04B357B7AB0A8B573C10C6DA945D6A,SHA256=72F6B34D3C8F424FF0A290A793FCFBF34FD5630A916CD02E0A5DDA0144B5957F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059451Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.382{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\demos\nl.msgMD5=CD87735CE34105D24BA7D70CFCBD68BD,SHA256=C03318F95CFCEBACDA5A58C0B03703B93DD938050FE08D95A63A240188C733AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059450Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.378{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\demos\images\tcllogo.gifMD5=FF04B357B7AB0A8B573C10C6DA945D6A,SHA256=72F6B34D3C8F424FF0A290A793FCFBF34FD5630A916CD02E0A5DDA0144B5957F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059449Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.361{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\demos\images\ouster.pngMD5=FE7DC3E7562C55EFDBC7B18DB0924D26,SHA256=A2FE354DFCB09B9EEB488128F4AC0B498766FAF4A8BECF65BBCD779BDB9C4C8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059448Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.361{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\demos\images\earthris.gifMD5=4D10E3A9B9C5CC5AB490962AFA9BFE6C,SHA256=C2DA473E55D8317BD1F983638ADB729BFF1461DE590D76F99D8B3430C71E0F6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059447Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.361{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\demos\images\earthmenu.pngMD5=D0312D9A617BA1214FD3EDCE5EC5DA53,SHA256=9BF8D96016039D7FDB2FFC506743724636A70ED5925199AAB64CA20820963BDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059446Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.361{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\demos\images\earth.gifMD5=34D2114D2AC22DD7F97232D241402028,SHA256=88AF7AE24FD08D5EB144E938A4381D28638BC50D15C8E5F3E30CA73B0FBA961F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000059445Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.002{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52445-false104.18.31.182-80http 23542300x800000000000000059444Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.345{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\demos\en.msgMD5=91F2798EF7775B7203E11FFFE878AC79,SHA256=9ED968CE55283D06066D99E366A5A7CD1F3303235B5C6626C7828141AE5C0EC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059443Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.330{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\zh_tw.msgMD5=9CD17E7F28186E0E71932CC241D1CBB1,SHA256=D582406C51A3DB1EADF6507C50A1F85740FDA7DA8E27FC1438FEB6242900CB12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059442Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.330{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\zh_sg.msgMD5=E0BC93B8F050D6D80B8173FF4FA4D7B7,SHA256=2683517766AF9DA0D87B7A862DE9ADEA82D9A1454FC773A9E3C1A6D92ABA947A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059441Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.330{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\X86\MpAsDesc.dllMD5=FFF62C12CDFBB5F8245F0C5E09CE6276,SHA256=55E058C5969102272EA423BFE8467325FBE0DA2627258DB99243307280778B54,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059440Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.330{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\zh_hk.msgMD5=D8C6BFBFCE44B6A8A038BA44CB3DB550,SHA256=D123E0B4C2614F680808B58CCA0C140BA187494B2C8BCF8C604C7EB739C70882,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059439Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.314{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\zh_cn.msgMD5=EB94B41551EAAFFA5DF4F406C7ACA3A4,SHA256=85F91CF6E316774AA5D0C1ECA85C88E591FD537165BB79929C5E6A1CA99E56C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059438Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.314{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\X86\endpointdlp.dllMD5=8413BF8A8B935E57D301CBCDA64E1934,SHA256=EA371C42AED818BF88AB029F439167F803ADB1C9595B7DDB8DFF16EBBA591828,IMPHASH=DF639EAACE96DA9DCDDBF265D8B56341truetrue 23542300x800000000000000059437Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.314{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\zh.msgMD5=9C33FFDD4C13D2357AB595EC3BA70F04,SHA256=EF81B41EC69F67A394ECE2B3983B67B3D0C8813624C2BFA1D8A8C15B21608AC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059436Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.314{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\vi.msgMD5=3BD0AB95976D1B80A30547E4B23FD595,SHA256=9C69094C0BD52D5AE8448431574EAE8EE4BE31EC2E8602366DF6C6BF4BC89A58,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059435Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.314{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\uk.msgMD5=458A38F894B296C83F85A53A92FF8520,SHA256=CF2E78EF3322F0121E958098EF5F92DA008344657A73439EAC658CB6BF3D72BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059434Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.314{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\tr.msgMD5=3AFAD9AD82A9C8B754E2FE8FC0094BAB,SHA256=DF7C4BA67457CB47EEF0F5CA8E028FF466ACDD877A487697DC48ECAC7347AC47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059433Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.314{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\X86\en-US\MpAsDesc.dll.muiMD5=499D4C07DDF2D258B8CB7B37A1D892CC,SHA256=3994A0D7AFCE70F018B673C5689E192CE28545C55AFAFEE1C37743AA0F934CF8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059432Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.314{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\th.msgMD5=D145F9DF0E339A2538662BD752F02E16,SHA256=F9641A6EBE3845CE5D36CED473749F5909C90C52E405F074A6DA817EF6F39867,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059431Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.298{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\vi-VN\mpuxagent.dll.muiMD5=F587B7F551D3304A63BE6764965B701C,SHA256=B45C39AE05934549E09841C0391F844C1B63FBB9134B2EBC8CC9F4B426178D11,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059430Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.298{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\te_in.msgMD5=443E34E2E2BC7CB64A8BA52D99D6B4B6,SHA256=88BDAF4B25B684B0320A2E11D3FE77DDDD25E3B17141BD7ED1D63698C480E4BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059429Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.298{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\vi-VN\MpAsDesc.dll.muiMD5=8292B42976EA7E5B4A5143006550C0DB,SHA256=652CA8F94969FE4BAADEAE439D48274B2E0C828169B523D5CE9D9C5E1CDD6951,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059428Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.298{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\te.msgMD5=0B9B124076C52A503A906059F7446077,SHA256=42C34D02A6079C4D0D683750B3809F345637BC6D814652C3FB0B344B66B70C79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059427Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.298{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ur-PK\mpuxagent.dll.muiMD5=023469B9CE9A65693DDE3DAAA3B7F41C,SHA256=BAF468BF80396223C1A0B93DC499A8B713C12E8656BA42D3D2176DC29E729237,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059426Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.298{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ta_in.msgMD5=293456B39BE945C55536A5DD894787F0,SHA256=AA57D5FB5CC3F59EC6A3F99D7A5184403809AA3A3BC02ED0842507D4218B683D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059425Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.298{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\uk-UA\mpuxagent.dll.muiMD5=F345D7719ED1F32D9443AB71D36BAC3E,SHA256=13AC1F29F2108EC7DB952EDBC6F51DA4D2F0CBDA46B514EFF70B2E96E06B37B9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059424Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.298{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ta.msgMD5=2D9C969318D1740049D28EBBD4F62C1D,SHA256=30A142A48E57F194ECC3AA9243930F3E6E1B4E8B331A8CDD2705EC9C280DCCBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059423Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.298{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\uk-UA\MpAsDesc.dll.muiMD5=088D2A1E50EF7AF09C5D828C322DA741,SHA256=535E01F1C8A430CDCA3A804A92D80B6319017737D4B8CB431F5C23B1EF4AFE5C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059422Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.298{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\sw.msgMD5=4DB24BA796D86ADF0441D2E75DE0C07E,SHA256=6B5AB8AE265DB436B15D32263A8870EC55C7C0C07415B3F9BAAC37F73BC704E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059421Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.298{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ug-CN\mpuxagent.dll.muiMD5=F9007E5EF37ED62D4574EA8F1AA41875,SHA256=7B74D3CA3A9951C039993B34BC4A04BF810A6FCA726485599E336ABEB5E2F3EB,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059420Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.283{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\sv.msgMD5=496D9183E2907199056CA236438498E1,SHA256=4F32E1518BE3270F4DB80136FAC0031C385DD3CE133FAA534F141CF459C6113A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059419Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.283{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\tt-RU\mpuxagent.dll.muiMD5=2A6AFABE73744D9F425AD9D689A536E4,SHA256=8317A8E6F50BD32F95317BE8EEA81E17E2A7663CB62186995CBBA994DDDCE0DF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059418Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.283{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\sr.msgMD5=5CA16D93718AAA813ADE746440CF5CE6,SHA256=313E8CDBBC0288AED922B9927A7331D0FAA2E451D4174B1F5B76C5C9FAEC8F9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059417Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.283{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\tr-TR\mpuxagent.dll.muiMD5=FE8D22F1A5E40B9B74C7DB47C7C3CAFB,SHA256=45FDAD8C8F84182DA054E152C5F2CB132DB835BD9DD8816C19EFDFB070AEEB6F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059416Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.283{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\tr-TR\MpEvMsg.dll.muiMD5=72793569DA2104C377C013B7FF0DC4AA,SHA256=AAA4B1E8BDA6A3CDED4D7BDDB69277EE7D5596453EE4667DF0275AAED5ABC059,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059415Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.283{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\sq.msgMD5=931A009F7E8A376972DE22AD5670EC88,SHA256=CB27007E138315B064576C17931280CFE6E6929EFC3DAFD7171713D204CFC3BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059414Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.283{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\tr-TR\MpAsDesc.dll.muiMD5=40287708A40088B80943086E910F6D2D,SHA256=80364521D699C22083CD4BABE754DD98D4897F22CBE2D658E1605A5558064BF6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059413Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.283{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\sl.msgMD5=2566BDE28B17C526227634F1B4FC7047,SHA256=BD488C9D791ABEDF698B66B768E2BF24251FFEAF06F53FB3746CAB457710FF77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059412Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.283{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\th-TH\mpuxagent.dll.muiMD5=19FBFBC2D7C95B8580A4C38A5B4DBFA5,SHA256=447674122E4A5E67132BEDBE0E9FC383B04C3A8766A77FC7106758E3847D29E0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059411Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.283{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\sk.msgMD5=B2EF88014D274C8001B36739F5F566CE,SHA256=043DECE6EA7C83956B3300B95F8A0E92BADAA8FC29D6C510706649D1D810679A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059410Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.283{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\th-TH\MpAsDesc.dll.muiMD5=7B0C4FD9826AD7EB0E9486581E8CA50A,SHA256=466DA97CB1ACE2FDB0640D14985F7D609BD200CFAC489145EAF12180C8140579,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059409Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.282{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\sh.msgMD5=C7BBD44BD3C30C6116A15C77B15F8E79,SHA256=00F119701C9F3EBA273701A6A731ADAFD7B8902F6BCCF34E61308984456E193A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059408Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.281{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\te-IN\mpuxagent.dll.muiMD5=B48495672B8C2953E207915CC937FE09,SHA256=AB35CB5076BE4D422C979227A2A53F28CF0BEE720F177AB0F5BEBB7A2D94B93E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059407Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.277{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ru_ua.msgMD5=E719F47462123A8E7DABADD2D362B4D8,SHA256=AE5D3DF23F019455F3EDFC3262AAC2B00098881F09B9A934C0D26C0AB896700C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059406Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.261{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ta-IN\mpuxagent.dll.muiMD5=5643685F146F6D3FE21A20D48ADB152F,SHA256=95A564843D4545EFFC97B6E82102D4DC68959400C2B791F64D3361031AD709A7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059405Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.261{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ru.msgMD5=3A7181CE08259FF19D2C27CF8C6752B3,SHA256=C2A3A0BE5BC5A46A6A63C4DE34E317B402BAD40C22FB2936E1A4F53C1E2F625F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059404Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.261{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\sv-SE\mpuxagent.dll.muiMD5=82C9C6174E08258BBE12FDAE6A21254D,SHA256=FD0D9CF27F78F3A14711959F2DF8CD2425DB148394A92EA5B93E46DD23B1CE37,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059403Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.261{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ro.msgMD5=0F5C8A7022DB1203442241ABEB5901FF,SHA256=D2E14BE188350D343927D5380EB5672039FE9A37E9A9957921B40E4619B36027,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059402Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.261{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\sv-SE\MpEvMsg.dll.muiMD5=96FB7CA817E3C5DAFFEBDFEC7D84A518,SHA256=35AE2935EC38672E29A09E85FEDF04B6698D5A0EF6DB3935825417DB01D09501,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059401Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.261{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\sv-SE\MpAsDesc.dll.muiMD5=F98760FC587DDD6A9F74ACC580D3EBD6,SHA256=2D61497309D01463A866DF853E2BE71EFC44EC7AE10D1D7C23EABFB39D4DF852,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059400Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.261{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\pt_br.msgMD5=4EE34960147173A12020A583340E92F8,SHA256=E383B20484EE90C00054D52DD5AF473B2AC9DC50C14D459A579EF5F44271D256,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059399Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.261{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\pt.msgMD5=D827F76D1ED6CB89839CAC2B56FD7252,SHA256=9F2BFFA3B4D8783B2CFB2CED9CC4319ACF06988F61829A1E5291D55B19854E88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059398Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.261{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\sr-Latn-RS\mpuxagent.dll.muiMD5=5915C3DC6D3404A660F0ED04D9D0CA09,SHA256=3AF72E307F61020CFB0B24378EEF5D8A546E8097A547F1399252883ABFE2D552,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059397Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.261{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\pl.msgMD5=31A9133E9DCA7751B4C3451D60CCFFA0,SHA256=C39595DDC0095EB4AE9E66DB02EE175B31AC3DA1F649EB88FA61B911F838F753,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059396Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.261{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\sr-Latn-RS\MpAsDesc.dll.muiMD5=172E4AEF12DFC1BBEB9725A42A0DA59F,SHA256=41BA0615BD5ECFDD5940C81D5D4CDD24FB2452237F164ADB7FC6FCE3AC2E0186,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059395Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.245{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\nn.msgMD5=2266607EF358B632696C7164E61358B5,SHA256=5EE93A8C245722DEB64B68EFF50C081F24DA5DE43D999C006A10C484E1D3B4ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059394Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.245{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\sr-Cyrl-RS\mpuxagent.dll.muiMD5=DA0FB5E9E66DCB221D02970587884CBD,SHA256=16409B0BD47BC94250526CBF7EDF57F1AE6E163D7BC31E0FCB87C7E3350A5B1B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059393Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.245{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\nl_be.msgMD5=B08E30850CA849068D06A99B4E216892,SHA256=9CD54EC24CBDBEC5E4FE543DDA8CA95390678D432D33201FA1C32B61F8FE225A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059392Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.245{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\sr-Cyrl-BA\mpuxagent.dll.muiMD5=667AA5FF4EFEA149C26082BCBEC21B47,SHA256=42C9A56A116B48A5AB9D1249B0601D09EBA8D6830B870286E3C096422120C4F4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059391Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.245{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\sq-AL\mpuxagent.dll.muiMD5=B732F58E778DB9EDFBF0401DE3C711EC,SHA256=329D1D3BC2595E79D0FE6DA2702A29D374DCE86292EAB05AE10DF437603281F7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059390Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.245{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\nl.msgMD5=98820DFF7E1C8A9EAB8C74B0B25DEB5D,SHA256=49128B36B88E380188059C4B593C317382F32E29D1ADC18D58D14D142459A2BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059389Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.245{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\sl-SI\mpuxagent.dll.muiMD5=3CD9903B2FE11BE4B57D6B1CE74AA1EF,SHA256=E289488BA8E975B6B3D1B6702A7AFDAE17ACFF00242C46552D1FE205C6C42E22,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059388Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.245{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\nb.msgMD5=D5509ABF5CBFB485C20A26FCC6B1783E,SHA256=BC401889DD934C49D10D99B471441BE2B536B1722739C7B0AB7DE7629680F602,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059387Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.245{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\sl-SI\MpAsDesc.dll.muiMD5=100089A25524739BC2285AE5DF1D5EC6,SHA256=63B78C5A175AB9022A40E361D8F0677D6DC272C62251987C3BB0100F064FD8DE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059386Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.245{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\mt.msgMD5=CE7E67A03ED8C3297C6A5B634B55D144,SHA256=D115718818E3E3367847CE35BB5FF0361D08993D9749D438C918F8EB87AD8814,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059385Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.245{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\sk-SK\mpuxagent.dll.muiMD5=92664A84B358EAD0F5513B00F403B8FA,SHA256=115E15FF95B7140A5A7FAEC9D87298EE7FDBE65A35BB87497FCCB6B5BF236D6F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059384Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.245{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ms_my.msgMD5=8261689A45FB754158B10B044BDC4965,SHA256=D05948D75C06669ADDB9708BC5FB48E6B651D4E62EF1B327EF8A3F605FD5271C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059383Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.230{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\sk-SK\MpAsDesc.dll.muiMD5=D27C1603DDD3C0C0CBB820063A60196B,SHA256=0E89422405CB31189A3E65E2CBB2268015EEC9CF6EBDF8729A217284275B7705,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059382Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.230{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ms.msgMD5=441CC737D383D8213F64B62A5DBEEC3E,SHA256=831F611EE851A64BF1BA5F9A5441EC1D50722FA9F15B4227707FE1927F754DE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059381Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.230{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ru-RU\ProtectionManagement.dll.muiMD5=50282BBFE6AE829BC1C71771E1BC077A,SHA256=E40346B619EBFD886FD2C765C2191FAE7B553579A1EFB39E295C87B039D56B94,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059380Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.230{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\mr_in.msgMD5=899E845D33CAAFB6AD3B1F24B3F92843,SHA256=F75A29BB323DB4354B0C759CB1C8C5A4FFC376DFFD74274CA60A36994816A75C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059379Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.230{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ru-RU\mpuxagent.dll.muiMD5=2E018CA3A3454FF784BB17F1145B4650,SHA256=72D1DA6C2467D00608C92B86429B7A2DB372C6713B88E4F8E61E0FC528005BAF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059378Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.230{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\mr.msgMD5=791408BAE710B77A27AD664EC3325E1C,SHA256=EB2E2B7A41854AF68CEF5881CF1FBF4D38E70D2FAB2C3F3CE5901AA5CC56FC15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059377Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.230{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ru-RU\MpEvMsg.dll.muiMD5=A20C3F56787D4A0917087441DACB0F12,SHA256=994707AE38DAB3F516367E93C8638E0CF70F3D239478A2A3982C88F1A4B5382C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059376Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.230{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\mk.msgMD5=CD589758D4F4B522781A10003D3E1791,SHA256=F384DD88523147CEF42AA871D323FC4CBEE338FF67CC5C95AEC7940C0E531AE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059375Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.230{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ru-RU\MpAsDesc.dll.muiMD5=E83EB650E2482B2C92FDB9F3AB4782A3,SHA256=EAB6A4702D4CD249C79E10302C150BBF39ABAF441F4915773F4D51A8D8FF947E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059374Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.230{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\lv.msgMD5=D5DEB8EFFE6298858F9D1B9FAD0EA525,SHA256=FD95B38A3BEBD59468BDC2890BAC59DF31C352E17F2E77C82471E1CA89469802,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059373Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.214{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\lt.msgMD5=73F0A9C360A90CB75C6DA7EF87EF512F,SHA256=510D8EED3040B50AFAF6A3C85BC98847F1B4D5D8A685C5EC06ACC2491B890101,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059372Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.214{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ro-RO\mpuxagent.dll.muiMD5=616C5338172CFE983083D1212627B08E,SHA256=27770C854FF89414B16FBF9B0BAC1080592395AC16FCCF910D666D9DC922621C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059371Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.214{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\kw_gb.msgMD5=D325ADCF1F81F40D7B5D9754AE0542F3,SHA256=7A8A539C8B990AEFFEA06188B98DC437FD2A6E89FF66483EF334994E73FD0EC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059370Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.214{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ro-RO\MpAsDesc.dll.muiMD5=0328C191B135EECF4E15E3A5D4A4C7AA,SHA256=29B5510FF091C19C95B9A4A563FD6A51890D426092DD15CB0B2CE696F4404EF9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059369Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.214{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\kw.msgMD5=413A264B40EEBEB28605481A3405D27D,SHA256=F49F4E1C7142BF7A82FC2B9FC075171AE45903FE69131478C15219D72BBAAD33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059368Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.214{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\quz-PE\mpuxagent.dll.muiMD5=3D89170ECBC32DB0B715C78DF9121B01,SHA256=9462D9A0A7A5EA80B399C81A9A654E4CFA358D4994E11BF792D8DB8BB2F0F8E3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059367Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.214{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ko_kr.msgMD5=9C7E97A55A957AB1D1B5E988AA514724,SHA256=31A4B74F51C584354907251C55FE5CE894D2C9618156A1DC6F5A979BC350DB17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059366Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.214{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\pt-PT\mpuxagent.dll.muiMD5=075B782FDC73901B58A099BA2A232A0C,SHA256=C14F4A251BF432DAD1E62850F1CEBBB7689E5E50A305FCD6FF396C82426D3D22,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059365Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.214{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\kok_in.msgMD5=A3B27D44ED430AEC7DF2A47C19659CC4,SHA256=BEE07F14C7F4FC93B62AC318F89D2ED0DD6FF30D2BF21C2874654FF0292A6C4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059364Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.214{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\pt-PT\MpEvMsg.dll.muiMD5=149D70DD838FCC2AC04DABE7FE40C1FF,SHA256=27CF38D40D339C4469FCDA6D1DBD92A09B5172538656CEC159D0C3D8DCBEA4F0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059363Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.214{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\kok.msgMD5=E7938CB3AF53D42B4142CB104AB04B3B,SHA256=D236D5B27184B1E813E686D901418117F22D67024E6944018FC4B633DF9FF744,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059362Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.198{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\pt-PT\MpAsDesc.dll.muiMD5=EDFF30151F7A3372D5224E831C2DB3EF,SHA256=9E94380040D20E1957B31D76004ECBC97939302C097D4FE30902825900FF1CE0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059361Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.198{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ko.msgMD5=A4C37AF81FC4AA6003226A95539546C1,SHA256=F6E2B0D116D2C9AC90DDA430B6892371D87A4ECFB6955318978ED6F6E9D546A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059360Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.198{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\kl_gl.msgMD5=4B8E5B6EB7C27A02DBC0C766479B068D,SHA256=F99DA45138A8AEBFD92747FC28992F0C315C6C4AD97710EAF9427263BFFA139C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059359Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.198{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\pt-BR\ProtectionManagement.dll.muiMD5=FB61ED9BD05B8347B31F73D3B0F798FB,SHA256=7976AEC4E0DE7B10D5D038CC42B6412EF877D38CC255132BA388BED3B663D1A9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059358Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.198{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\kl.msgMD5=AE55E001BBE3272CE13369C836139EF3,SHA256=1B00229DF5A979A040339BBC72D448F39968FEE5CC24F07241C9F6129A9B53DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059357Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.198{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\pt-BR\mpuxagent.dll.muiMD5=DE0424196B36FBFE0C64FD8F2B22685D,SHA256=499EF8CC5E505D5D69B7259B036D510310D834D44F9A5B52E3072471AF7F0A39,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059356Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.198{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\pt-BR\MpEvMsg.dll.muiMD5=AD8D6A506D4FE7E8DE0C0E9883CBA151,SHA256=29EAEC16675374C3DF48B054B3A15866811F3D265FB7258488B151336E50774A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059355Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.198{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ja.msgMD5=6CB38CA6889CFD116623E99E6B0869AA,SHA256=1FA391A6B22DDBA5FB0431DFE0507F0B0754140B424700F1675F72C279AB0A0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059354Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.183{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\it_ch.msgMD5=8666E24230AED4DC76DB93BE1EA07FF6,SHA256=2EE356FFA2491A5A60BDF7D7FEBFAC426824904738615A0C1D07AEF6BDA3B76F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059353Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.183{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\pt-BR\MpAsDesc.dll.muiMD5=9497AC1A8B8DA9EB4149C0F8860C8A89,SHA256=76026F20BB91FC672C878D671A313AC10700B4081A57059FA67177AB95159146,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059352Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.183{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Powershell\MSFT_MpWDOScan.cdxmlMD5=0DB7196D0224FBCE614AD6ACA63F8F17,SHA256=2D87A0FE031420903AE69DB3A30011DC659B489E2B11AA4129FED01ED3F0B00B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059351Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.183{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Powershell\MSFT_MpThreatDetection.cdxmlMD5=7C91EEB90EFFB9A8D11DF34FA04FB359,SHA256=97DF56A7933A45143233D314EA947801BF0A475D55A9D852FB411FFD98CB4123,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059350Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.183{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Powershell\MSFT_MpThreatCatalog.cdxmlMD5=125B977FF0EE6A36452A2B6FD5AE2316,SHA256=7856F35EB7FB72BBF8CAAAC05FD99CEE139F694209BCFBCA41AEB4C3B4CD2413,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059349Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.183{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\it.msgMD5=8E205D032206D794A681E2A994532FA6,SHA256=C7D84001855586A0BAB236A6A5878922D9C4A2EA1799BF18544869359750C0DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059348Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.178{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Powershell\MSFT_MpThreat.cdxmlMD5=CF0F8A1D51777BDD9D08FEB023A2162A,SHA256=CFFD2BA2255685803B32ADE8D2D238A07AAEB8071EA04BCBB75CE0EF61FE9AE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059347Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.161{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\is.msgMD5=6695839F1C4D2A92552CB1647FD14DA5,SHA256=6767115FFF2DA05F49A28BAD78853FAC6FC716186B985474D6D30764E1727C40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059346Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.161{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Powershell\MSFT_MpSignature.cdxmlMD5=A212A25B0FA39ACB5D3F02E1CC622730,SHA256=6A8DC2AA231D974A36E0EC86751139873226D6157232EDB63AFB2AEB110CD8F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059345Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.161{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\id_id.msgMD5=A285817AAABD5203706D5F2A34158C03,SHA256=DB81643BA1FD115E9D547943A889A56DFC0C81B63F21B1EDC1955C6884C1B2F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059344Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.161{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Powershell\MSFT_MpScan.cdxmlMD5=7528936578CAEAEFE7B398C8EF4E0A47,SHA256=A51C86EFD506A132274C37E288B9B697BC865F14D6D6451DA7399C7B5F36751F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059343Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.161{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Powershell\MSFT_MpPreference.cdxmlMD5=710B025F9E1944FDB020F27389A2E8B3,SHA256=AA9021CFDC42493E2A759BAD0159001FFB12110FF83CD16021E57570E6402805,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059342Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.161{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\id.msgMD5=CE834C7E0C3170B733122FF8BF38C28D,SHA256=1F1B0F5DEDE0263BD81773A78E98AF551F36361ACCB315B618C8AE70A5FE781E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059341Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.161{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\hu.msgMD5=0561E62941F6ED8965DFC4E2B424E028,SHA256=314F4180C05DE4A4860F65AF6460900FFF77F12C08EDD728F68CA0065126B9AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059340Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.161{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Powershell\MSFT_MpPerformanceReport.Format.ps1xmlMD5=C9734A297293CCE204D369DD392EDDC9,SHA256=CDF89F9602942969AE0493769EAC7DAA8022A1E8295D49403F1206615F92071A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059339Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.161{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\hr.msgMD5=46FD3DF765F366C60B91FA0C4DE147DE,SHA256=9E14D8F7F54BE953983F198C8D59F38842C5F73419A5E81BE6460B3623E7307A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059338Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.161{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Powershell\MSFT_MpPerformanceRecording.wprpMD5=990729AD92C1325C42B04BC975ECBD57,SHA256=E796454FEE4CF17EFDC25DB5FEEF00A5D7C1B335E6C4B4FE996E8AD7CAB01BC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059337Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.161{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Powershell\MSFT_MpPerformanceRecording.psm1MD5=CBA32A98D0EC2D6CCCD3306BFF7AD3D2,SHA256=B77C1F9B9263345F34FE32EED15BD8E3925D378CAEF5D83FEB49275447BCCED6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059336Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.145{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\hi_in.msgMD5=BC86C58492BCB8828489B871D2A727F0,SHA256=29C7CA358FFFCAF94753C7CC2F63B58386234B75552FA3272C2E36F253770C3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059335Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.145{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Powershell\MSFT_MpComputerStatus.cdxmlMD5=58DF8D38469AF7353B672A6F145994DC,SHA256=A63B944CF4FB3DB7F758F7E4D94126ABE99916127E451E0C139D71E94744084A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059334Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.145{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\hi.msgMD5=349823390798DF68270E4DB46C3CA863,SHA256=FAFE65DB09BDCB863742FDA8705BCD1C31B59E0DD8A3B347EA6DEC2596CEE0E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059333Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.145{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Powershell\Defender.psd1MD5=9346D71D826DC7B6580C6206FD1A272E,SHA256=EE3344F2D9FE64E0593B1DCE5FC4743D4891DAA6528A0650C41ED0D3F455D48E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059332Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.145{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\he.msgMD5=FFD5D8007D78770EA0E7E5643F1BD20A,SHA256=D27ADAF74EBB18D6964882CF931260331B93AE4B283427F9A0DB147A83DE1D55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059331Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.145{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\pl-PL\mpuxagent.dll.muiMD5=16DC11F458E24BD57C80E75E96B51784,SHA256=8812A720CBD2BB49D10256A062C1C61C7CF47259693ABC75FB7CD80BFEC5D76F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059330Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.145{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\gv_gb.msgMD5=A65040748621B18B1F88072883891280,SHA256=823AF00F4E44613E929D32770EDB214132B6E210E872751624824DA5F0B78448,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059329Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.145{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\pl-PL\MpEvMsg.dll.muiMD5=61345DAE8DFE5AE0057C8B4A45C2833F,SHA256=593AD6B77223468408847298A5884E4BF96D47990838544CB4940FC13EFD8D35,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059328Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.145{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\pl-PL\MpAsDesc.dll.muiMD5=6CAF1D4CE690539494F539B7905A02BD,SHA256=7285073BE903CC3E47014FA809D64DA01D338A8008FC61843A81DE4471B32217,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059327Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.145{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\gv.msgMD5=3350E1228CF7157ECE68762F967F2F32,SHA256=75AA686FF901C9E66E51D36E8E78E5154B57EE9045784568F6A8798EA9689207,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059326Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.130{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\pa-IN\mpuxagent.dll.muiMD5=9771616F679CFDE87EE5FD215B2EFD9C,SHA256=341C70F942D6DEC043A831790AD82E75550C5CC1F338A93E089538E7EFC94228,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059325Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.130{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\gl_es.msgMD5=3FCDF0FC39C8E34F6270A646A996F663,SHA256=BC2B0424CF27BEF67F309E2B6DFFEF4D39C46F15D91C15E83E070C7FD4E20C9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059324Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.130{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\or-IN\mpuxagent.dll.muiMD5=3F59C3905C0A227825F4EA3C3E55F091,SHA256=1FB59FD9995DC6CCD4AFEBADAC827E4A14C9325B80A8797E2085B148CB70A4BB,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059323Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.130{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\gl.msgMD5=B940E67011DDBAD6192E9182C5F0CCC0,SHA256=C71A07169CDBE9962616D28F38C32D641DA277E53E67F8E3A69EB320C1E2B88C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059322Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.130{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\nn-NO\mpuxagent.dll.muiMD5=9AD942027A59B35A699926D89B296612,SHA256=1B608279C259B704B85A162C875F1E11AE6019DA7AF62856E9C22F629B840BEC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059321Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.130{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ga_ie.msgMD5=04452D43DA05A94414973F45CDD12869,SHA256=2072E48C98B480DB5677188836485B4605D5A9D99870AC73B5BFE9DCC6DB46F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059320Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.130{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\nl-NL\mpuxagent.dll.muiMD5=4B6F3EF552192457CC7AC7BA263EDD6A,SHA256=8CD88C0931DB658F1D35B8181E38232E44D976D6DF13C52A6D8C02FBCD567905,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059319Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.130{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ga.msgMD5=88D5CB026EBC3605E8693D9A82C2D050,SHA256=057C75C1AD70653733DCE43EA5BF151500F39314E8B0236EE80F8D5DB623627F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059318Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.130{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\nl-NL\MpEvMsg.dll.muiMD5=2000D01C73693AC55224A2B50B154615,SHA256=8405E0027C96F98DA781F1E4371574EAC844A6FB11B049E53E0CA6AE3C43C7B6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059317Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.130{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\fr_ch.msgMD5=8B27EFF0D45F536852E7A819500B7F93,SHA256=AB160BFDEB5C3ADF071E01C78312A81EE4223BBF5470AB880972BBF5965291F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059316Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.130{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\nl-NL\MpAsDesc.dll.muiMD5=B919CA54AC5049ADC843E4FE829C9CD2,SHA256=34C8D6941EA69F1EF22D732D329CF5809236AB849CFF76A8435AB6B71CA931CA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059315Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.114{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\fr_ca.msgMD5=017D816D73DAB852546169F3EC2D16F2,SHA256=F16E212D5D1F6E83A9FC4E56874E4C7B8F1947EE882610A73199480319EFA529,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059314Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.114{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ne-NP\mpuxagent.dll.muiMD5=C4A6FDF1D995631B9C65FFC2AACFA873,SHA256=A8D371CE6D117AB8A9776D968D177AA03AFA2DEB101B77FF030ED8D8777CD8D3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059313Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.114{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\fr_be.msgMD5=483652B6A3D8010C3CDB6CAD0AD95E72,SHA256=980E703DFB1EEDE7DE48C958F6B501ED4251F69CB0FBCE0FCA85555F5ACF134A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059312Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.114{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\nb-NO\mpuxagent.dll.muiMD5=304AD32107CE26C67BB900EF0EF3619F,SHA256=7ED4B1F7B4029AC1BD5BFF3A524D8505627DE82C29457732BB70ABBB31FAA23B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059311Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.114{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\fr.msgMD5=B475F8E7D7065A67E73B1E5CDBF9EB1F,SHA256=7A87E418B6D8D14D8C11D63708B38D607D28F7DDBF39606C7D8FBA22BE7892CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059310Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.114{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\nb-NO\MpEvMsg.dll.muiMD5=E6B1FCA46E8D96A5C21D319484A90D4C,SHA256=FF51570F95646D497BBC29C0984DD5230BB98548C1E0A9F671A9FD9979CE8DA7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059309Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.114{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\fo_fo.msgMD5=A76D09A4FA15A2C985CA6BDD22989D6A,SHA256=7145B57AC5C074BCA968580B337C04A71BBD6EFB93AFAF291C1361FD700DC791,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059308Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.114{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\nb-NO\MpAsDesc.dll.muiMD5=049D5EB3CA6C39F7C2B52FB92F833B12,SHA256=561723B736EA9FA81951FFE37CFBE370000581511C404CD5DB37BA281C0BFDA4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059307Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.114{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\mt-MT\mpuxagent.dll.muiMD5=1909106149F61C1F8858F89AD26DE2A3,SHA256=F02B104DA41574ADCE8A1DD333B960E0F49014865E5A38C2F2C726D4BF37894E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059306Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.114{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\fo.msgMD5=996B699F6821A055B826415446A11C8E,SHA256=F249DD1698ED1687E13654C04D08B829193027A2FECC24222EC854B59350466A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059305Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.114{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ms-MY\mpuxagent.dll.muiMD5=AD98F9AEB308A129EC66CC9D00D5F89C,SHA256=95D7B51CACDD3D3080E3641A846959092E2868CD5BE7A488FC8524E1A5D870BE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059304Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.114{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\fi.msgMD5=34FE8E2D987FE534BD88291046F6820B,SHA256=BE0D2DCE08E6CD786BC3B07A1FB1ADC5B2CF12053C99EACDDAACDDB8802DFB9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059303Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.099{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\mr-IN\mpuxagent.dll.muiMD5=194257A1024CC7E39D63397FE1032ECD,SHA256=9D3248100342AEB6BE4C4EB53BEEF7A2C4ED20E7013BC0B982299EBAA98891AE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059302Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.099{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\fa_ir.msgMD5=044BAAA627AD3C3585D229865A678357,SHA256=CF492CBD73A6C230725225D70566B6E46D5730BD3F63879781DE4433965620BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059301Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.099{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ml-IN\mpuxagent.dll.muiMD5=7DB06185F5B8B88066388F4881076566,SHA256=E039735F816CCA4FD1D3B1D950D9393986967307FE04C6CFD9CC4FA50C6E2173,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059300Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.099{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\fa_in.msgMD5=E6DBD1544A69BFC653865B723395E79C,SHA256=6360CE0F31EE593E311B275F3C1F1ED427E237F31010A4280EF2C58AA6F2633A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059299Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.099{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\mk-MK\mpuxagent.dll.muiMD5=D254D68D9C9B3ADB6F299A2F8E995BB8,SHA256=2A79835205C8F5F628E88AA1E61F3545AE26EF87CF2FA004A42873952EC4D4E9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059298Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.099{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\fa.msgMD5=7E74DE42FBDA63663B58B2E58CF30549,SHA256=F9CA4819E8C8B044D7D68C97FC67E0F4CCD6245E30024161DAB24D0F7C3A9683,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059297Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.099{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\mi-NZ\mpuxagent.dll.muiMD5=ED26BA8C0D72BCC36EDC88C45EE5FFC4,SHA256=8688A71A827466A4040DC4647D08AA769246F391F30705FF1CA257F4F78D575B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059296Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.099{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\eu_es.msgMD5=D20788793E6CC1CD07B3AFD2AA135CB6,SHA256=935164A2D2D14815906B438562889B31139519B3A8E8DB3D2AC152A77EC591DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059295Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.099{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\lv-LV\mpuxagent.dll.muiMD5=CCB530458FCEE57E22B2EA4D6ED208EE,SHA256=E35D26C5075FC7DA7C0F8B60587E4F1283AF90A93A24552582211DC8DDDA1B01,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059294Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.099{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\eu.msgMD5=E27FEB15A6C300753506FC706955AC90,SHA256=7DCC4966A5C13A52B6D1DB62BE200B9B5A1DECBACCFCAF15045DD03A2C3E3FAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059293Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.099{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\lv-LV\MpAsDesc.dll.muiMD5=6E39C969E7C1B3504247517C5BF75691,SHA256=E9A47A06F4609DF0FC502073DB628958F73C7E4C8DA5B93184443791D02B8704,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059292Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.083{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\et.msgMD5=3B4BEE5DD7441A63A31F89D6DFA059BA,SHA256=CCC2B4738DB16FAFB48BFC77C9E2F8BE17BC19E4140E48B61F3EF1CE7C9F3A8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059291Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.083{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\lt-LT\mpuxagent.dll.muiMD5=9026148C819D5C847ACC68BC8E301ED1,SHA256=B7A3303B8AA2867DF57C5C7B5EBCC204A39165AEA0ADE83A73195E8B12FD3F49,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059290Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.083{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\lt-LT\MpAsDesc.dll.muiMD5=27533FBBCE191C502F58AA744C09B849,SHA256=14C86B9251617ED03F1CBF6BAD494E10D8AE4A421955E922719838A9CDEB9842,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059289Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.083{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_ve.msgMD5=F3A789CBC6B9DD4F5BA5182C421A9F78,SHA256=64F796C5E3E300448A1F309A0DA7D43548CC40511036FF3A3E0C917E32147D62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059288Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.083{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_uy.msgMD5=40250432AD0DC4FF168619719F91DBCA,SHA256=BA557A3C656275A0C870FB8466F2237850F5A7CF2D001919896725BB3D3EAA4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059287Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.083{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\lo-LA\mpuxagent.dll.muiMD5=7CC56F36F54BFD32B24F8269CBC25712,SHA256=8C228ECEAB7F6475A48DF767F88F4F1DFD108937C2453FE2D67DA7C184A338B1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059286Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.083{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_sv.msgMD5=6A013D20A3C983639EAF89B93AB2037C,SHA256=E3268C95E9B7D471F5FD2436C17318D5A796220BA39CEBEBCD39FBB0141A49CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059285Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.083{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\lb-LU\mpuxagent.dll.muiMD5=F550649C08F98B0AEA8E873D7522FF6E,SHA256=0D9E8A489A99DA0A85667A30782454F4393E9279400C368463FC421A73BBE50D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059284Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.083{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_py.msgMD5=D24FF8FAEE658DD516AC298B887D508A,SHA256=94FF64201C27AB04F362617DD56B7D85B223BCCA0735124196E7669270C591F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059283Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.083{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\kok-IN\mpuxagent.dll.muiMD5=DD8EB2310B7CFE70A1637B3554E0BA59,SHA256=4BB817A3216E25BCD96E8C6A1C9DB32B4B2F87696D6279E6BE0968921897EB42,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059282Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.083{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ko-KR\ProtectionManagement.dll.muiMD5=BB70C5EB54F690DFCA728895F25B6601,SHA256=38F74BC285D27B860B2A7F8B7DD707876C89D188799AB57A8900857E84141BD5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059281Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.082{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_pr.msgMD5=AEB569C12A50B8C4A57C8034F666C1B3,SHA256=19563225CE7875696C6AA2C156E6438292DE436B58F8D7C23253E3132069F9A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059280Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.080{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_pe.msgMD5=74F014096C233B4D1D38A9DFB15B01BB,SHA256=CC826C93682EF19D29AB6304657E07802C70CF18B1E5EA99C3480DF6D2383983,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059279Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.080{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ko-KR\mpuxagent.dll.muiMD5=2C5015292ECC9E51E4A7C5116F0D2F6D,SHA256=5B3AD7DF4494CDE19C3D80D0064C037F5882A60943165D31D6EB4BF66C3CF34D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059278Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.078{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ko-KR\MpEvMsg.dll.muiMD5=EA80DE1104EA53A2893D83B1FF47612D,SHA256=B61E5C561E1902D170E87D61112E93D4038B6F6A8F3C8B11C063EDCA3E37368B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059277Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.077{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_pa.msgMD5=148626186A258E58851CC0A714B4CFD6,SHA256=6832DC5AB9F610883784CF702691FCF16850651BC1C6A77A0EFA81F43BC509AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059276Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.061{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ko-KR\MpAsDesc.dll.muiMD5=1D1D0208330A5E6FD3019FFEEBC2FFAA,SHA256=3464105CF6B8FD9FF7366A52350217341C53BD20B0B9BA8C833502FF81A244F2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059275Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.061{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_ni.msgMD5=2C4C45C450FEA6BA0421281F1CF55A2A,SHA256=4B28B46981BBB78CBD2B22060E2DD018C66FCFF1CEE52755425AD4900A90D6C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059274Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.061{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\kn-IN\mpuxagent.dll.muiMD5=172B8401C1C0B9248548370B531E9BD2,SHA256=8714403277C0B396A6A8854BA936CCFABA5841143E04C2735D67AD3B81516767,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059273Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.061{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_mx.msgMD5=F60290CF48AA4EDCA938E496F43135FD,SHA256=D0FAA9D7997D5696BFF92384144E0B9DFB2E4C38375817613F81A89C06EC6383,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059272Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.061{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_hn.msgMD5=AAE4A89F6AB01044D6BA3511CBE6FE66,SHA256=A2D25880C64309552AACED082DEED1EE006482A14CAB97DB524E9983EE84ACFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059271Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.061{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\km-KH\mpuxagent.dll.muiMD5=D7C1156285AC257A9461248BCB1FDCB7,SHA256=C9CD72ED2E024BF5A3651350DEA394F3DA16B1A6A674130E175B6AA248C53C3F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059270Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.061{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_gt.msgMD5=1E6062716A094CC3CE1F2C97853CD3CD,SHA256=1BC22AF98267D635E3F07615A264A716940A2B1FAA5CAA3AFF54D4C5A4A34370,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059269Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.061{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\kk-KZ\mpuxagent.dll.muiMD5=CBB0D632BD86C20FAC9B608931890A2D,SHA256=F4D674AE9B124693687AA9181F8AB96A993A7439486481F5FFE9859B10FF3947,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059268Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.061{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_ec.msgMD5=CCB036C33BA7C8E488D37E754075C6CF,SHA256=2086EE8D7398D5E60E5C3048843B388437BD6F2507D2293CA218936E3BF61E59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059267Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.061{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ka-GE\mpuxagent.dll.muiMD5=5EA27B137DFF448CE6BD2879F3C66E91,SHA256=6EA4760836B21829EF37A42DD11D279755634397B45610F995072FF3C7372F79,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059266Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.061{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ja-JP\ProtectionManagement.dll.muiMD5=C56197002C189E3EC7ABEAC4CFF3E183,SHA256=D13177865A421AB8CCB13B22BC5C880DC5852F24444F2F2B3E9942CB6CB002E7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059265Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.061{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_do.msgMD5=44F2EE567A3E9A021A3C16062CEAE220,SHA256=847C14C297DBE4D8517DEBAA8ED555F3DAEDF843D6BAD1F411598631A0BD3507,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059264Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.046{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ja-JP\mpuxagent.dll.muiMD5=12B946F8340850633DC2DD6EE40F2A42,SHA256=ADB66E12F137843707DAE15EF8514215C3965D4F67FC4F6D378E2E9A2EA52995,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059263Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.046{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_cr.msgMD5=F08EF3582AF2F88B71C599FBEA38BFD9,SHA256=7AC5FC35BC422A5445603E0430236E62CCA3558787811DE22305F72D439EB4BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059262Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.046{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ja-JP\MpEvMsg.dll.muiMD5=0B72C73DD7E9D396164D44860FEC4603,SHA256=6E489D30EF3956D7C55DE98EB4A292D67534AC168821338DBB71387DCED9BB51,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059261Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.046{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_co.msgMD5=FD946BE4D44995911E79135E5B7BD3BB,SHA256=1B4979874C3F025317DFCF0B06FC8CEE080A28FF3E8EFE1DE9E899F6D4F4D21E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059260Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.046{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ja-JP\MpAsDesc.dll.muiMD5=A84F9DD91E651D6378ED25EE410ABD73,SHA256=DAA5A39F5A41E8549354878BCA60D247B097D0726C642043BCCC8EA5E9958834,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059259Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.046{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_cl.msgMD5=B7E7BE63F24FC1D07F28C5F97637BA1C,SHA256=12AD1546EB391989105D80B41A87686D3B30626D0C42A73705F33B2D711950CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059258Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.046{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\it-IT\ProtectionManagement.dll.muiMD5=AC686BE337F5CEA8D06B615FD6C4B9F7,SHA256=69F72D00445DCE6A4A9A2BD69627451C875BF864BF98F7AC554FB0E3737903A6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059257Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.046{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_bo.msgMD5=4C2B2A6FBC6B514EA09AA9EF98834F17,SHA256=24B58DE38CD4CB2ABD08D1EDA6C9454FFDE7ED1A33367B457D7702434A0A55EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059256Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.046{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_ar.msgMD5=C806EF01079E6B6B7EAE5D717DA2AAB3,SHA256=AF530ACD69676678C95B803A29A44642ED2D2F2D077CF0F47B53FF24BAC03B2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059255Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.046{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\it-IT\mpuxagent.dll.muiMD5=F81A22F6704F1980685E1B6B968B1416,SHA256=7BE6AA910FF4FD157FC6B9E52B7F7AE412ABD8312195E4CA3AE30DD30BBC7230,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059254Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.046{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\it-IT\MpEvMsg.dll.muiMD5=9621E72BDE052AF87248869D95F740F1,SHA256=24DEDBBE081A2D26F80A28F889341BC9CB6B69F7AAB007690F1D401E10C03455,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059253Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.046{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es.msgMD5=022CBA4FF73CF18D63D1B0C11D058B5D,SHA256=FFF2F08A5BE202C81E469E16D4DE1F8A0C1CFE556CDA063DA071279F29314837,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059252Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.030{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\it-IT\MpAsDesc.dll.muiMD5=999B7D50B0D5054A248145C57DE8FE53,SHA256=16A49CDEE6DD11357E6857C2889B32F66E5E2B76C349BBA38F202D0CA2439866,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059251Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.030{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\eo.msgMD5=FE2F92E5C0AB19CDC7119E70187479F6,SHA256=50DF3E0E669502ED08DD778D0AFEDF0F71993BE388B0FCAA1065D1C91BD22D83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059250Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.030{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\is-IS\mpuxagent.dll.muiMD5=E588A8FAABD5714585A6327BDE8A5620,SHA256=354ABCEDCAC302A6739CE0B34F2D370B64DEDB8446A7A8DCD9EBF83BFBCE8B46,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059249Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.030{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\en_zw.msgMD5=D8878533B11C21445CAEFA324C638C7E,SHA256=91088BBBF58A704185DEC13DBD421296BBD271A1AEBBCB3EF85A99CECD848FF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059248Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.030{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\id-ID\mpuxagent.dll.muiMD5=8EFD7C5E912ACA7F0DFA73B4E49835A2,SHA256=4ECB23CFC70FBFE8395D36A3F952C635AEA5E0C066AE7BEE0DA3E467D7B52BE0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059247Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.030{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\en_za.msgMD5=F285A8BA3216DA69B764991124F2F75A,SHA256=98CE9CA4BB590BA5F922D6A196E5381E19C64E7682CDBEF914F2DCE6745A7332,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059246Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.030{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\id-ID\MpAsDesc.dll.muiMD5=130873D2E19F8E4FECB3406E5B203E8B,SHA256=AD811C6D80C3BA2DF1D574F23DAC24A42DAB1C8DBD142CACA7DDE6293FBA1DAD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059245Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.014{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\hu-HU\mpuxagent.dll.muiMD5=0840EB14DB0A5B63509B244A7C09EBC1,SHA256=528EED32F6FE145DCABD4E5EDD619F2736F2AE9721DF9699EBC96DDA61793C03,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059244Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.014{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\en_sg.msgMD5=3045036D8F0663E26796E4E8AFF144E2,SHA256=B8D354519BD4EB1004EB7B25F4E23FD3EE7F533A5F491A46D19FD520ED34C930,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059243Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.014{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\hu-HU\MpEvMsg.dll.muiMD5=19B9FC01053994043BA62B9184DA6744,SHA256=D88AE56F4016ED3CEC159A725474199CCB6775B4DA012F2CAAFFA6BA34D2BA3B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059242Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.014{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\en_ph.msgMD5=787C83099B6E4E80AC81DD63BA519CBE,SHA256=BE107F5FAE1E303EA766075C52EF2146EF149EDA37662776E18E93685B176CDC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059241Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.999{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\hu-HU\MpAsDesc.dll.muiMD5=DF44AE65B816A9BD69F1DC16406FB958,SHA256=BE965A8FEA6A87CE70D33EB4273CB729E93BC968E3DDC054C2B05BE1E1B980ED,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059240Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.999{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\en_nz.msgMD5=DB734349F7A1A83E1CB18814DB6572E8,SHA256=812DB204E4CB8266207A4E948FBA3DD1EFE4D071BBB793F9743A4320A1CEEBE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059239Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.999{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\en_in.msgMD5=1423A9CF5507A198580D84660D829133,SHA256=71E5367FE839AFC4338C50D450F111728E097538ECACCC1B17B10238001B0BB1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031803Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:32.767{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=373F2BE66E09D2BF95073812E19A8DE5,SHA256=FC67D2BDE4EF4EA45FA80BF650FE177EF82DC21DA87B29CD7AF6AB0678F116BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059882Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.984{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\maintain-git.htmlMD5=D24C8037D20CD0513C05B3C57CB121B8,SHA256=F16276C8DADF20066FF526A6DA876E7FE8FC18684EAEC84FD7A1FCF2EC0C39A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059881Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.984{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\nb-NO\MpEvMsg.dll.muiMD5=5FDCF259858872EE1ABE3281898C379C,SHA256=10EE08B3A7635F66D34DFA65B33919C8481D16960332AD3F5EF6E52C8F465C88,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059880Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.984{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\nb-NO\MpAsDesc.dll.muiMD5=CFB0B5A63855D0AEDA094C8F708446AB,SHA256=0FC17F8F1842DE2DD527C354F21D8F56E91EC2B8D6B45C9D8645EE7E5F1F2F05,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059879Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.983{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\keep-canonical-history-correct.htmlMD5=ED7D54E4B067CCAE0CBAE4C0A58BC544,SHA256=1750717230D2BC51CC3DF427B8C275F3B60A217671C89E8670742274CAA1A11D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059878Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.980{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\mt-MT\mpuxagent.dll.muiMD5=C7463FD36BFEA4AD8A7B447C83387975,SHA256=C1BFEEC975FE032AF6FBB26A951D0F3D5F997D8EBA83253BEDA348F19489CD6F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059877Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.979{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\coordinate-embargoed-releases.htmlMD5=3D6A1B59C199C61FC8CA43D477212B8F,SHA256=90D5670E4550170241834808B618C15FF341DB954898DD582425224B6F4FED07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059876Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.963{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ms-MY\mpuxagent.dll.muiMD5=9F7CDA909D065F05CD51520A132F29CA,SHA256=71D891BDC00C8BCB61DD210140F07C11AD335B2054CBD3477D34E891D1C16864,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059875Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.963{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\mr-IN\mpuxagent.dll.muiMD5=616672ADAD44978A93DD29C3AFF3A3FB,SHA256=9119954D8CF59229485AFD1C84FF59B9A43F2CD5BA2DB7315A926C9BEAB69B71,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059874Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.963{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitworkflows.htmlMD5=68B55F57BFB95F5F5968DCB23DCBDBAB,SHA256=E59BB997EC7C07DDC2017486FA09C41DC3BBD3E7B5C7F00CB6803E03AC82469B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059873Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.963{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ml-IN\mpuxagent.dll.muiMD5=CE67EB83066266D989BD40B93DB1E5E1,SHA256=AAC779E6F9C48C398433467AB471CF8184AA48934259A6E010239236CB11E208,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059872Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.963{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitweb.htmlMD5=C61983A318D44A8383648994584DC4E8,SHA256=57EDE3258F7E1570328C2AC335226BB6E924AC51865263857363A84442A45283,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059871Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.963{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\mk-MK\mpuxagent.dll.muiMD5=15FF598CC5BD7B431D7D132862F55EF3,SHA256=766A403F969F503EF7F9D6E82AE3561EB335A536912F494ACF95FC4EA4A0FEC7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059870Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.947{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\mi-NZ\mpuxagent.dll.muiMD5=3788E807D6F10C0001F53139D9DABC19,SHA256=4AB897CD15C2D31C9661718388DB713C856DCE8D44C362668D7890BC134BE52F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059869Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.947{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitweb.conf.htmlMD5=C67114CA3CB5F5473926D3761EF5E8C7,SHA256=011D2641ECA7E6C9FE9FF38103FB7F07D395A48F796E07EAD29E153A9C702251,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059868Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.947{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\lv-LV\mpuxagent.dll.muiMD5=617B7682629B4CC3CCD20461FAC82FE4,SHA256=D75934FAC5D74B3C33FCC1000082572E3B952F11535A228634DC2396096769E9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059867Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.947{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\lv-LV\MpAsDesc.dll.muiMD5=31CB57ECAD792B98A297EB11E9A7C9E9,SHA256=C2034D6E7B108624A9B54ECDB46F551D6D7D42B7E8AAE15B76DD374631453EB0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059866Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.947{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\lt-LT\mpuxagent.dll.muiMD5=FFAB10FABD8E0B751EC3A27114B0D312,SHA256=55E7F6B79E67B57760AA30B6B961B2B24008F6B1B5511DAD69495DE0025938AF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059865Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.947{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gittutorial.htmlMD5=1899E0A482CC12B941529EC39A2F27C0,SHA256=491C16026C3801FE418347A45F42BBE6147ACC00D55B67A17744EC7B5FDBDA53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059864Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.947{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\lt-LT\MpAsDesc.dll.muiMD5=D29C9AA95B1DA0F81053D22201A13917,SHA256=2EBD95BA55213CF43024FDE78CDE6984204782A598A658B39A704BC4DFF0D852,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059863Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.947{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gittutorial-2.htmlMD5=667DD7EEE3EFC9CBA9623AB1ADD49F82,SHA256=EA4DA0CE38C926CABD1393B5867EE0D11C57F4D0A39A8DCD14AF3B26D5275D5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059862Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.931{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\lo-LA\mpuxagent.dll.muiMD5=B16EA2ED909DABA1F1DE6AAF72CA1029,SHA256=75D899538C2D4DC4A8939677007D0E4E5CB895C18283B820652027E81D2FE6A7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059861Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.931{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitsubmodules.htmlMD5=FEFB2A61089C782F59A2FEF621CAB4AB,SHA256=FACE1C6E3F37D33436254517C6CB523FAAACBC94F8CFFCF4EA7447EAFDF18D1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059860Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.931{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\lb-LU\mpuxagent.dll.muiMD5=540D69728262B6D0EA573760766F3D74,SHA256=73A8E841A41261F687F977A9267D2AED22FB213AC18A979986388521F2E27889,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059859Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.931{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\kok-IN\mpuxagent.dll.muiMD5=67CEC24F2A913B13EFFD516CC1C268B2,SHA256=DF5E390CB29986F9DE5DAB9A07C98B7E8900A7BEA18328789129BB7828B1D65F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059858Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.931{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitrevisions.htmlMD5=5460477695142892ECF267180FA073BA,SHA256=0F832B0B0B24F4EBD6516E9C0B8AD78727301EACB54BE08C053D86286A671326,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059857Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.916{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ko-KR\ProtectionManagement.dll.muiMD5=6D0C780B43FE275E596379E82DCB8E92,SHA256=C59BAC91B6FFB0720CC2B870432C7664D1BED3FD87924CE69AB2F6B45944E167,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059856Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.916{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ko-KR\mpuxagent.dll.muiMD5=5E8643FA3B8DE677F6D8067080E997CB,SHA256=5B27A6B036C169C7E7C1958258E9703220E627B5771AC7A9AD8CD82D739CC5FF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059855Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.916{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitrepository-layout.htmlMD5=1D72463F4D56237E3274608D46CCC736,SHA256=5C8E1C56281057BB4EE10F1C7BB85BA686A7559B725F7198594BCF24FA714656,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059854Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.916{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ko-KR\MpEvMsg.dll.muiMD5=1327C65ED55EFF9B36558DEB38835CC7,SHA256=F18F5CD68AC4D136823E022122DB655F5B039B27932E72E8CAD58598F72A96DF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059853Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.916{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ko-KR\MpAsDesc.dll.muiMD5=827B4902FDBC58E3D3F8B792DE127DED,SHA256=9F4DDE454C2A250E23B3DA294BCC60BB3440173F1615925976C211930A1C498B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059852Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.916{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitremote-helpers.htmlMD5=B00D6AC0CAD7DD8BD6D90F65E2114471,SHA256=D8ECF3DE835BAAE04AEA9FB9D6FD19C1D29C3A0A8660445F5AC17C8078E14270,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059851Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.900{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitnamespaces.htmlMD5=1C174F3D68493A9BE3DADC873254C1B9,SHA256=EBE5230E10D57B9D0CC980EF18A5ED210E34889B87631D74BB7F3986BE9CC397,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059850Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.900{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\kn-IN\mpuxagent.dll.muiMD5=86B822CE9BC38CE46BBE27A5384DC80D,SHA256=875F3EA93784906E27D4DFBF3FE36E02EC884B69B583167B5F67FF2D49BDC583,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059849Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.900{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\km-KH\mpuxagent.dll.muiMD5=6B2E423EBF42BDB0AF71FE06E17B67CF,SHA256=8AE1A88C2A45733355C43200EC6B9C0548ED092E9AA8CCAD59ACFECCA8B3DF6A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059848Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.900{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitmodules.htmlMD5=5BF2E2E9D8EDC7A3BB73003DACA18ABB,SHA256=DFD85B8B85CD8C8D05A08EACFF97DDF69CF3D8E455C0975946A3F892698AAD04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059847Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.900{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\kk-KZ\mpuxagent.dll.muiMD5=D92C5011F324331B87199AAB960055A1,SHA256=60A4EB86C6EBB9F6B1935F03BE9A68B0509D5352BC8987110ED2F01B85EF9BC4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059846Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.884{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitmailmap.htmlMD5=65FB3F042AEE17712DE19B4CD8FB5FFC,SHA256=55F3CD481A2C4442DB53D4872DF92A4CE331C213E51EF64A422612A768A26F69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059845Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.884{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ka-GE\mpuxagent.dll.muiMD5=E61CDBC7A03903C1FB46DBF483120534,SHA256=6DB928110D1182A49A69DFFE9BD1C4DBD2FD41ECA7F3BA631B4B02CA63B8DC20,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059844Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.884{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ja-JP\ProtectionManagement.dll.muiMD5=4BA4863398F9D3A14341A90340ADD837,SHA256=0911119BDE414FCA215CC8C941C1A3C64A8CBCC4447E84AEA5A33A52AABFC7E5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059843Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.884{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitk.htmlMD5=2A428BEC5B86FDD58C7763A190B9E718,SHA256=ECBAA490BF7345D621FE09FDF49BA44DBCED24DFCA86590563DDD415B30D2A78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059842Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.884{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ja-JP\mpuxagent.dll.muiMD5=2F8D87418BE89AEC3E480603241645A0,SHA256=E5F3B15FDD277DE34F31C54399B3733C09948425E58F17FDFBCFFA3EEC1B753F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059841Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.884{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ja-JP\MpEvMsg.dll.muiMD5=D6FBB0AA6A8533D567AC5721572F5572,SHA256=B0B5F85E29C125667B21DE6F9A64F34EC0463A21DEB2EAD2E9E5CE0D647129C7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059840Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.884{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitignore.htmlMD5=6A1E9792A696310E3D5D939D3AF58D4B,SHA256=B9B04EC80C121E12CAF1BB02E3A6E1CF45944B50448873B7DE38E857BD176EF2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059839Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.884{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ja-JP\MpAsDesc.dll.muiMD5=428AD8639C3AD8F407B956A34F1639CA,SHA256=3038D8355D5427CB12B3991EA9CB4B4239F47476128D9D218EB460256FE170F1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059838Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.881{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\githooks.htmlMD5=CE9486C856805ACF653F002E13CA4448,SHA256=B3993F9788FD7765E2261E3C499953D9FA8F920DC8DACED8BAB5BB22FC7CEC2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059837Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.880{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\it-IT\ProtectionManagement.dll.muiMD5=777476D36AE3DCD67F0B513A78BABD78,SHA256=C8092FD81326BFEDE9BF52D35241885511D47EAC373731EA93FC0BFE07F01479,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059836Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.863{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\it-IT\mpuxagent.dll.muiMD5=7C4B6C01EA2973D7EBA9DC5329762A05,SHA256=F2F6B07B04669E8647233C23D1CBB8BC1C9BFFC17A4EF2D232E4047B6BEDBC69,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059835Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.863{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitglossary.htmlMD5=DBFF10DFF61E6167EA18ADE6724B05A8,SHA256=B096ED479204847D6A856FC275A1E10B3ABBA1B84D2F63AC4F3AC27B822BB068,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059834Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.863{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\it-IT\MpEvMsg.dll.muiMD5=5A3B2FC4401F36C9AD86C35EAB74758F,SHA256=6CAAE2C575EABF5EE1575A772AD8354A95BA844EA8FF7A8E5ADBD60B86707945,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059833Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.863{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\it-IT\MpAsDesc.dll.muiMD5=A19BB14BFAEDE6B935A682C9413D2801,SHA256=C7D91D653BAEA634320A32C8E8F026E80A901909D4CBBC892E06BDF13984C229,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059832Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.863{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitfaq.htmlMD5=D264A2716B7479F8F6EED438D9B8D1A4,SHA256=369CD1ACEB6E516FD9177D1A1636C0B04498190E4A73EA1CE3A52B9C53117EB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059831Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.863{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\is-IS\mpuxagent.dll.muiMD5=6BD7423276AD46B3CDEF38BA5720008D,SHA256=890F7612900356F92608206602D2286E9DA0D3E6E32F3A5811A4AA0465C542D3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059830Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.863{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\id-ID\mpuxagent.dll.muiMD5=14DD9F68BB3CF706E82E604D92BC9667,SHA256=9D40D6072C054EF189642585E98CE6C0762C13B49C79F8A028B079EA8BDB987B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059829Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\giteveryday.htmlMD5=DA184D6206297720996988BB62A32B23,SHA256=DC98FE4A816B173B629A501F9B76D529491BA47E96CD048B46F0433FB2EDE464,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059828Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.847{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\id-ID\MpAsDesc.dll.muiMD5=9A55FE7C8FB7BCEEA0D68356C0FBEB22,SHA256=D68C14FDAD363BEACE5FC239E01AFA3EC94272F76149E30F8638A17409D52C6B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059827Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitdiffcore.htmlMD5=1C578CCABBD01E1570ED9D0710720965,SHA256=C42FEA55937C713C8363A2EE89DBA78BFA6337AA22369818BFF422721029E74A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059826Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.847{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\hu-HU\mpuxagent.dll.muiMD5=B8A1D06A635EC9117D631296893DBA4E,SHA256=F4D6AFE2C2700E08D0D2E87351C2AC40D098E7DE422E44F4F284F44A2684022D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059825Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.847{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\hu-HU\MpEvMsg.dll.muiMD5=41CFE9742D1BCC8F83CF7BA42C53CA75,SHA256=90CD22C43F9FD84E9ACDA40960BAB35E5625677F6D6A1050BA3BE5D69A4D2CA3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059824Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitcvs-migration.htmlMD5=D43DBCCCBEE5D0E922C52EC047F5E34D,SHA256=8991352AF09072F55E9D744CC7908E716E661F735CF8F8CDCEBE3596C30C84AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059823Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.831{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\hu-HU\MpAsDesc.dll.muiMD5=B8A9D8E07AB91A42DE78285BDD389DF5,SHA256=326B29389525D0DC4A3F4ADDE98C743F007A4CC6F1ADE965E172232BCA505BEE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059822Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.831{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitcredentials.htmlMD5=CB1EA5C1ECA11BA28BF3B80FDF951EBE,SHA256=BBBB2D001E506195A93AC6D4C30CA300739E23E80363C67B6A67B83FA7F9C2D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059821Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.831{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\hr-HR\mpuxagent.dll.muiMD5=AF0CAA0BA9C0C68A0B0063736131F7A1,SHA256=359874993CF50CFB8693C79F45CD3EC300380B6B858CC4173A230351743CF36F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059820Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.831{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitcore-tutorial.htmlMD5=AA5DFB39FC015F8859B2FCC0698A3DB7,SHA256=ECA63B3FC77841A360C5543B06AFF6BE1BD880256EE0C284FB1BA9F9F34E27AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059819Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.831{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\hr-HR\MpAsDesc.dll.muiMD5=C73205CB1B0F4E1ECC0B152C6931DCD0,SHA256=8EC17FAAE3557271D819AB68FEFD7DF311BCCD499D143EFC09EDB91E4451F3F0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059818Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.816{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\hi-IN\mpuxagent.dll.muiMD5=DC1D0F133428B22F059B464C82DB1DE8,SHA256=128C0ED323C6E77FC35B6DAB82E39EE697E272585763FC229A8701D482C37B9D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059817Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.816{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitcli.htmlMD5=FA7E2DEBB661FFAF1D40BC6A3B590642,SHA256=F5FC99A715622AE641C7A18CF135B9608E0E67A079C3EC7E0881525BEEF8FB40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059816Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.816{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\he-IL\mpuxagent.dll.muiMD5=D36B54F154747671C36BEC17F54A3B2F,SHA256=4A86ABB4E911B6B64F96C4AEB240AA3D3DB308A3A05622FD539E077414EEE59B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059815Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.816{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitattributes.htmlMD5=F222DC0A0BA3BC8DD77755853B818CDC,SHA256=DBA9092D39DA5D2B0A3E8217B2BD857DCBCD9DF9A19FAC86CBDBAE0DA50A7135,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059814Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.816{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\he-IL\MpAsDesc.dll.muiMD5=7E436CF108E953CCA2D0F3237986A444,SHA256=026B28B226DE4257A845144732FCAB15D68AA07E2F4687400871039202B712D2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059813Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.800{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git.htmlMD5=317C8AD5238572E74F4987B89348DFFE,SHA256=C911936FAA08B716AC42C19937E071CD1F2139A05E93673E67200883951F4569,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059812Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.800{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\gu-IN\mpuxagent.dll.muiMD5=78205A28B81F1FC7FD3DB33296114361,SHA256=857A85F9EE60452CB967E748B3637F866903596F6410B1EAF48031C6807203A8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059811Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.800{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\gl-ES\mpuxagent.dll.muiMD5=FB4D8003094A4CE9DA7EC5464D99889D,SHA256=6343CC909DFFA4725FE8751A3056BDA0873A69912A34E4201217F0AE87A3DF43,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059810Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.800{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\gd-GB\mpuxagent.dll.muiMD5=5235873103D602D5D323B1EDA1997C65,SHA256=AEC8097CB4A2E91866C7F92AC8892AC14421FE25B1A42376634392CB3D9F124E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059809Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.784{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ga-IE\mpuxagent.dll.muiMD5=D6F9F55398473AD2E87C213B5EFF0BA2,SHA256=1724C7152D25A63C0286C64D196EFCC605D8A038D99E1E38F072FF255FC29EF2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059808Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.784{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\fr-FR\ProtectionManagement.dll.muiMD5=3FD1F273261457EE40195711DA3ABD7F,SHA256=7D46CF096A43AD39D3301097A70151DBF1FB82D4F1118D0CF48EC06469E7D51C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059807Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.784{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-write-tree.htmlMD5=9089613E93F5D889737053B07951BEA1,SHA256=609EF79F195E9CF08FDD791471E358D2E2FC813619E98E6FBFC724BAEBBB0A57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059806Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.784{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\fr-FR\mpuxagent.dll.muiMD5=3835EB2D1B94579B2BD9AA5358C5F66A,SHA256=AC82BC31108864BC48BAD4F05423F4D38A79BD51CFFEE02D0FFBDE7FA2CD8ED6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059805Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.784{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-worktree.htmlMD5=BB55148DA4BE019215A6861869E06F6E,SHA256=65E54D6C992265FEE8FDD0749770D5445178095E026E37AB18ED77542E3E4C07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059804Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.784{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\fr-FR\MpEvMsg.dll.muiMD5=B8B47071503A90228F91DE6CBB02E43B,SHA256=F0BE5FDED7115202E8745561C80AA3617FA6A953B97F6686EA1AFD6172294892,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059803Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.784{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\fr-FR\MpAsDesc.dll.muiMD5=444EE6AD9F2968664663FD20594B936B,SHA256=425C83136B811898CC72649E44B3B87ED7E56F18B4C4B9CE9206BD6D387344D8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059802Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.784{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-whatchanged.htmlMD5=BB859987DA36F9754DA8D01FCA7AC139,SHA256=4149C6ECDFA9FDA069AF23AA962BA4209E646254E5B2070A02F2FDF6733E888F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059801Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.763{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\fr-CA\mpuxagent.dll.muiMD5=79FB0CE377B0A6982BBED4091753C195,SHA256=1827CA3C0AFC83B9A25C3D11EC795FD94A78689413076B8524DC73E4AD77FE8A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059800Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.763{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\fr-CA\MpAsDesc.dll.muiMD5=ADB249A84DD01D20450BC41C93FE0C62,SHA256=F7FAE4DEDD9CD06548F257860F24B1AE27581D8854CAD5CD670079AA7B757E93,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059799Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.763{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-web--browse.htmlMD5=72A50189E070639C9BFEF28E8AF18AF7,SHA256=D9496677D11AC69466BA510B5373E6728EBA0CBE407DDCDA45BA9C4B38952251,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059798Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.763{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-version.htmlMD5=3DCE6E4633FFCF674C3352AF08105DE4,SHA256=DABF2062B6E112B648118A13958801B65BA57ADB37D524ECF394C28CAB52BB59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059797Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.763{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\fil-PH\mpuxagent.dll.muiMD5=26E79D3B4EC619A27CEF7BD83D4EE65E,SHA256=3E4EA9685922E3C0C5D23FAE7C6903286D914154B4C3FB24A936B959021A9DCC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059796Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.747{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\fi-FI\mpuxagent.dll.muiMD5=8224DF9E2C464A75A9D16F883CBFD145,SHA256=71DA1F1BB23F20739DC3123D1DA0894F78AB34B47594A35B8B16CFD5C09A1407,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059795Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.747{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-verify-tag.htmlMD5=308B2A26F84E5810F10324F67E9889AC,SHA256=F576EA626459EA1646C06A72CDA96FD8CCCFFF3D88BB1016C0B8F537EE74F2A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059794Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.747{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\fi-FI\MpEvMsg.dll.muiMD5=18595D849EC73B7ED715E56A195EF1D2,SHA256=3FD4F514FDC757F689271E89A8829B6AC9EBC3B438CB25D7E55657EA6262C8D0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059793Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.747{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-verify-pack.htmlMD5=AD499411B6D28950C401B0A894F81A01,SHA256=4C3CB273FDA3D6DA0F6AF14A5A66531784CAB3BF57848676261F52191FEAE8BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059792Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.747{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\fi-FI\MpAsDesc.dll.muiMD5=37F8EA3627D07550F16635C31195CD13,SHA256=CFB7B894942678A326BB8C431189F59FF11936FD8702221400AF944A9664560D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059791Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.747{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-verify-commit.htmlMD5=8468C84E55329F9570D6316991030209,SHA256=B13E8FE72464F755673779C61F4EB52B1156FA83F7272B5C1860753D5D2BC40F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059790Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.731{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\fa-IR\mpuxagent.dll.muiMD5=A1ECBE1B9DFC59FB9F27FA3BA6147EBE,SHA256=1C05760A1DE05EA9EE65F0E201439A046A6CF99EF99D1BA5B4FF674E8EAA62E1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059789Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.731{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-var.htmlMD5=9DFF43A6D53F7B4111009F7E29A7EAA6,SHA256=C975C555DD7447C1BB65E0C9E9EA8CB1DC76F8BA26EB447C93B43D50A7B7451B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059788Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.731{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\eu-ES\mpuxagent.dll.muiMD5=CC64309DFCB215ECD4DA00A93928A042,SHA256=D944744DB37364D3416FA075D0FBD00A35F8DD40FEB5C14799DCEE717FC38FAD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059787Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.731{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\et-EE\mpuxagent.dll.muiMD5=0E8EAB1D61EE07D242F1993030D2AE6D,SHA256=F3EE598C985D4DF84E7B910CC4E9682223E974CF8A33686ED6647A1A0D1F32AF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059786Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.731{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-upload-pack.htmlMD5=A13503C890E8F40B07BBBBCC68247481,SHA256=51FF3543D6E39DF784E6F20E58FC69A48224E19838969572BEE266711437BB01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059785Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.731{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\et-EE\MpAsDesc.dll.muiMD5=E64432BDE02CCD3C6B3CE7A1CD29DA27,SHA256=93D29CBFE7081F82324492FA46D2B83546244F39ECF99C1F1787883178139BBF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059784Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.716{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\es-MX\mpuxagent.dll.muiMD5=39E7324A415DD307F332D5EF4EFAE9A0,SHA256=DF7FB4E16EC395F8656CD2BAACB24DDC34A94339F59361DCE724B2DD09E79582,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059783Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.716{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-upload-archive.htmlMD5=B1CB650379A3ECF6C5619EE8FD77B250,SHA256=43EE5A232C4EF8F928829C72D9059A7EC24992391A4BEBCEB955545F6C400AF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059782Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.716{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\es-MX\MpAsDesc.dll.muiMD5=D62AE379CCC6AB86CA07F9AA8AF67EAA,SHA256=FD0442F13A8301FD17088CEEA425CAA9DDE2141107D901D2FE76763C77C9383B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059781Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.716{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-update-server-info.htmlMD5=B35D998EDFF28CEA6572F78A21F1F721,SHA256=77158FF485606BC883E8E77BE202EA961ABCDC17AAE6D2D29CCE63219E6251C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059780Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.716{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\es-ES\ProtectionManagement.dll.muiMD5=D76DC5133FA900C28A449DAB4816B24C,SHA256=5F09FB7745292A7BF34800218D9C53BC1F0F5800ACD4BE1C38D9EABE1774A24A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059779Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.716{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-update-ref.htmlMD5=27E3FA58BD03819E77CF809F8D370D84,SHA256=1BBE9549F2890B21649C62B784A433B2703A071C4C69C63005F3EBC1D6886D67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059778Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.716{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\es-ES\mpuxagent.dll.muiMD5=D86B67572A9CEBFE108F14D07DD0D334,SHA256=68B5F5A11C980C6E9652641935A7C148B54F9E16842E58C286C1062EF8515B9C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059777Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.702{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-update-index.htmlMD5=9D30077CFE0E6A7DE47A9B183EB97FEE,SHA256=E98CA6502BCBD66CF56665BED9A67AB802B1A2531397BCAFC0D94A8FABCD4001,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059776Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.702{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\es-ES\MpEvMsg.dll.muiMD5=FE37D2D4E452B272650937BAFBF764F9,SHA256=4C64CD3ED413623AB77A59B73ABAA1967A0702BC106F0B8382CA2254A6334325,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059775Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.702{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-unpack-objects.htmlMD5=947ED743F391D929AFD97D1CF17DCD97,SHA256=29D87693724246786BE55B929DECCD07C3668612E4F98B19A602C921844EE5B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059774Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.702{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\es-ES\MpAsDesc.dll.muiMD5=8296FD160C769C86DE46BD9AEF62D942,SHA256=02FECD06A553F8E40BA138FEDD8F8C3049BA6D50898156941CED8574E27A76A3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059773Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.684{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\en-US\ProtectionManagement.dll.muiMD5=7D2B3FFF57D9D57273D3224BFFC9342F,SHA256=0DCE81DFFF29F46A1BD42B30CB9D7F8819DE598401EDAC156D27020AEF433965,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059772Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.684{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-unpack-file.htmlMD5=DEA11D7388C8CBCAAC5999254DE83F8A,SHA256=DB330A2CAFDA9F71846C850D9A77948810B7036C1EC0C885450E5BEB0937689F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059771Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.684{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\en-US\mpuxagent.dll.muiMD5=571E7AE814D5201148573B00AB991580,SHA256=4B78F3AF4CC5135D0D75B5452F32B5C853E2C1892CF68F0518EEB6DEA8577335,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059770Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.684{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\en-US\MpEvMsg.dll.muiMD5=C138D75DCCA451DF4FB131DC350E3BD5,SHA256=0B075E3BEE07D8A595F9AFFF9359B0C0C5D1324F7D3ADD1E706823135BDCC5F7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059769Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.684{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-tools.htmlMD5=6D2E93732F08329C91BA050667EA9937,SHA256=2D4CA440CAAD46A1FF28CB86C1DA73846C291C755DC51788BC5134EAB3252DF2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059768Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.679{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\en-US\MpAsDesc.dll.muiMD5=ADBE721E9D27B348D982E8033CD2BAFE,SHA256=7DA1C35364A12248B551CA88FFA3DFDFC7384BA17F99FE244E92C6D03B9E4198,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059767Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.678{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-tag.htmlMD5=DD20198E793BB1004DEFF34F205C0230,SHA256=AA4A15A4B6B0E4A1E69E779F30C8821E390F537A68A277F69EBCC81D736ABA2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059766Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.661{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\en-GB\mpuxagent.dll.muiMD5=1B9465A4455DE69F5931C50680CF4E9C,SHA256=DFA5936CF84A776A0D71793B41ADCE04642539B40DDC8E14803FE30ED164DA2F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059765Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.661{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-symbolic-ref.htmlMD5=8BDE8E0F84AB31707C44B8FD28374D20,SHA256=FCF7A1CADCF5F3FF95DE504ABE964A87B887DBB1BF52D857531E81A0BDCB9AB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059764Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.661{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\en-GB\MpAsDesc.dll.muiMD5=91DF6161B15135CE8196BA483D060981,SHA256=B803C9E1F0E2DBB86354C448796413C3E8C5070040A51E5958B6C7CA7AC7AB3E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059763Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.661{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-switch.htmlMD5=F40BF2A3B456EDA0545FC1358C30AE90,SHA256=CC45B5652165C42D1010B591B2CACACFE607F8A254D06B77330AFB161D49D412,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059762Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.645{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\el-GR\mpuxagent.dll.muiMD5=2CD4344849D0BCF505ADE332C36F3785,SHA256=2EAAFEE79D53B76B660E9D3FBB234255850A7542B421F190C0A3DE4C92C7B5A0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059761Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-svn.htmlMD5=5B6415B19F3C704750A53A72991FB2C3,SHA256=151466276045E3915F34B4EC5A7912D2A1A2A7D32A23FD2F4124694A553F9064,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059760Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.630{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\el-GR\MpEvMsg.dll.muiMD5=08747F805CC49D4928C0EB4D742A2F90,SHA256=62C3CC63854A46CA7415BAA7AA2E4AB3C508A00461D2C684F1D5588A24F0240F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059759Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.630{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-subtree.htmlMD5=30BFAB4AAAF27D476A5C4A764F2BBB53,SHA256=2E0B87F1D53E5C9E65E557F1A4F5D57CF8BDA38EA66FCA4FA1DF439474F4D769,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059758Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.630{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\el-GR\MpAsDesc.dll.muiMD5=83A1CAEF812FA2B50E949212F72540DA,SHA256=29A92DFC89C67BFBF21E827FACF72259395E9A06198F331CEB7C2ED827C83A57,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059757Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.630{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-submodule.htmlMD5=9771625E923006AA7FE0A959F18E8952,SHA256=6C80C5B6D4D5E8990A7105835B64520887B486178A7BA52DF81E3DABD0164A77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059756Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.630{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Drivers\WdNisDrv.sysMD5=6235F2DE87229EA585FFE5DE39F0AA62,SHA256=572D59AFA2B0BF080ABC64604DF60DE696BBA397C98D84CC63A9E2A218BB57BE,IMPHASH=B2232D76DB16949062B092AC66B306E5truetrue 23542300x800000000000000059755Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-stripspace.htmlMD5=95AB1F3074A46F359E246BF9B8F82E58,SHA256=52C07ABA9A58021BFA328E1F9D6CCBF9B8E4E1652ED6921105DB7ABBE92F8BBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059754Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.614{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Drivers\WdFilter.sysMD5=77DD1735A9DF898C6956B14017375975,SHA256=98E4D84E679A2C8054C64F33B260EF1E65EC63BD4634F1518351A45F4B699ADA,IMPHASH=D148E8A715DE2CD7B90529132F014544truetrue 23542300x800000000000000059753Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-status.htmlMD5=248C3028EAAFDA2D911E476AFE31DFDC,SHA256=5AF157CA5FBF0B21DE36EE05C02309F89BBB1F57E7E05EDC389A0C3ED460A38C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059752Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.614{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Drivers\WdDevFlt.sysMD5=F9FAC685628553E6D565AE4DE7246BBA,SHA256=50762F4493CFAE649B1CA996166BF1FDDF9543EC7BA9B1493A3A51371556E32C,IMPHASH=FFAB6852F7551B536A89E4E6E6DEDE4Atruetrue 23542300x800000000000000059751Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-stash.htmlMD5=ABB73DF8C1F7557E0DA8A682CA10F4FA,SHA256=423FD56DA4E8B77B9587D6833567598533A009DB3D6011196C0545E56985ACC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059750Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.598{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Drivers\WdBoot.sysMD5=650C6FD2FCBAD1011EDFAAD3CA25B5B2,SHA256=37987A7CD3CDB764B8517B0E5F3D2AC243A16683F8F516D62926A3261FB6EBA5,IMPHASH=4B7A0029980F4F757F052F90FE2D4610truetrue 23542300x800000000000000059749Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.583{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\de-DE\ProtectionManagement.dll.muiMD5=0166E70A2E5D5FC71B0A2B25BB228B5A,SHA256=7F68C4BEAB8E19843CFA8A64DA7807C0D8F411929E870D29169C5F26B7ED64D2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059748Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.583{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-stage.htmlMD5=C941BF5A42BB4D88D6F4D0FDED29C8B1,SHA256=BBEB89FF239B0ADD69393BAEA5CCABF78B5403E62FEB051B0876815AA82C4796,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059747Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.583{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-sparse-checkout.htmlMD5=9C27668C346C4AFB8BBC8F8FB5415CB2,SHA256=767DEF1DF5965631F08E8C25C22529EA1E7BAFE3F7BAEFF0368834DE2DDD6747,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059746Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-show.htmlMD5=6DB4534E734096A5EFB23AEE839733DF,SHA256=B6593947FABEEF87B2569F03C6C4FCB70266BA76F793AA92A5D297CB9B59E2AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059745Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.561{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1396B5AD8EC840AA05B3A37E383B5939,SHA256=D946A6CFF35289929870744AD6BE6F6D0CB511EF1D55FC56CC19322F9C3D0D22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059744Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.545{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\de-DE\mpuxagent.dll.muiMD5=BBE47E5DEE92A8B698CC32F08DFE96A5,SHA256=65BD31A281B902876682E2F0A4C4C351E58B9566D7145A6EEC9B2BAEC7993F4B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059743Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-show-ref.htmlMD5=7721068004DAEF6B2E46A97FE5B8459D,SHA256=E23BF849E2ABF5EE4995E44405438944167F1D6A53E187C389CCA3C1F3E259F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059742Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.545{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\de-DE\MpEvMsg.dll.muiMD5=0B3A5FA626030311614C2547A9EB5AC2,SHA256=1684A36E39A053BF44FD76B018AFF0BCA6906717E063CB77D07B6CAFD60C3E92,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059741Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-show-index.htmlMD5=47D54EF36E11C16D80DFA1672C5F2A90,SHA256=2817EDD1382712CC94091E90606DDCE659F46B975F6C75F5F97246B84CDBCFDA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059740Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.545{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\de-DE\MpAsDesc.dll.muiMD5=0E426F75FE1508DA5744E3CFD3DE4565,SHA256=7953274C4CD57C3ED51A70737DD79ACB77B5332F7990102DABEC8C88B9E674BA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059739Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.530{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-show-branch.htmlMD5=228054288B1B75357E8AD975A9EC04CB,SHA256=184B10B429366F09B31A54DE2F95977D1246521D5529C36A1B12A47F7F1F13E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059738Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.530{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\da-DK\mpuxagent.dll.muiMD5=63AAAB7FAB9E9C8AA639538E42693C73,SHA256=D71CEB4F045E69BDB53724731187A99C4CBBDF833FD2C20D0A56CFC4A1A211BD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059737Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.530{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=224FB1AEDDCF8FD3E60DE161E49605A4,SHA256=6C1ADB9861FCE0D7EBF2800B00472A7C855707710B0B1592BF22B3A026FDAD25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059736Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.530{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\da-DK\MpEvMsg.dll.muiMD5=40411D7CFD9C01CF8A24D822518C5DC7,SHA256=F06CD298DB59E531C38E8FB1E323CA42EAB237811F37A9A5688CC7E4C9B34F0D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059735Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.530{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-shortlog.htmlMD5=2CB4679CED43BDDEA82EBFA3061226C5,SHA256=6CA5E5D142372A29ED3A21C5C0CCAF39AE4DD81877C9725928BCCBB2474934C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059734Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.530{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\da-DK\MpAsDesc.dll.muiMD5=7002E37D15578AB76351D48E5DC7A041,SHA256=AEB31511AC56F7C92236429D3813A46F00AFD764AAE729F7F970545F32F2D30F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059733Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-shell.htmlMD5=9D7AFA36705580C2276299BD64D031D8,SHA256=30D0242D4FCAF03BF2DCB3BEBCFA92951BE3B6596E3587BAC822F98CEB5CDA50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059732Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.514{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\cy-GB\mpuxagent.dll.muiMD5=11039DE43A580BA56A93891D03E1860C,SHA256=E60E2BACFEB8E3F6546523C994E53BB6F642F47922D82C082808B19CE7F058BF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059731Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-sh-setup.htmlMD5=27397866042C8C29A559993183F07B7E,SHA256=796F72A179C4246C2E2DB1444CDA55C2AC2539C01B24074771143BE048B8115B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059730Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.514{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\cs-CZ\mpuxagent.dll.muiMD5=8428C747303945155EB786D42DF5F80B,SHA256=4633D24A1145C73F1B30E0CE5115C206148D4101F189CCE7F46ABBBE55F85D9E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059729Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.514{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\cs-CZ\MpEvMsg.dll.muiMD5=1B94C3DE95A8E4CF7088A3868AD80C53,SHA256=0E24FAFC2D3E78E6432F8002E28DF96F1C9D9D682231C3FA2A7318F3887F5977,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059728Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-sh-i18n.htmlMD5=29FA3E519003F8540A5A30DD8896C839,SHA256=39B696E0F2DAAC6B820F6E2579A018DD7F9B18D0903C093FD03F6843ABA3C5B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059727Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.498{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\cs-CZ\MpAsDesc.dll.muiMD5=FA840C2488639346A3B5B685AFA32216,SHA256=C1EC33FF09DFB562BCAE9626FCAC25B2306FCE6B94D1533687538E0BA5656A83,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059726Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-sh-i18n--envsubst.htmlMD5=0FB1EDDB1DDC8C3C5EF85F957745DE07,SHA256=A164CDE99D988DCB8581837D97B824205C5574A7B19C599963741F6D24DF20B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059725Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.483{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-send-pack.htmlMD5=0E471640772747F726EA3810176EA415,SHA256=BAD75D82768A21D642A64863429DA0B97BD80A2566C9BF3C4D82522DE834466E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059724Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.483{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ca-ES-valencia\mpuxagent.dll.muiMD5=2F7CC3AC02551F51EB6375265D115BE0,SHA256=C2BEE351A04A1327E15E08494A49BCAB5D06E29E27CB1E0E8733B5542D062740,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059723Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.483{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-send-email.htmlMD5=1F4FEAB28679A75B5D986D5A6FA56C96,SHA256=127EC2CBC88FA91C00A2D0F8FE8DBF1124D13C79689EF0BDACEDC5B61A3F8418,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059722Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.483{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ca-ES\mpuxagent.dll.muiMD5=506079C24A07C5EC10C3D83BFC7A3C71,SHA256=BC7325278F6708D9578976932351221DBFF7E9642FFB37614D7AB3BF4E6D40E6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059721Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.482{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ca-ES\MpAsDesc.dll.muiMD5=05A82F52193DAC30031F88E1184566A6,SHA256=A6EA3A48442D18288562F9307BD7325725B7890599DCB6C375D7375C40043A50,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059720Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.480{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-rm.htmlMD5=E818537891BD060D07FA9F201EF48C1F,SHA256=4366DC5DE205044CE9CF069CE924330366D060F9BE021A76CA2C1EDA7A09A5B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059719Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.477{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\bs-Latn-BA\mpuxagent.dll.muiMD5=02D8182839C7F969FD9ABBD1EA9F106B,SHA256=FCD0F0DAD9461A7C75E4203672E09F1CDB50DB012A20F969CE9AE2FFFFC9E35D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059718Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.461{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-revert.htmlMD5=1C735C927682DAD6E1CACF0F894FBB14,SHA256=94708C77FF16411BEEF6747D13D05149FFCD10F41382A86DDE7C7818BD37897C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059717Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.461{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\bn-IN\mpuxagent.dll.muiMD5=0AAB9273EB8B1544410CEB9AF7FE24E5,SHA256=C86973D39EF05F56F47B3AE96CED1956831BC48AE59FED68457B48A16B48AA57,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059716Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.461{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-rev-parse.htmlMD5=F578565149FAB1B01909B106DC3081C1,SHA256=586388A11BEC46FA7AF11156383B0B31C3E341E7B2150D2801DDE81C3FDC7D9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059715Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.461{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\bg-BG\mpuxagent.dll.muiMD5=4DFD17A5DFE8955E36D316F8DE387EF5,SHA256=884760A6D0F6FD86EF676A48C27347343909E5D96F3B3C563EB6B798288B2B5B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059714Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.461{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\bg-BG\MpAsDesc.dll.muiMD5=8B3CF5F422B3702DB51A1BBA61383DB5,SHA256=C744BC8FA99D069AB48DBE2FF77FDB91981ADFCDD49CB0552066C52583BDBDD3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059713Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.445{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-rev-list.htmlMD5=4B18FBCFD968A91C87FE234A07065025,SHA256=A6DB3FED054B5041EDB3ABF64B35A1ABD09E9EFF309F6805AF21FD06F72CBD21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059712Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.445{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\az-Latn-AZ\mpuxagent.dll.muiMD5=B086D69050D7E5F1BB9F88226C1D6B78,SHA256=134D8BA36231A6573B104E189AC2C802959B93E875FDAB76BC6097D5D50FD01A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059711Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.445{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\as-IN\mpuxagent.dll.muiMD5=9E43EB454C70483DE65235F9F535DA37,SHA256=259BA6BCDCFF400042CD92E153A4A0AFD72DC2CAB3CDB386B2FDADA27084805A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059710Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.445{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-restore.htmlMD5=D4D31CF836912743C8A7B2A9FDD48BFA,SHA256=6053DBADA608078B86A26D31F2088092251170747CB2326048EB54F4F7E7EF75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059709Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.445{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ar-SA\mpuxagent.dll.muiMD5=F218A80AEB9611847C734157608F0F4A,SHA256=EE35A4337E624310B95BA0CBFED50555035D0DFC7765C9450DEEFF2F18744797,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059708Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.445{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-reset.htmlMD5=2556180B5739AD3989197269EA2ADAD0,SHA256=EA0DA7031040CAFCB034C227F2217072225F41CF87BAA06FDAE53212C08D9AB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059707Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.445{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ar-SA\MpAsDesc.dll.muiMD5=53E256868F86F9BFFDC7DEAB4E9404AA,SHA256=A01FA79CB461438CD6970E7F0790C5BF6A2EE824FEBD1D58D346E03C37D334F6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059706Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.430{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\am-ET\mpuxagent.dll.muiMD5=0C2B85019D58FA746AEC3D5A8F74C495,SHA256=5FB99F39600BFCA3F5CD7017FD7A6502F1DEE92D89F3F3802ABC5639CBD405A9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059705Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.430{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-rerere.htmlMD5=C5440DF39C8C140BE8492B4CA362CBE8,SHA256=90665F4032906999BA29762D68E4205890BBA874059D9A651E3CF021CCE7CF33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059704Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.430{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-request-pull.htmlMD5=780A89F8B776225BF42B42AC2E8C7369,SHA256=2D833D9370C8825916163ECE217BAE69A13BDB258F53D5346E4E4A71AECCAD89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059703Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.430{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\af-ZA\mpuxagent.dll.muiMD5=4D99797DF62E0BDDFA99C3B43811EF93,SHA256=48689B259689596D2CF334561F770A3D5304DBC9848019DFC3DDFE6ED81C1997,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059702Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.430{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-replace.htmlMD5=6E98CACF7E836097CC0E83576A1113D4,SHA256=A17967FEC5F09BF5815AC46B076C2083D7467942D2EDFEBA871BA03435410982,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059701Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.430{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ThirdPartyNotices.txtMD5=CE7313760386B6ABDE405F9B9E6EA51D,SHA256=73E26404B3571A9E859B3A1144F54C353172479586E0A23C3A7DDA0C1C0AE919,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059700Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.414{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ProtectionManagement_Uninstall.mofMD5=72D045707D108D55B76CD70AD9A84AD6,SHA256=30A0AD834D7B3F4FB47010B4BB6905576792E83064E9DD858EABF0CCA17FC3DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059699Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.414{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-repack.htmlMD5=5194B7447FE0A0220FF8C04417BF4DA3,SHA256=49597AD0D4D40B4E305AC0C0A2FAB171577ACC52A053B8070F2A581C064B9F78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059698Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.414{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ProtectionManagement.mofMD5=D9619BB89523F47C88DC5FC8BEA50BA0,SHA256=3ECDCEF5A04C90CA1EB296F3AE4F1C5BC96C371E84BE927C25FA64D6C74C34AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059697Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.414{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-remote.htmlMD5=8310CE9D2D4FB2F390222D806481E59B,SHA256=4EE74D1781DE47F54FD9EED8D47074F58BDD2D61C4D165A89035CA2A1D8CB6F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059696Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.414{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-remote-helpers.htmlMD5=084B3CF5CC7C67BE5437DE4546E31F73,SHA256=9424E20F008DE26CD5AE5DA27504B0A96BEE18E5B5EFDE5D8C8B7876B84013DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059695Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.399{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ProtectionManagement.dllMD5=0F9485E242400DC47A9FCA73A3443120,SHA256=8DA908D6AD4F307D6AAF8CFB1A9C27B3F3A285F84B1F3C817F50D7B154DC575F,IMPHASH=170002200EFBB48482AFA5E458D56D3Dtruetrue 23542300x800000000000000059694Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.399{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-remote-fd.htmlMD5=E917171BF81B92CF8EA436135EB6044A,SHA256=69663C7F2715C567076646043B762364A4679853B6D68C32F9524A46C6DB1F42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059693Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.399{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-remote-ext.htmlMD5=42F0FA965BE9CABDB5F5CEF45CD825F2,SHA256=5AF09C85D3BBD607C0101D08AAD416C8F0988CE82A3119C795A2C26E43053352,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059692Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.383{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\NisSrv.exeMD5=054F919445EDBC999989A1413FD87437,SHA256=A124EBD9240AAA542962CB2A1059B6315E9F2183CBFD08B4E8029EE15B6A009F,IMPHASH=B4267FF023C00AB6FBB4972C1FB30C34truetrue 23542300x800000000000000059691Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.383{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-reflog.htmlMD5=54AC653A29E1453422C98DFB85834C41,SHA256=474B93119A7999C30DBABAB702ACE5F3DB42F2A5D014D097BDF9DAB36AF8ADDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059690Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.380{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-receive-pack.htmlMD5=6CCC8635B6FE6839DEEFA47E1BCC0298,SHA256=D99DDD5A45A6BDEE13C81934E73E9AC615AFE2E7A68FB60C163B0D37EE1D4D0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059689Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.360{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-rebase.htmlMD5=CED46D800F96B298427E26F1D7BF3B1D,SHA256=7DDC1A43C44E0931FEA3A49F5E1D96F439C17D55C1A937271DEEB85A088C27CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059688Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.360{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-read-tree.htmlMD5=6213239EA600AE9415255807323ED57D,SHA256=6FF2A94FEB0803E2242B481FA4A68CB06B585E512CCCEAC19E8348E9C919871F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059687Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.360{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-range-diff.htmlMD5=1B2AB38D69F9CCFD14C87E66DC298661,SHA256=F1AA25666AF2216E5C2509EC49AA5CE2D0E56EB16C0532754EE10728A07D3FFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059686Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.344{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-quiltimport.htmlMD5=0054794492358E966A6D6AF2393E3E1E,SHA256=03BBB3DC027B507B233BFB04A8115029D99B0EA6D51F9DC7A2F70A20472AC6C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059685Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.344{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-push.htmlMD5=47D7F21BACFD4D89E5632D93F5996D62,SHA256=159D7099F3812EDBBE02A915D88880C3099F42A7A3BC93F590A0E4E57D62AE3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059684Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.329{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-pull.htmlMD5=DDFBE1F4878525E1EA4D832820B3583C,SHA256=7A6C6B3C0C126E352133B84C617D51FAD76339962A05F4575F4D67E5A1DDDC07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059683Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.329{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-prune.htmlMD5=03A771C503ED370DB7F59BF43631620D,SHA256=1428786C15EC6FDD46D0AA3548C4350DCD1EDD56C845469680F2A77469024AC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059682Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.329{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-prune-packed.htmlMD5=A6330D28DFCC5ED321E4337BEF294D3C,SHA256=36EBBE58D632EE219E5EBC29ABC3491CC3C98BDBFC6965E4880B2FC900B5D476,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059681Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.313{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-patch-id.htmlMD5=E09F5629272510A41D5F5A8273706484,SHA256=1D1271004AF90C2E6A93CCEF25688641605AFBA3BE75170F8120FE0D91251359,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059680Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.313{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-pack-refs.htmlMD5=3667A575CE70E880DA7D75D292A47B6A,SHA256=3AEA09026ABC53A290B429F185F59D17C3F67B3F411B828C3D9A44F0D0A2C34D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059679Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.313{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-pack-redundant.htmlMD5=50941FD5D9807261741DA445B09E3515,SHA256=AE4B245D5F22A104E6122532A70FC02C260590BA1D0D86EBF7D38F6C79AFE059,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059678Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.297{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-pack-objects.htmlMD5=6F9263BEE995BCE481935AE8509530EF,SHA256=5217E2507CC5E6595DBDA1D9EF0A7E72EDDAF92BB7ED43190601121B542C368A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059677Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.282{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-p4.htmlMD5=64C93FA3918491E33BE05C4577CD067A,SHA256=861FA1AD886A89DDAAE3B50E5C72FACB5DECDF6993843EC6AF2417C0946EB5D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059676Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.282{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-notes.htmlMD5=6F51970A874D6567BCF5CB2EBCD54C51,SHA256=5F49B8EDC83AC1D841F20D0FD1793ED47FB3342E7FEB9988C151149CFCFC01F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059675Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.280{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-name-rev.htmlMD5=BCA6E60655121494A4DAABA99D094ACA,SHA256=BF62B4626744DFF620BD10A7E731D3A4EF350C077F50E28CAE57F3E5A0D57FC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059674Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.260{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-mv.htmlMD5=E2939C347136FEC608198EB81438623D,SHA256=DDB414A699A8D015A6D827C15DD6A88989D8B0FB809A9CF3B447307D34458F65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059673Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.260{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-multi-pack-index.htmlMD5=977D39B0F316A7119571EF23032DF498,SHA256=0B5393FE5E005398C5B3184E7AC429BFE685B121D7EDB87299A1A547F45A35E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059672Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.244{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-mktree.htmlMD5=AF04ECF7DFE3B36EF6066ABCCDB0D55F,SHA256=5F49EF774D9E5BCFF0A73E9D81A05623C2682024D0636F85DCEB1C966F1EDAAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059671Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.244{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-mktag.htmlMD5=9E3038A410D48B5A90329C435BE7A964,SHA256=13201632255C7F587A785DD166BC264B39653370C264684CCF4C56951BB7F407,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059670Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.244{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-mergetool.htmlMD5=0A16011C071607BB5C6BF74C417067B9,SHA256=B697277F94E30C4BD88561D5AB438BF8A9578A3A67CBC04A680FA813687C08A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059669Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.244{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-mergetool--lib.htmlMD5=21360075D457C480C686CD0E8B15FF8C,SHA256=7136CAD94418D494A42194CF2C547176E1015ECD999A382665F997E5654976D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059668Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.229{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-merge.htmlMD5=AC1F33340F9ED283ED19DD55EC22835A,SHA256=4B4DF99C9FB2F686AAA20C225F65FC727997A5FF91F369618AE84A398981CF8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059667Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.229{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MsMpLics.dllMD5=7B842DAC975E04C90F9B23B7D04B5160,SHA256=61D412008B89D3B931BC9E8AD731F792DD9EF2D2F147916103B8F9392CF8D501,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059666Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.229{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-merge-tree.htmlMD5=A22DC1A27FC38E7FC0E9BC52731DCC6A,SHA256=083479AF27F96CF93DB843AA02F19EC033A3289730716363892E5A015FBC91F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059665Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.229{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MsMpEng.exeMD5=15D205854CA62B75C0BF447F9DD8119D,SHA256=B815A94D49CC0E8DB03456CBBAFB4A052F481531F8768CE704A2A012FD84B7AB,IMPHASH=99C98AC382B2B1D56BA3D07EBC95CDEDtruetrue 23542300x800000000000000059664Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.213{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-merge-one-file.htmlMD5=41F161993B1B5C9C9DD20FE260B451A5,SHA256=87FD4DB4D05AC281FC188BC004FBBCE9BAC3597A64A19F363DBFBEDC8BD6B2D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059663Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.213{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpUxAgent.dllMD5=68228D20DFAA033D246B8BED272CF92C,SHA256=C44F961691C4F91AD370985D5EB281F843EB5DCF6F5EC98D9C9A509E789CB7E8,IMPHASH=8CA081F2F7B12D686C8459E89B4303AFtruetrue 23542300x800000000000000059662Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.213{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-merge-index.htmlMD5=846787C4FD911B0899B212DC921DCE9D,SHA256=15B94BA89B01FA6E9CF6E3A0945B30C5ED6055BB9254AED2C0823E053F24F545,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059661Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.213{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-merge-file.htmlMD5=D0821E1A6073CC36BEE9D3006DA0CC27,SHA256=881893B4DDE87DB780F70947EDD0C2FEACA6D526FE8836F60EA448202B994E33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059660Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.213{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-merge-base.htmlMD5=2F09224A6A1617FAF7AAE7B11F4FF953,SHA256=91103318A694F268A0A7B38D7984F6F47DF81BDD4A4EE036474FB3257C941F78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059659Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.213{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpUpdate.dllMD5=BA4E1FC83B68F72927F58BBFA064C294,SHA256=23C224794D0342F3C97D6F104B40465A8C314186DD3A9F0CBBC9A9441700AE83,IMPHASH=FF86D41A21C61CABF3B1B37C0EDAAF4Atruetrue 23542300x800000000000000059658Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.198{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpSvc.dllMD5=0618D6AA4B96E666F1C3B79CA1531187,SHA256=89FD82BABFEE76643CA0F3DC4730302575E2BCCB00F744090D9E253A8CD9EE53,IMPHASH=92FDA95C32C79BC85B7FFE35C7460B34truetrue 23542300x800000000000000059657Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.198{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-maintenance.htmlMD5=22E9EE6C8AE9A6605C67DFF285725684,SHA256=45CD29A2DD7E27AE0FB3F2AE8B4DE210EA2E0C516E1566B489446BE8EACBD1A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031805Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:33.768{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=509CA3E23EC96F7F02F1DFC7FDBFAB74,SHA256=CE82419FE6701E66E311A78D3E21EF4D5F331DF4EB844A3FD291C16810D5FB9D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031804Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:31.937{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51386-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 11241100x800000000000000060169Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.947{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\licenses\ncurses\license.TXT2022-01-20 07:58:52.694 23542300x800000000000000060168Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.947{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\licenses\ncurses\license.txtMD5=CC0A55715A7A16A0B4C47ED044C9B934,SHA256=C6D48FC51CD703F8D17788D84398A6E424B9AF40E1D624A44C99572F4E4FAB25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060167Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.931{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\icons\locolor\32x32\apps\gvim.pngMD5=C6979E4A62E273BCDC3FD0D3F297477C,SHA256=8E581FD329182684BB816113C7CE8989322E012B2A77D2A0E4C1590021860B42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060166Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.931{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\icons\locolor\16x16\apps\gvim.pngMD5=0101441754B003FB7FBBE90DFE734F52,SHA256=C9F8ECC9936EF3CE54F5B9B2AAC816B9539B753236C53E249CDE0F2791AA4712,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060165Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.931{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\icons\hicolor\48x48\apps\gvim.pngMD5=15A993017F77435643CD32291E7BD436,SHA256=F1983ADC079EC56957131A19F0BFCF627231FF8ADBE51FB112017FA53199FF73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060164Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.915{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\up.pngMD5=81854A03247E9BA6981EED0B909B9C42,SHA256=C54B75948F4D26357DD018159078F36F90DEEAF29CE3B9D2BD0EA6655EF1BDA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060163Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.915{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpRtp.dllMD5=B2BF088D673A41015660F06122544306,SHA256=DD0F7E91CC8070701CFB6E5AA8D396BA4EC10293070A2A39CE734CA933B4A5D1,IMPHASH=284241B97D473A4D0B3D15E1ECA07B6Ctruetrue 23542300x800000000000000060162Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.915{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\up-insensitive.pngMD5=97C742A19428C428C552A380AD9FDE9F,SHA256=0420F2040EEBF418098A86A3FB2EF5A9659C87D37B81EE85B69316B045A9453A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060161Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.915{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\trust.htmlMD5=E72A838BAF517FE97275696A76FE6E96,SHA256=40A0E8EA9B4365D571B40AAAECADF2CB003692595F64AF442E4E91987F0A9F12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060160Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.915{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\trust-nss.htmlMD5=9928025A1D3FD3296A2DF7E5EDAC36E9,SHA256=45AE78A4D11B08F56D0990C85B7046F9736CE21F22F527849DF642DF37524A99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060159Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.900{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\trust-module.htmlMD5=B7B46DA8DD9B65EFF245AAF1278EED1E,SHA256=01B2F2DEDF99589FF32523F8DBBFF154D23E7E09FC7AB3F59D09DF2964CC0DE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060158Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.900{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\trust-glib-networking.htmlMD5=DD139095CE3B09C9A1373FE0FE817A04,SHA256=9509CE3F613DD441B9967290E10CA5A76EF6157BBB10A5C0B6B2B990D572B380,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060157Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.900{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\trust-disable.htmlMD5=6DA0A6813E46022514FA495E5B7E95A3,SHA256=E7CD84961A9A19A5BC6D27787F87F58E23914B246F6079B22134409AB7EF8680,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060156Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.893{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\tools.htmlMD5=2C032DAA8AAED0E7AE178AE2796A9D2F,SHA256=44A22F99BD5D70C3105F6CBF7672BDA673074D636AF1B4D5F4A59572431DE322,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060155Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.877{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\sharing.htmlMD5=D7EC1C529283A58ECB3032DEA22ECA74,SHA256=D674442C60CA917C02AC12FE48FEC1FEF70FCB0EEBEA37E9AAD94FEF1EBAA1D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060154Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.877{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\sharing-managed.htmlMD5=1610D61997285007B8A5A6257BF5C15D,SHA256=0FDCB79693B213C6E69FA2D063D12B789837EDEDD5799E9EBCFE7C2254B25DE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060153Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.877{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\right.pngMD5=BD51FEF29CAA82CB560340BE392B37A2,SHA256=0629AD38280184BE1B94602F2015707A28170151058F7171AEDA501FCF0979D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060152Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.861{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpOAV.dllMD5=1EFC781902A9A6D9B41A637D6D208BD6,SHA256=69393FFD5B8CDF374EA7A98AD71796B2F51BDB70313F43FFD319E90FB54C0A2B,IMPHASH=03EE692DE6217827EFB332DB1F358A4Ctruetrue 23542300x800000000000000060151Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.861{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\right-insensitive.pngMD5=987CF4AD9491F01E8DB264D38098A576,SHA256=794050C64C498420599162F2B3B6928232DD0BE7991D942B1DC0B1670EB8695E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060150Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.846{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\remoting.htmlMD5=5C0406B878496B40AE6357B3BB45729A,SHA256=BA9BB2A336EFD06EAC377F5565FF116AF148C078CF875826F305F3D4B2A4E952,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060149Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.846{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpEvMsg.dllMD5=2C4F5638B077C41E8A414EBCDDE3FB8D,SHA256=08548E5F0088B14904F4204F8E47A29A52B39DA7C95487290B278B40C27E5A94,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060148Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.846{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\reference.htmlMD5=866D1475C18FA06EB9E4CC9BD8363C61,SHA256=9E02759E46B5F899349269BA21DC5668FDDC38F076A4E4AD9219BCEF1A8B967E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060147Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.846{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpDlpCmd.exeMD5=45F4A3E1B907587D70B423D77828927F,SHA256=46C1A8F13E5AFC84A647E2E00DBB604FAFD1315265AEB2CAB893995CF0722274,IMPHASH=73B146117A6C5C4715CD7F3710845C83truetrue 23542300x800000000000000060146Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.846{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\pkcs11-conf.htmlMD5=BE1A634272C84546A285F64DF3FF55D1,SHA256=1AE1DD46D715339F5D0887649A1EC3D464AAFDCB996B90F8DF9BDAB7B7D93A62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060145Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.830{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\p11-kit.htmlMD5=0178DB9688AF9966157D0FE269AFD492,SHA256=B621F0393582C7E179FCC296B6FC6D0531DC6847BB3C44B8F0C2795B7F131748,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060144Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.830{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\p11-kit-Utilities.htmlMD5=05A760EFE075026BCBF6CA5875E96DAF,SHA256=7A2ABC0FC8BA6571A52B1D24E1A494E4EBACEB4F5E9228680DA422C839FB9E3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060143Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.814{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\p11-kit-URIs.htmlMD5=DB1C6B2B72FD29A9CF632B15DD32BBEA,SHA256=B81DBC3871367284B85CE5ABC24341EE944CB65A08BE8AA3B046954AAC23D844,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060142Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.814{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\p11-kit-PIN-Callbacks.htmlMD5=C69E562A9FDECB7AF957C405D6CDE453,SHA256=F7836D8D332003EE1C51AC9084BCE632D7430B623E70FDAB13934A6805BECE2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060141Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.814{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\p11-kit-Modules.htmlMD5=86EB3CE0DCF4261EFAEB630702FAB239,SHA256=0260BC817EFE2D74EACF59292D08DAA339F12B77A4A417859D7502F61401757C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060140Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.799{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpDetoursCopyAccelerator.dllMD5=8EFA4D2FCF62C85B514DDEA02A52E8EE,SHA256=C39A8AE6EF502AD32437E942ACB790CD960F643D619F162B7417D62B1F1FE174,IMPHASH=F50111F80E604507B2C7408826513BE5truetrue 23542300x800000000000000060139Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.799{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\p11-kit-Future.htmlMD5=010CA784AEF5E589BB3C0FBF923385A2,SHA256=8FB8F7015191C8D00170354B81A8D9C590FE60841B1AF408718EA7D9EB8CE974,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060138Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.799{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpDetours.dllMD5=881CDD2CD81AF69EF79188AF8F4F79AA,SHA256=BA946465B47B7F1014BE41FD49E37A2423112DBA833519374ACE30837C6A4FB4,IMPHASH=347E3515FA426FC23AFC3969AC2AA015truetrue 23542300x800000000000000060137Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.796{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\p11-kit-Deprecated.htmlMD5=0DCF1BFFB308811B5C065DCCF9589AAF,SHA256=32E3901CB45A21C969401729C015E4728E5964F047916B1BBA8465F51E7151D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060136Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.794{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpCopyAccelerator.exeMD5=12B82361BE827DB8DAC8DEB7566E1A27,SHA256=1F0C41EEF553A8435D3A529B29AC3C0736CDE78F399DDF6434DC81A965821299,IMPHASH=2E64BE4FE96382B4D9FDBC155B3FC191truetrue 23542300x800000000000000060135Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.776{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\left.pngMD5=0CC08008324009BEBC947C6AF6DD52C1,SHA256=0EB96FE775524C2D4D4F167D79041B17C5CC8AE9112478665132C31A1417FB4A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060134Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.776{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpCommu.dllMD5=56CE35BDA5863763F46170EF16AA16F5,SHA256=700E0C403CC24B6856F32B9DCA7C5C06A382229755B59FA30D24DB30B9211880,IMPHASH=62F06A360AD973C1B32B3050BFEE8E5Dtruetrue 23542300x800000000000000060133Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.776{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\left-insensitive.pngMD5=B992596E1683A40D89D15DC8DCB58C38,SHA256=303355D93CAC53410997DC7A3F9BD60F3CE0D8EBAE7908978C8731FE9BB139FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060132Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.776{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\index.htmlMD5=071111B0527374BB0567F0ADBEE8F1DE,SHA256=2B2108A6F13EAFD791C5D6401A31A0F71352942775461DA63FC66A3326AF6E1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060131Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.761{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpCmdRun.exeMD5=D06785497C59761CCB542B24465B21C1,SHA256=CF2E3EC88871745526030D5F195AF65464DC27C33588E406CC4ED7154BF7ADEF,IMPHASH=BFE54B9A9FB809E3964F535FD29E3413truetrue 23542300x800000000000000060130Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.761{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\home.pngMD5=83CDD16D5FC01D8D7DFAF97DF1120BC8,SHA256=7A8D24B00F5FB6BBB0446249B605EFDD36598E8A0F65AC3FAB2E18438C73B91E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060129Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.761{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\devel.htmlMD5=94903A5C7A72035F9352F51819597AE6,SHA256=43EB89050C915B95BE022DEE64C48B7BA6E782558DB4531316822A70F343E6E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060128Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.746{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpClient.dllMD5=6162555E30EF285268C2C31D31F749AD,SHA256=30A26281EB7DAF02F4D48FA4E0636A640F5EE58973774D11C723E0EEFF054FD4,IMPHASH=624E1189FDB72BC74D16BA15256EB0FCtruetrue 23542300x800000000000000060127Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.746{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\devel-testing.htmlMD5=CE1DAA60E11C2E9F27F77B1DE6434117,SHA256=A3893F3BA229D8582D872357761989A9B9ACAE6D453BBBFD920D373223D27934,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060126Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.746{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\devel-paths.htmlMD5=E57DD9DBFC6CCF290447C131EAC70034,SHA256=7A0A4947DB44402585341F5DFCA4833EB8A8883BB1B6EE37B66392A68D421F6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060125Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.746{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\devel-debugging.htmlMD5=5486E1FAF1472D683E606E5A81581760,SHA256=57739F2647FB69FB1B4178D12535D2E90621DD299F4BACAE60AB120FAFFC12C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060124Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.730{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\devel-commands.htmlMD5=A668DCCC8016D127CC87330E046D7762,SHA256=22EBB8E599A7B1C7CC6DFA04A26DEC8FF3494B8ED1D28D9DEF010C465D377BB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060123Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.730{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\devel-building.htmlMD5=4CF41C1275486B3CF728329FC6131AC4,SHA256=F1226382D06CC3027E6EC7DF1675798617816388890CAF5C019A0FB6B620DCEC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060122Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.714{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\devel-building-style.htmlMD5=845B61FFF8349566681DD348454F9172,SHA256=CABB1261316609E6CC133428D2C812F91254318BB2E977579323272AC477355A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060121Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.714{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\config.htmlMD5=02D39D68D955972A2FD49238FF3B0660,SHA256=EE37CF4564E949B90E2D45A4BC19A72D37658AE9281D6B5CE674701083A6D25A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060120Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.714{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\config-files.htmlMD5=CAB5111F3E0D305CE5D82A814B6FE716,SHA256=E40B1380128CFA983F6141CE8D44EB78F12132EB75756431AE40BD3059B7AC05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060119Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.714{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\config-example.htmlMD5=B08EE8724ED755EA88A66B32BB84BEAE,SHA256=48EA4DAD4DA66BED21C0AC3BFE8B5C395173C1065170B6B3DE61A401DA23764E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060118Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.698{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpAzSubmit.dllMD5=DA6365A95C78411696DD0D48421980CB,SHA256=A05B590C79C85D0B3747ED0D72B053BC850052034A10CA37390A94492064F6EB,IMPHASH=300ED5E63E8A71D34B395F9FB0DBF683truetrue 23542300x800000000000000060117Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\sks-keyservers.netCA.pemMD5=3CFC5D2867A6672F4F629220632948F4,SHA256=0666EE848E03A48F3EA7BB008DBE9D63DFDE280AF82FB4412A04BF4E24CAB36B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060116Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.zh_TW.TXT2022-01-20 07:58:52.616 23542300x800000000000000060115Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.zh_TW.txtMD5=09070448C470B393724830A851A923C8,SHA256=1B745D2293BDFA5154CE1278236AC258F442CAEE7D328317C7E475880C261EDB,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060114Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.zh_CN.TXT2022-01-20 07:58:52.616 23542300x800000000000000060113Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.zh_CN.txtMD5=32711126514E9B5D9263A69FFD99349F,SHA256=7BC19422E1C5031A034042EA6E6B8D5EC81857FF9EE4605E505A40105227F90E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060112Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.TXT2022-01-20 07:58:52.616 23542300x800000000000000060111Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.txtMD5=8C6EF448AEFF84AC79A378E154FDD2A7,SHA256=A83CDE33912331F7D68CD1074997E95CE3C57C27185424CDB84D98D460A9E2DC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060110Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.693{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.tr.TXT2022-01-20 07:58:52.616 23542300x800000000000000060109Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.693{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.tr.txtMD5=220682465372281151E7E40B546C546F,SHA256=9C51E8863BEE4699FFF0BCE77FF5AAD420DAEE802B30D92633705F509A933502,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060108Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.676{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.sv.TXT2022-01-20 07:58:52.616 23542300x800000000000000060107Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.676{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.sv.txtMD5=14A267CDE4AB3BA9BF15D6BAC9EDDFF5,SHA256=05CDF5A33891882A1B96E007C0AC8DC9F99592F3667F79D83904A38E38E8BBE2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060106Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.676{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.sk.TXT2022-01-20 07:58:52.616 23542300x800000000000000060105Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.676{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.sk.txtMD5=FFF59CD28F183572140170CF47690016,SHA256=BB6D9916028DD5A14E6EF45D5724CEAC4906B1ED5275B6D49E9460006435AFBC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060104Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.676{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.ru.TXT2022-01-20 07:58:52.616 23542300x800000000000000060103Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.676{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.ru.txtMD5=0DDC84A27580324F65F9FBDBAB03C724,SHA256=6FBA5EE88300F8599C18BACB0B5BBF6518C16C03B536E8EE12B832FE7BC72686,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060102Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.676{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.ro.TXT2022-01-20 07:58:52.600 23542300x800000000000000060101Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.676{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.ro.txtMD5=89A6FC0DD0A8FB7B259D5E62EC50D35D,SHA256=9A2898D1358E4FAEF974CEB3C515B214FB63E1E30C9FC75D18B4DEC1E6FB1350,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060100Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.660{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.pt_BR.TXT2022-01-20 07:58:52.600 23542300x800000000000000060099Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.660{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.pt_BR.txtMD5=38E773675D99EF7A40C459D68022641A,SHA256=2F941A1B6E5B5172FDDC4AC62A112CB3D7981DBCBCC5DE3F706084210E35D265,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060098Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.660{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.pt.TXT2022-01-20 07:58:52.600 23542300x800000000000000060097Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.660{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.pt.txtMD5=493B0EC423CFDC2FC8656D448B652DA6,SHA256=CBC2F41B6550D1C933158CAAC917A3FB8B967C0A6CD10AF534AD31C3B0A4F87C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060096Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.660{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.pl.TXT2022-01-20 07:58:52.600 23542300x800000000000000060095Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.660{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.pl.txtMD5=934C96DC3271EBCC317F2E10258CAFEF,SHA256=1C44B176A46CC16B4FBD200B42C6F9D93C054FEC1EC9BB3750B3E44E0D464EF5,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060094Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.660{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.nb.TXT2022-01-20 07:58:52.600 23542300x800000000000000060093Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.660{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.nb.txtMD5=14A267CDE4AB3BA9BF15D6BAC9EDDFF5,SHA256=05CDF5A33891882A1B96E007C0AC8DC9F99592F3667F79D83904A38E38E8BBE2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060092Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.ja.TXT2022-01-20 07:58:52.600 23542300x800000000000000060091Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.ja.txtMD5=C9BBAECCDB6CEDF36A4605777B159265,SHA256=563AF5E649FBE9EDDC91461543DCE1A2376C019AFB2A8F78FC7E7D3E6E3B0453,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060090Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.it.TXT2022-01-20 07:58:52.600 23542300x800000000000000060089Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.it.txtMD5=621E06D2432CAB3609494CBB7E6FB78B,SHA256=D75E4557580C0F681A5507AC7B3C0E64365F8CE6D5B37DC6221964631AC69C8A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060088Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.id.TXT2022-01-20 07:58:52.600 23542300x800000000000000060087Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.id.txtMD5=10FC1F64CB3DB5F7644F76E7C0116B44,SHA256=D8B7ECD6463697591C771A71AACCDC3DAAC5C90325990FD491B2967396287895,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060086Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.hu.TXT2022-01-20 07:58:52.600 23542300x800000000000000060085Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.hu.txtMD5=27846E504B7EE16691D74FA767A94964,SHA256=3EEEA50FDD123A14D07B0DF485CF390FACFC1954B0EA82C8AE0D2C175393DFF9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060084Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.gl.TXT2022-01-20 07:58:52.600 23542300x800000000000000060083Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.gl.txtMD5=14A267CDE4AB3BA9BF15D6BAC9EDDFF5,SHA256=05CDF5A33891882A1B96E007C0AC8DC9F99592F3667F79D83904A38E38E8BBE2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060082Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.fr.TXT2022-01-20 07:58:52.600 23542300x800000000000000060081Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.fr.txtMD5=31483AE33BE515F71E55FFDD02A91053,SHA256=ABAD0BBC97849BF71917CA59F579DB0A7CAEA436F523AB592294B4CE80826C4B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060080Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.fi.TXT2022-01-20 07:58:52.600 23542300x800000000000000060079Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.fi.txtMD5=2F1C09676D19E0665A7796BBCDB43BBF,SHA256=8D89EC6367705A10152BA4F82A0E623851BEEB031D097DD47E731F692BC03574,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060078Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.et.TXT2022-01-20 07:58:52.600 23542300x800000000000000060077Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.et.txtMD5=14A267CDE4AB3BA9BF15D6BAC9EDDFF5,SHA256=05CDF5A33891882A1B96E007C0AC8DC9F99592F3667F79D83904A38E38E8BBE2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060076Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.es.TXT2022-01-20 07:58:52.600 23542300x800000000000000060075Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.es.txtMD5=AA04475C3579B70CD782933202B57A11,SHA256=DB9A70FCE6BED52532B856323F4D4A6A47B7DEF90F83D145E5757C2EBF2C36AD,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060074Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.eo.TXT2022-01-20 07:58:52.600 23542300x800000000000000060073Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.eo.txtMD5=14A267CDE4AB3BA9BF15D6BAC9EDDFF5,SHA256=05CDF5A33891882A1B96E007C0AC8DC9F99592F3667F79D83904A38E38E8BBE2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060072Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.el.TXT2022-01-20 07:58:52.584 23542300x800000000000000060071Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.el.txtMD5=14A267CDE4AB3BA9BF15D6BAC9EDDFF5,SHA256=05CDF5A33891882A1B96E007C0AC8DC9F99592F3667F79D83904A38E38E8BBE2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060070Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.de.TXT2022-01-20 07:58:52.584 23542300x800000000000000060069Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.de.txtMD5=2CE363DC4F901492B3378A5890C800B1,SHA256=BF3782730DB603EF4BDDBA546330D7D69B211C22213ADC6D3791E2A8802F35FE,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060068Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.da.TXT2022-01-20 07:58:52.584 23542300x800000000000000060067Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.da.txtMD5=14A267CDE4AB3BA9BF15D6BAC9EDDFF5,SHA256=05CDF5A33891882A1B96E007C0AC8DC9F99592F3667F79D83904A38E38E8BBE2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060066Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.cs.TXT2022-01-20 07:58:52.584 23542300x800000000000000060065Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.cs.txtMD5=14A267CDE4AB3BA9BF15D6BAC9EDDFF5,SHA256=05CDF5A33891882A1B96E007C0AC8DC9F99592F3667F79D83904A38E38E8BBE2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060064Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.ca.TXT2022-01-20 07:58:52.584 23542300x800000000000000060063Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.ca.txtMD5=14A267CDE4AB3BA9BF15D6BAC9EDDFF5,SHA256=05CDF5A33891882A1B96E007C0AC8DC9F99592F3667F79D83904A38E38E8BBE2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060062Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.be.TXT2022-01-20 07:58:52.584 23542300x800000000000000060061Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.be.txtMD5=14A267CDE4AB3BA9BF15D6BAC9EDDFF5,SHA256=05CDF5A33891882A1B96E007C0AC8DC9F99592F3667F79D83904A38E38E8BBE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060060Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.594{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\glib-2.0\gdb\gobject_gdb.pyMD5=215586D1CDD84B870B52FC531CD7B9E9,SHA256=461B6D617DC7D006F0A66D81F3A4C0AFC8BF7E917E36386F7C5847FD153507CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060059Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.576{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\glib-2.0\gdb\glib_gdb.pyMD5=33E70C783DC506475E68067C0BD682AB,SHA256=BD57350A3EC5E42EE707E084F0207F2D1B18AF2BA958668526A209C66654C30B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060058Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.576{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gdb\auto-load\usr\lib\msys-gobject-2.0-0.dll-gdb.pyMD5=9B26AF3316F1502859A04B3DBD3DB40D,SHA256=96F0363E6B5C121C1794BD92F704761B719EA5C8584AD089CB99388A191B9902,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060057Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.576{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gdb\auto-load\usr\lib\msys-glib-2.0-0.dll-gdb.pyMD5=385628B75F5126D509B3F2ABBBA4535C,SHA256=03447CE5479C9845F4EE722F3510F63666CC9A82B1CD3133855CAFDDAFB8CEBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060056Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.576{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpAsDesc.dllMD5=35E251E64B929CB6F2A6A8AC4F727CB1,SHA256=AE06DD852532BD69047CA5D061F8A07066122CBE1B2878B2B7DB97626EF439A1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060055Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.560{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Microsoft-Windows-Windows Defender.manMD5=36F8A68EECFB5B89C4C571F6A63E3ECA,SHA256=4D76246642181E38F87B623AF82BF7454050D05775F546506CFACA1608BE9633,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060054Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.560{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\lib\terminfo\78\xterm.jsMD5=2C0C93DD7ADB2D7828E8E5579ADF5F94,SHA256=2251E380D6DDD02F330EBF5A99F2AF11FBDEC5646E379951D3BC83711348205B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060053Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.560{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Microsoft-Antimalware-Service.manMD5=1155F6F2B9350FC2F05CCA5E617BBA5A,SHA256=46E57B7D482AE2F8400A74A13929D594F6A77A2B1E8AC871C19B67068C6EF69E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060052Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.560{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Microsoft-Antimalware-RTP.manMD5=0EA061B68884A0E5AD4B1F4A93B1FBF6,SHA256=1F78E8C7AE754DA422F11439E732628BE78F8BC85625CF4EBFFCF64C536679FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060051Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.560{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Microsoft-Antimalware-Protection.manMD5=E4AD891E7B62475FCA109C0DF4DEF16E,SHA256=DF9AD93CDB61587A35FCDCE996955A64413439A474D85C86133A9E9C185D1966,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060050Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.545{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Microsoft-Antimalware-NIS.manMD5=5562965C32F03AE0DF8B9DEF950F8651,SHA256=EA64BE59286B67AE930729FA92B2B08DCE5C2EAEB70FEABE2320C47FB6DDAC6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060049Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.545{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Microsoft-Antimalware-AMFilter.manMD5=B6D65A86FC1999A62DA10EA3C4CAD3E4,SHA256=05B2BFD40FB3A344C3AE178C420A7FEA9595815CB1CC07843078112F5F551EAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060048Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.545{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\endpointdlp.dllMD5=210BDBA8BFDB791D0363D3AB15B05BFC,SHA256=EE850D3AB4934998179C92E86BC50CEAA3F37ABB3CB1D219DD7CB17505658AC6,IMPHASH=3904CBB8F57851E91232DF29D0B9DFBCtruetrue 23542300x800000000000000060047Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\lib\perl5\core_perl\Config_heavy.plMD5=598C08C0549693430AA10D1D2F7C368D,SHA256=EB43C8D5DCB74F3D9CF73270C1A9EA93611E1BFC95EDDB7F32CFA7CE363CDBF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060046Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\lib\perl5\core_perl\Config_git.plMD5=43C2FC0C6C7FCCE361BAEEBCA99732DE,SHA256=09C5E2EE35EE18D9043D95273F1CD37BC82E80567FD1372A1EB134C809C39504,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060045Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.529{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ConfigSecurityPolicy.exeMD5=FA0070C6454041E82EB90BF44E3BA83C,SHA256=50B174E26F4FB9048C66DB961A3B8E6B17A2BB8AC47F1D9D8C5CC51FF7B70BD0,IMPHASH=C1B5D6B4F7C8A5BCC84810A010E14536truetrue 23542300x800000000000000060044Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.513{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\bin\vendor_perl\debinhex.plMD5=6885508A48BA5FFDFF7FB0E0C29B5C54,SHA256=08A3B551DC20711F4198EDF762E63A3E87C914CA01A8DF510AC5F19516F26F96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060043Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\bin\vendor_perl\binhex.plMD5=E28DE841F39EA31231381DA3B73389C6,SHA256=AB28991B25E2606EC10D5AEDDCCC9BD5A6266EB10E3DA8EECD130C0D524B5D7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060042Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.476{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\bin\docx2txt.plMD5=282ED89E2EEAE6DDDF582BA3E26D5887,SHA256=B8BED3CAB34DD3C3CCCC8AF3C61B9826E478D2B8B1B60F63B66F624F9E993BC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060041Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.476{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\unins000.msgMD5=0306C36F97AAA285BB14D7BF22D1FED2,SHA256=01683E7177B01F62B2FB2743B9923BAE3EEE2DBE6F556626F8F83A0EFFC310F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060040Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.476{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\ReleaseNotes.htmlMD5=2EC39D0CF7B821D9EBE787B96F3DA38E,SHA256=1EC49A9F6C36832C4E5276EEE402D6A27C6E9C5D6472E0F4BD5A0598754FE56B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060039Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.476{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\com.microsoft.defender.be.chrome.jsonMD5=60A2FC65D3CC1D3DE9ECD2C5319738FC,SHA256=6C6F52B13235148AF305BD614779EA885C00B64D0BB7CC764E3C67198CC524A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060038Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.460{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\zh-TW\ProtectionManagement.dll.muiMD5=E12A3EB93E82060580894D175A0E91B5,SHA256=5597AD5422CAD82DDF756E6170F4735A57CCDD4BDCB9B3270EBE724607C37174,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060037Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.460{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\zh-TW\mpuxagent.dll.muiMD5=9E5F6109AD90B700ECF586295480080C,SHA256=36CE71597ECFE37095B4C80BAEB45EFC940F152C4C091F4A39EB501D0D482B69,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060036Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.460{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\ssl\certs\ca-bundle.trust.crtMD5=9929D5928DD5ABE2935460B871355976,SHA256=53E2BE799A5716D4BD7F17A4D9C7D217D79902AD151617BAC035E2B9BADBB0AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060035Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.460{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\zh-TW\MpEvMsg.dll.muiMD5=45873C96117D710A11393B0422E339BD,SHA256=4015D90E8A7FFEE22A8E89563D49D5C5256678AB137DD73BD4DD36D334370329,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060034Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.460{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\zh-TW\MpAsDesc.dll.muiMD5=FE1ED6771512E05369FA523367BE97E3,SHA256=406EE1499AEB17FB024586074CBFD73BEA89C50BD0E4357C582A08886775C45F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060033Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.460{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\zh-CN\ProtectionManagement.dll.muiMD5=133B896870781AE779833BA408F78DE6,SHA256=0A6B7DFA292199568076BEDB1D2E045755D8F737CC71466F90376D63EDB89EC9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060032Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.460{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\ssl\certs\ca-bundle.crtMD5=90305734BC747686902A268B5492C280,SHA256=533425A9055CC8D17A5C05B04454DDB5EC45F0C8E7F05D2F035866154C62B8A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060031Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.460{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\zh-CN\mpuxagent.dll.muiMD5=69E39D7238D994D326AF1B17FFC162F1,SHA256=F72A98A1D28A9112C8B68D4EE986EDDCA7AFD091E10E5C2CE024061D8913CB93,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060030Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.445{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\zh-CN\MpEvMsg.dll.muiMD5=BA0F9B0545963149BDB096B43A2DB15B,SHA256=66E93D291A10FEE0217F0988005761869F6B29D021E1B55062AA6E9409B50825,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060029Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.445{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\zh-CN\MpAsDesc.dll.muiMD5=6675553BABAE7D2690615D9C0517BA94,SHA256=5A156ABBBE81E95C350A05338CF5D7632948F117DFD95CEC4EAF52F9E64E3097,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060028Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.445{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\X86\MsMpLics.dllMD5=0B1BE45EE3ACDBC3D5BC36FDCC8C08E0,SHA256=5457D5F05AD3DFED10961F053BBE242F78F13C773A466F7E8C3BED5F36FCCCF1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060027Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.445{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\ssl\cert.pemMD5=90305734BC747686902A268B5492C280,SHA256=533425A9055CC8D17A5C05B04454DDB5EC45F0C8E7F05D2F035866154C62B8A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060026Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.445{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\X86\MpOAV.dllMD5=89340D85A12452006E5A19DB7EF1F7FB,SHA256=1232FC009E397B7AECDE284E42F47804F839C29257DE6CEADF85F8759F0A7270,IMPHASH=B153971B18B753F5A5050CE54B02C2E0truetrue 23542300x800000000000000060025Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.429{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\pki\ca-trust-source\ca-bundle.trust.crtMD5=A77598081B45D0846D71A026DA9DE645,SHA256=0ABD810125AD95057103F014A7F72A03675C96289A9F9B79487FEACA860A29A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060024Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.429{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\X86\MpDetoursCopyAccelerator.dllMD5=DB61CE19954A7CDDA5A5C8771ED74E61,SHA256=61A0B5A24A74E4D5B4D47104BA90FA628FBB579F5B43060F6C6008B8CC3A187F,IMPHASH=74478D3FF071B77E9B32D63F1F5AA17Atruetrue 23542300x800000000000000060023Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.429{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\X86\MpDetours.dllMD5=D7F744F1489C742B8FE86D4353A64E4B,SHA256=3E75A0F63364934E7877F071E5AC480AB20EA8977C0804D8FFF73B0205AE6620,IMPHASH=6E757FB64260833FA5C6C4D97D8045D3truetrue 23542300x800000000000000060022Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.429{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\X86\MpCmdRun.exeMD5=FB30259AD00D4D39CD0058A4E82922FA,SHA256=656678C217F130CDD6A95A2D8210DA879EDE43F719232CE9DEDB37A4DC9E0EA2,IMPHASH=D53B9A9284ED1C3789C06C4D975F8A59truetrue 23542300x800000000000000060021Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.413{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\pki\ca-trust-legacy\ca-bundle.legacy.disable.crtMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060020Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.413{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\X86\MpClient.dllMD5=497CA375D5F7C7762DEDD2EA71EEBB95,SHA256=69E2E0E8892858A6A109576848DAFBC5F669EA57D3B8E6864A332BDB17DA917C,IMPHASH=0E644468AB17DC09175E735D79CFB0C0truetrue 23542300x800000000000000060019Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.413{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\pki\ca-trust-legacy\ca-bundle.legacy.default.crtMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060018Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.398{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\git-gui\lib\win32_shortcut.jsMD5=B875788ED48F2CDBBA08FC704926CCB9,SHA256=05D41A2B7CA9D6DB5913CC6BB8DAEDEF3F36831F216C0D5FC36126898439C92C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060017Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.386{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\X86\MpAsDesc.dllMD5=078239B8C89E303984D9705CE6BD1579,SHA256=89CBC3D0AEF648E9F5061C447B569A8BC8427D68E2EF2685FBBBC20771EB8D0D,IMPHASH=00000000000000000000000000000000truetrue 11241100x800000000000000060016Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.381{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\git\builtins.TXT2022-01-20 07:58:45.883 23542300x800000000000000060015Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.365{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\git\builtins.txtMD5=4C60D2DFA0A2412C19BAE9F98870DF9A,SHA256=5D781106234036F9768BD7EDB365638465960A5D7E9B0A3A5B362B02D510D900,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060014Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.365{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\X86\endpointdlp.dllMD5=DE41663E3C4486037FCA0238C7CF4DC5,SHA256=D3090FEDB2E55B1E231886129A9BCC9DD7DA6197DD1C67BF99A261406F566E42,IMPHASH=D1B6B842CD4F76AA52E0066A9B58133Btruetrue 11241100x800000000000000060013Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.365{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\xz\xz-file-format.TXT2022-01-20 07:58:45.866 23542300x800000000000000060012Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.365{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\xz\xz-file-format.txtMD5=A9D2EC7B913CB26F010C32B0F446A4F2,SHA256=FADA567E0EBD8B910D2C3210D13E74F3FCC8475D64E29E35DB0FC05E3C6820F5,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060011Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.350{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\xz\lzma-file-format.TXT2022-01-20 07:58:45.866 23542300x800000000000000060010Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.350{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\xz\lzma-file-format.txtMD5=675561BFB478DA8047291081D435984E,SHA256=0E961A7244CCA641AA33619E9C9F0D795F9CC95657245F5D157E5BAD05D3DF66,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060009Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.350{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\xz\history.TXT2022-01-20 07:58:45.850 23542300x800000000000000060008Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.350{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\xz\history.txtMD5=69994BDC0F7ED9B9E17D0AF14424A055,SHA256=9D6A0A72822734A0AFB1816E07F0A7EDAB03339119BED4F393C1C7EEC884EAB6,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060007Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\xz\faq.TXT2022-01-20 07:58:45.850 23542300x800000000000000060006Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\xz\faq.txtMD5=62B2A9255EABB9F402A968E2E7D8509D,SHA256=EFF832647A62F3B582E0255A8D450523074874D16BF3BDCBAE76ACBFE23FBB29,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060005Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\xz\examples\00_README.TXT2022-01-20 07:58:45.850 23542300x800000000000000060004Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\xz\examples\00_README.txtMD5=94BAE4D2947BC5736722F20A301412BB,SHA256=F0DDAA731C89D6028F55281229E56B89F32B8C477ABA4F52367488F0F42651BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060003Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.319{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\mpfr\FAQ.htmlMD5=BBF2341B37D038BF06C853E1A1899250,SHA256=0497A766A010182361B0680F07430C92F00824B608DD55313F7AA41E4B7282B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060002Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.319{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\jemalloc\jemalloc.htmlMD5=3AE6A2F091A4269157ABC63A4D62D826,SHA256=7F13CB0B2A6018F744DACC47D1932EBEFBCD5F52BB8D14853E1565C79CC7AEA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060001Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.319{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\X86\en-US\MpAsDesc.dll.muiMD5=E0C0D520397694E20324B818C62B8D9B,SHA256=58A855DD11DF04C39DCFFF294FC6DF90EBAA4AB40DA8A66F205DA550B1D50E93,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060000Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.303{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\vi-VN\mpuxagent.dll.muiMD5=73C39116253B24BE4ABB60C92AECF75E,SHA256=BF0979093CDBDD33EE605C719CAC698DFBE839AAD9DA0B7117CFABF4A66EA225,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059999Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.303{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\gnutls\pkcs11-vision.pngMD5=F62BC3771805BC323CB7713C4F47C67B,SHA256=B75EFAB869B15D8CAC0B8EB2040DDD675A2BCDA6CF1F2D3A1CFC9A4401CF47B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059998Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.303{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\vi-VN\MpAsDesc.dll.muiMD5=3D36EB51DA4ED341BE6A5F086C967CB9,SHA256=D2EB6140A5969E63E7EB0D889EDB236FCECFCEC0998790F69E7EB6CFDA45C914,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059997Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.303{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\gnutls\gnutls-x509.pngMD5=E2DA3980D229D2DAB310E03019872B95,SHA256=0ED4747B681FC63ED7D78D0A6EDE3C6147F6A42E7026FD2BAB0E1C3773E9C35B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059996Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.303{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\gnutls\gnutls-modauth.pngMD5=F28A236ECF57E0BA049B0BF1AC7757C3,SHA256=812BA50C7D9E00A9186ECDA8F2EB944A0C79C985EB8C7DA5B90839A462A42DF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059995Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.287{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\gnutls\gnutls-logo.pngMD5=1AD8D260BAAD6F9DD0350D77D0F2DB72,SHA256=92CC3CA28C334605BA1553CD4F4A2613E18D0D29FAEC064AEB793E05BA12DB20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059994Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.287{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\gnutls\gnutls-layers.pngMD5=5ABC60F7CBB2EF6212D2112ACE59AB3E,SHA256=BF0823FF9204ACA11004451808C8D2F4515913A53F327F439FC5DFCF6D5F0237,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059993Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.283{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\gnutls\gnutls-internals.pngMD5=CC9F6420ABEB2139378DE646455E8D47,SHA256=BBBD042830003346600D3FCAE05A68049E925D2C27473FC26536D925433022E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059992Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.279{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\gnutls\gnutls-handshake-state.pngMD5=CC7A49B8F5F09A917AEB1447BFAA2A64,SHA256=69CBEBF1C38B804D8CDE9AD208AE2F131B6410FBBB358C2D2C312B38547C0CE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059991Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\gnutls\gnutls-handshake-sequence.pngMD5=831EAC9E03764D3FD7151E6AC041BCD3,SHA256=6F963810FC53ECEEBEAB20AD94590D6362A3A62D3C088F9D5C891FA4C3761548,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059990Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\gnutls\gnutls-crypto-layers.pngMD5=C0AFAEA0F7179488E624C02E63D8A251,SHA256=819E74418CF3270AD1AEC874579E8FECC46523E6BD47B81A2FE71CD9C327E371,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059989Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\gnutls\gnutls-client-server-use-case.pngMD5=488BE8F6CBBE732F170D61CD526462FC,SHA256=94C73005B0236290BE33578B10FC6B502A2A3AD25253C6B4E53AC6601A3F2C4A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059988Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\user-manual.htmlMD5=8EACB03E8FB24901287BFAC1AD5421D7,SHA256=2BC9CA03D76035E55E2FA731C7B5BBBE4B59020FF3234F1D58FFF884CA91E2F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059987Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.247{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\trivial-merge.htmlMD5=74BB6C755D33802C3BD46F6D2705BD64,SHA256=C2A663AE366EC3A66569B57C9505E8573D76BE02CF181370DD88FA83566BF2F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059986Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.247{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\signature-format.htmlMD5=794F0C8A217C9F2AD05AD4AAAE70DD77,SHA256=9C5592A26E71B7F9CF0CF7E66F61031C8EABE33DB664B3EB5B5934BD74E44D7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059985Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.231{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\shallow.htmlMD5=D6F6A38BFAB658664C07F4FEB26B7D3B,SHA256=19402D6A9A4248C9FDA53EEFA0EB9333F224BB6DCB526C0B9008FFF8550B27FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059984Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.231{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\send-pack-pipeline.htmlMD5=5DBF0A245F9B9257E1642D1C33297DDE,SHA256=D384C7BC33F908423A0C2E9E2EE7E4B211CED3DEB10A4E4D7FA9260231759B53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059983Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.231{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\reftable.htmlMD5=04FB8177CC6DF8A1C3F08E83D16F3E6E,SHA256=079D8E7844BB43AA734EA6A53CCDE022E530E6CADB80C347361B79189049CAFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059982Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.216{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\racy-git.htmlMD5=E9DF4D8D2EAEFDEE426F2A433E7EE427,SHA256=A057640EC5CA20E9FFF8BAEFDE4535792306F21148605BF8F135F3217B43131D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059981Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.216{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ur-PK\mpuxagent.dll.muiMD5=4DE6A10DD51B409670FCDB4B6DB1E630,SHA256=A39764F3391C4DDC93682FBDF2D128D44A365E2776475F42ECBF39E0C50A4338,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059980Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.216{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\uk-UA\mpuxagent.dll.muiMD5=393B8689A079AA69EA64BF6D67C65DB6,SHA256=FCE923C4C9E7CF1EE8FADF6BA6137E8C7BE709947985D71B91498CA849E9A2E3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059979Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.216{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\protocol-v2.htmlMD5=39AE499220088D28858AFA126CDC57DA,SHA256=9A1E2FD2D16D79A2C823E88B8AF7CFC6F7CDEBD754558141CA7A967FC0905F80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059978Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.200{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\uk-UA\MpAsDesc.dll.muiMD5=CC0193355AB7579CEDC56C938F1AC223,SHA256=11FDE5D9E41B8EBCBE8B479F66B9284E7FEED665D301150CA4DD651A3343250B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059977Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.200{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\protocol-common.htmlMD5=EBD3A3EC03BA16290513C6B99023DB42,SHA256=B7AEF53511343FC3C8B17C5BA733B16C1B6FFA55C68C77D7E7A59E5F65F10E02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059976Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.200{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ug-CN\mpuxagent.dll.muiMD5=7F5EF7CEE50DAC6297A69A62E4E359B3,SHA256=758CAAFD39D25BB0A2091BD72E4A62A10D9E2F54857FD3B84D5BBF79D8125376,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059975Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.200{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\protocol-capabilities.htmlMD5=B540FAE11F7B7483134CAC56F6E94D9D,SHA256=1C767BCDA2E450FDD048AF7CCBC232CEEA7AD7A8B214572DAE0B29EFC23E2D79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059974Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.200{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\tt-RU\mpuxagent.dll.muiMD5=24EA02B8DE6CAEC0E1509C337CD58503,SHA256=C0E8543181A454D94AB9B469039A8A7642EB70BC73CEF67897FBAAC99E840605,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059973Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.200{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\tr-TR\mpuxagent.dll.muiMD5=F63FF7978B5473AF74E71DD7E7F4BBD8,SHA256=34FC4A6AF0FC97434D8837D6C7BAD01AD9C342956A12731EE49DF43FC7D72F31,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059972Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.184{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\partial-clone.htmlMD5=3D1F617EDFC9C7AA8665094975008A6C,SHA256=08B018F1486A4364888BC44BB7461FCA2B2AF08946A5893C0F99CD0135377FC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059971Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.184{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\tr-TR\MpEvMsg.dll.muiMD5=633A93825BE47C392C5F8EFE409D0748,SHA256=E3DC013BB48E9A7A78EA141A2838E3E5BAAB25EEFE99A4468293893CCC1D2908,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059970Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.184{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\tr-TR\MpAsDesc.dll.muiMD5=D1AED3929086266619CDB50610E53662,SHA256=750B2AE66639F81485CEED960FC66B984DEEA8DA03B6CC380137F519B4B5B022,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059969Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.184{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\parallel-checkout.htmlMD5=F814507CD1A275B89B4759AD18FB491D,SHA256=FF54DF1BDE6DB9085318E3A1EEFA99AA20A8F31CABD713B2E09ED98908BA7FD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059968Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.184{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\th-TH\mpuxagent.dll.muiMD5=CBCABA1F45DE44187638EA9647A6446D,SHA256=F3128F6591372BC51FDAB478A4BE31EF34553CA664FAB759CC9EFD64E1837492,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059967Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.183{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\pack-protocol.htmlMD5=93848D3C0C9BEB2C4BF17F7FB9441D94,SHA256=01376C826C7409A43DFBA794DA4666F19ABBE929B8A7581DD5F48E2FC7AF60BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059966Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.183{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\th-TH\MpAsDesc.dll.muiMD5=084F64935D294026EF172CB2318D5156,SHA256=E4EEAB62D01EABECC30EF7695E1971A5677ED924FDF29DD5F2E187D43055C510,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059965Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.179{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\te-IN\mpuxagent.dll.muiMD5=215F6A9744ADF9316522ADB3DD811F83,SHA256=7B2972D079DAD26084BE6A752B442D86CF95DD97281AD1F382AE4D588E120A0F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059964Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.162{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\pack-heuristics.htmlMD5=6D896336F722F36393D0B0ADE9A6FA84,SHA256=6A2EE1A0DA9FD101ACD1A3F0FA167A2ED813D7963B078BA66ABD981651EE9223,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059963Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.162{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ta-IN\mpuxagent.dll.muiMD5=FC333CCAB5E74219DD25EFAF320BA8FC,SHA256=40D60F5687E2DB33C41D668F6EBCF0FF094CA89928409ACA33D7AC1A8F4B67AB,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059962Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.162{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\sv-SE\mpuxagent.dll.muiMD5=1E1765A4F6598B768C84D45AEE5369AD,SHA256=684BDBFEADDA1391B0A2E598D6319D21B8F2658EF2C3F23EB1D939D6154FD323,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059961Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.162{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\pack-format.htmlMD5=7E6EF8B1399CE15378951C29E05B3710,SHA256=3425FA9B3A2C448E80EC414AB1AB936ACA1A20D335BF3EFB91D07833A84844FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059960Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.162{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\sv-SE\MpEvMsg.dll.muiMD5=7467C98D9A9C923A01B1093A73789506,SHA256=DAE21BF0EF657322CE6D80480954E65974B349524F5BE46FCB8123FCEA96793F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059959Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.162{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\multi-pack-index.htmlMD5=E61500530CB6B070017E11268F50E69D,SHA256=969339B5358CC2A8DF8D2CA6690599E25DD94EC3BE9F0CDB97B7CDED9BC2EDCE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059958Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.162{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\sv-SE\MpAsDesc.dll.muiMD5=22FA233927C07E3BFB8C6C282CF54B50,SHA256=E8BBC76D3A4C0C3484792F6D7253E079713B50A3153DF91CAAB5A77926627F8C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059957Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.162{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\long-running-process-protocol.htmlMD5=4D38AE7C52010D4BDDF9B1A1F3D8B9D5,SHA256=ED8566F610F864F3C73AACA4283BF05952F4DFDC6A46FACB06669F3F0F730EDA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059956Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.162{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\sr-Latn-RS\mpuxagent.dll.muiMD5=836575BFE3A096419F9863ABEEA64354,SHA256=3C3965740A7921690AD934450AFC800027204334A4CA93D0B02AB260368E8CCA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059955Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.147{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\sr-Latn-RS\MpAsDesc.dll.muiMD5=2843E6043F64CB9A98ED9EE8B6854CC2,SHA256=5B2AF5458F1601DA07EFFAFC60A09EF4DBB474F1576E1D3605499828F64BDCB1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059954Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.147{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\index-format.htmlMD5=0DDD7E1F7304980A30DF77FDD9A0640D,SHA256=79FD36C9A8FA09586664ADBD519E950C89563F7514337CC1811FE327833A7482,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059953Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.147{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\sr-Cyrl-RS\mpuxagent.dll.muiMD5=E581F4ED51F1486289AE8E4F36B33EB5,SHA256=30076F67CB915294F1F6815B5C723FD7381F4DD146656D31D40F6E521E6DBEB8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059952Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.147{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\sr-Cyrl-BA\mpuxagent.dll.muiMD5=B798EBE07FB2C734B464F4D21D3F3393,SHA256=F276DDD79570981DB5598BA0A8B9E86D934391118F74D18AABA4A66BC7A566BA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059951Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.147{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\http-protocol.htmlMD5=9DFBD8D4B0D12FDF42499F072220BED8,SHA256=5DAE198377EDCE0EF54E7C7AEDECBF94CF9043EBE584214EF0A6DFD60D4F188A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059950Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.147{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\sq-AL\mpuxagent.dll.muiMD5=B18BFE1AEA30CDB492FEFEDDB2EA105B,SHA256=FC00F0E0D6497F1F7234C2CE42E92C8CF2BF475AF967403C0A62BA4B68DF4172,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059949Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.147{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\sl-SI\mpuxagent.dll.muiMD5=88E0FCBFB7067934FD5E91E8E7684EA8,SHA256=8C3EA953C375E0567235EB6BB45095E94E32A762D0E1702EB7746CEF90D15BC5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059948Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.147{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\hash-function-transition.htmlMD5=84DEC51910EAF124B4D098C66326696B,SHA256=6C9FDA0599B97098F3CFDC521503045FE335790318843285200B5AEDF3A802E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059947Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.147{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\sl-SI\MpAsDesc.dll.muiMD5=87B11B2EBF429C716388BE4943C9006E,SHA256=0064BD79BF311502606D517DD2C2D3C7335A15BA2A44E8B596FD939F9CF11B38,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059946Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.131{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\sk-SK\mpuxagent.dll.muiMD5=4D348CC38C214243B81B19F2D4BBF929,SHA256=EFDEDE1D72071276418616B4C3A618359411E4455C78A81C12689B0668884179,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059945Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.131{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\bundle-format.htmlMD5=75DD2E7AD18EA1D71C61E24CAA536BFC,SHA256=738D0BA50E10390E4EAD299781B0D7730CB50BC52CC6D2471C905198592BA5A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059944Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.131{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\sk-SK\MpAsDesc.dll.muiMD5=190DB3D33B70571BB3B2CB06129E1470,SHA256=604733DB9A871F861B6159E519E502AD8995162E5D23F8186516B19FA49955C3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059943Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.131{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\api-trace2.htmlMD5=A450246330711BB89327F5389444DFE5,SHA256=B8D8470530B1731B54F10A9A95EC847B8C1710911E629BBB343C3E42E462CAE0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059942Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.131{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ru-RU\ProtectionManagement.dll.muiMD5=B3D756B33B81381224FCA09419EA21B3,SHA256=3F4F5F094F84E074993892B05810D44A8350D1A03846D74914E0435BB1FE1DE2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059941Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.131{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ru-RU\mpuxagent.dll.muiMD5=7C600DA17273AA335E3A8848C0DF19AF,SHA256=FB480E7F5A47BE1BE1EDF89B45AA03C33E681D0536052F661735E57AB561A78D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059940Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.116{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\api-simple-ipc.htmlMD5=E99C8903210D181682FAA1289FE34EAA,SHA256=43F2C5689751056408EE9F64B012511ECB63A227188682AF58751CA598F84E4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059939Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.116{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ru-RU\MpEvMsg.dll.muiMD5=8D634ECF26EB81E0C0000718452AA099,SHA256=17F19B863CB2D926F151ACA2D354917ECA22999785E2D5A717924DF50E878AC0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059938Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.116{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ru-RU\MpAsDesc.dll.muiMD5=7670F52F5F8AC59CD100AE817A528C20,SHA256=363201382D6FC4D175EE37931316906DC7F8726CFA4B8B1F41848A9A1AEEAFB4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059937Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.116{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\api-parse-options.htmlMD5=8E35A3A8FDF2F3D620681231795CE345,SHA256=0E06E314AA73F7C218398B682C50BF1D3C07275D31CF96C965B454FA67D0899B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059936Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.116{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ro-RO\mpuxagent.dll.muiMD5=CE59B7F59CD472D593EE595F661675B5,SHA256=F0182D40F48A9575DED545ED497C92C6D854DB7330C66B33269FAF36040310D2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059935Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.116{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\api-merge.htmlMD5=3F18726EE1E55CEA663053B0FB362929,SHA256=ADFB8D1E1D4C8B18F11B8030D9C3452AFA0AB6B42D5C1792F1C427E85F93D1AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059934Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.116{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ro-RO\MpAsDesc.dll.muiMD5=3307650C12B1275E3369A49E8C409D01,SHA256=A5FFB707E70B7A80C67FDA49A6A396C2AABB4A25B184BB101FF0BE119DE199AB,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059933Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.116{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\api-index.htmlMD5=1C731B6139E0FBE4EA2F2AF9F825F716,SHA256=8C8D59C2A7FDCC579728B413419098E041B1726781C643E6557F4584A263A434,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059932Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.116{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\quz-PE\mpuxagent.dll.muiMD5=7A86AB57858BF3CB1ABF21F4F4D59A55,SHA256=F995C7F5C57939C90254EBE88FCDA22561FAED8024351A3C1466DDC481E42BC8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059931Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.100{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\pt-PT\mpuxagent.dll.muiMD5=82B5969A8B8EA9A8B613B12FBDAFFC1D,SHA256=12C42A6FAD9E18CC830A415323021933B34212B285C7D8C466BC1BF863D96CE3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059930Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.100{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\api-error-handling.htmlMD5=1C236DDC8A303981AEB9A77426F896B8,SHA256=F7F52424AF12001A4678A32E97C58EFE1444CF358F93C9B78A86542A215B482E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059929Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.100{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\pt-PT\MpEvMsg.dll.muiMD5=3149D82F48D136C73CAB3A67EA385476,SHA256=9F350702728B4F65A3A9A6A1DCD7D52C738B2B3F76BB892A2BBC095D04E726AF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059928Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.100{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\pt-PT\MpAsDesc.dll.muiMD5=C47D80BCDD56B5F2B68EBFCF4794B4A2,SHA256=1B902CD70C15B40F7EBAC74159C95DFA8FCA63AF23918316BB24E7375F42EB9B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059927Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.100{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\SubmittingPatches.htmlMD5=DAFECD39B332EAF58AC82B18AF117E03,SHA256=482C4586DA2BFE9342E3AD9C41D760E91E0735AC834769260766B9947C978BD3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059926Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.100{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\MyFirstObjectWalk.htmlMD5=4735A79313C1629DFF2AE5458886B69A,SHA256=52B8E68E0B5DDD87BADB70402C741AAB07BA5E804B7B26F2F2EEAA7AC2B0B167,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059925Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.100{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\pt-BR\ProtectionManagement.dll.muiMD5=F7F7AB3246086AE8A0943A6DA22BBCFE,SHA256=F8402905ACFDDA060842B587AA4A881A199FB04FFC90D8E001893CA1CD203B78,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059924Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.084{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\pt-BR\mpuxagent.dll.muiMD5=67761F71C8ACB320F309196929D12B55,SHA256=AB614132A559A350BC2E946158B5F941526A8AB61F7376A298EC1437033B5EFE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059923Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.084{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\MyFirstContribution.htmlMD5=B72E1FFED408944FBEC17577D8ED2D96,SHA256=092574D0B1076BCB1F546654291463B99C09F258E03B825868F405B77D3309DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059922Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.084{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\pt-BR\MpEvMsg.dll.muiMD5=4A68B2F9155F4367293B01110924FDC1,SHA256=5778C31EC2B745F80C69B5EF288DE0416ED97BFD0284760C54ADE967D9B4DFB0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059921Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.084{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\pt-BR\MpAsDesc.dll.muiMD5=B86371E1BAD9569A22C348CF83ED4E4D,SHA256=0462C2871BBF997F2A2EA0C64240E794B5F8718E45E33B1E517E2B2D92EEBF96,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059920Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.083{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\index.htmlMD5=317C8AD5238572E74F4987B89348DFFE,SHA256=C911936FAA08B716AC42C19937E071CD1F2139A05E93673E67200883951F4569,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059919Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.082{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Powershell\MSFT_MpWDOScan.cdxmlMD5=F7FB537DD257D78A1EAACB963E57B51A,SHA256=46C60DF352930726D83FAA8AA04D4344023D7D3C8F9F96425A19ACBD1831B83A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059918Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.079{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Powershell\MSFT_MpThreatDetection.cdxmlMD5=8F81E3B410468E280E4B7F2867264371,SHA256=1AEFA5772C4201C2913C98CFAE4AA582F4FBF2E02C3F54755FA8ECCBE4215CDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059917Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.063{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Powershell\MSFT_MpThreatCatalog.cdxmlMD5=4DD6367E1CF0C262654FB5A3EF788636,SHA256=83A91A1DFD94F926ED78B7FFFE682DC5C739A344E204EFA5802EE8A4F7E0EBA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059916Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.063{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto-index.htmlMD5=97B1EC4E2E607CF1773D07CF91A6F0B5,SHA256=C43C77A92629229FBD4FC162FDDBC5BD89F7C79D8EDB5B9021A3D630E9EA8D34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059915Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.063{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Powershell\MSFT_MpThreat.cdxmlMD5=28F5CAF993FEC45C079CCBB68BE4E0F5,SHA256=E0DF97FA1A1119535C81A9B653AD6F2AD487413D79F6721B09334CC6F96B04C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059914Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.063{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\using-signed-tag-in-pull-request.htmlMD5=D32DAE8A457E49E2BDE3CFEF9FCDE39B,SHA256=F7D85DE74490C78C0088D2E42D7340CC8DB8C889AA4E18FB76D5F9ECE7701DCF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059913Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.063{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Powershell\MSFT_MpSignature.cdxmlMD5=73A0570D71E8C56D634C25020797C26C,SHA256=F0A6F27660E465E4019DA4F00086E3F1DCAB9B40F54CDB1D8F71D40C9D53641E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059912Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.063{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Powershell\MSFT_MpScan.cdxmlMD5=34DEB0F0AF8D042330CE8638F3E1C543,SHA256=34C9A92C669DDA8DDE92C2727B7C0D094AB1DF43689E505503265BE0CDCE36B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059911Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.063{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Powershell\MSFT_MpPreference.cdxmlMD5=2451066F85444CD7AE4AC2BAA68BF9CA,SHA256=B7731D830E34684D96F6FB83DDFF3156851B2406B27C5B0CE582F3EE49FEA5DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059910Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.063{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\using-merge-subtree.htmlMD5=250BBE7FA22C9637B6AA302A6F2D750C,SHA256=E6B4237151BC1B976103AEC3B65989470A7FFA95606B7BE0AE2691E1E860EB7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059909Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.063{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Powershell\MSFT_MpPerformanceReport.Format.ps1xmlMD5=FAE1EA35F271BBCF701BADF0B6400263,SHA256=86DCBB78781D0A3EF7D0B4AAF693041629F930DEF24C15C94DC4F8FD44B25392,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059908Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.063{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\use-git-daemon.htmlMD5=1DCBE86D1234FA3E097BA809E57BAEF4,SHA256=F36438A490890225568699F1317727A172A7A01986D39AAF7C904E065FA82CD4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059907Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.047{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Powershell\MSFT_MpPerformanceRecording.wprpMD5=990729AD92C1325C42B04BC975ECBD57,SHA256=E796454FEE4CF17EFDC25DB5FEEF00A5D7C1B335E6C4B4FE996E8AD7CAB01BC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059906Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.047{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\update-hook-example.htmlMD5=6966AD8BAE2F1D9F5736B7994FF7E2FD,SHA256=71B9B88EED229092C4EFF0FE22E775D5D1E3EA1A878F8BCEA478DEC7081F8B23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059905Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.047{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Powershell\MSFT_MpPerformanceRecording.psm1MD5=7E1836A5F48C6FF55AA42C13105E23E9,SHA256=CD268EF93A7710242A554296C7FC365F37AA6001B8D8F79E05A30E62E13AF7B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059904Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.047{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Powershell\MSFT_MpComputerStatus.cdxmlMD5=2612420C7797837773F56765FE9C07E8,SHA256=4A75A861C9C0E911B3BB8F4A740357F8320E6293BD947BB4369F5F0E3AD25385,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059903Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.047{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\setup-git-server-over-http.htmlMD5=33902F0930C6F366A61C2049A7226C84,SHA256=D8C030A6F02FC2A6E79A71C683AA82E6D8393158073CB6038D91676DEDC3A081,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059902Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.047{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Powershell\Defender.psd1MD5=3BBDFC485556E8AD079EF4851F9C02EA,SHA256=B9E5AA91603088DC1C7E4D770E87BD60D15E10D0D28230813652655A5426A950,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059901Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.047{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\pl-PL\mpuxagent.dll.muiMD5=5D54C04D7C27EA6CE6B210080305B52F,SHA256=C0023426DDE673ECFD1773603527B1A7F45A3FF3188AEF7F3BC5F9715559A545,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059900Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.047{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\separating-topic-branches.htmlMD5=61CB7E83EC969D25576319052C28A519,SHA256=A30A7AA4B40846A9AC44A928E3F3483D31C56511E8C5FABC66EEE81E52341659,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059899Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.047{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\pl-PL\MpEvMsg.dll.muiMD5=E4AB9295868CECBA04559106FE96E5DC,SHA256=A50120EA0B48F36A5C47F221BC4E61D7DC0B9B1D2662C93BC451820B61D214E1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059898Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.031{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\pl-PL\MpAsDesc.dll.muiMD5=B96EB382039117DB6E7CD97DA5FD8C6A,SHA256=FF7C4A378D15B2891A4957F737A22A1D158E54A6310924F6BADA53722FA6D45A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059897Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.031{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\revert-branch-rebase.htmlMD5=9700E1482C95EFADE1E1AA5F3AE4301E,SHA256=04AB319CCA1C327DFE7464BB9D8C0545FB8C660CFD0A1F5A34DC0DE15C28CABD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059896Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.031{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\revert-a-faulty-merge.htmlMD5=67EFDF79244392FE1ADDA5EF0BA0ECF5,SHA256=BE2AE5CF5585D60AF78583D5EC722DDD6846CD29919C1015F5FD77E2BC0018CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059895Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.031{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\pa-IN\mpuxagent.dll.muiMD5=0858AF34223613F6FDB7D36EE2187292,SHA256=50AA641A180DD83863FAE276906387F78EA45BC326DA715E3752B4A7AB5FBC2F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059894Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.031{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\or-IN\mpuxagent.dll.muiMD5=795767F8F307614A9AA1789E5610A2E1,SHA256=056C9B6014778E529945152F7A370501E8F489474AB0A672623C2F2F83865ADD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059893Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.031{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\recover-corrupted-object-harder.htmlMD5=B35E38DBD7413F204B914D55E301A6C2,SHA256=854B84FA75B97EEEF163CA1AED850B6B3CD8E3833CD2A70836426F3A7D5CADF1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059892Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.016{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\nn-NO\mpuxagent.dll.muiMD5=25EBB8CADCF92D82535096AB16754A7D,SHA256=88E016954F720FD707921A51D3976A4AD420B6ED7901F64BB820DA8D85B1E8B2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059891Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.016{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\recover-corrupted-blob-object.htmlMD5=E899A92AF11515536B84F667F47995AA,SHA256=7F3D03D72F40061F95179A175CC0755308C923179F20BC484D8E660784BAA534,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059890Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.016{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\nl-NL\mpuxagent.dll.muiMD5=91ADD73C150D29B35CFDDCF5B3D5EA46,SHA256=C3C0793A293BA5F6D2DA58D078FE895D3457B438D5BB07283279C66550DF995F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059889Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.016{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\nl-NL\MpEvMsg.dll.muiMD5=D9B3D057BC737C0FA82D3FE1C1E17762,SHA256=ED1280AEBC4FF98D86B6A502B60FEF2B9A2710EB863FC87A225B07FA8BB54EFE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059888Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.016{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\rebuild-from-update-hook.htmlMD5=E3FB559421F81C50C512033D2611CBDF,SHA256=CF4255C9D184FA37BD7561695068BE024D0F7617936726BE0DE721326EE8AD61,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059887Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.000{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\nl-NL\MpAsDesc.dll.muiMD5=2761ABF999488090724F029B46F47DD0,SHA256=DD49F445D7C3FF78735BF6D4B4E1D51F65CB7A02DDC4B3BE11BBE3E0DC8276D8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059886Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.000{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ne-NP\mpuxagent.dll.muiMD5=48DE53D02EEF84D0C23AB38F306C0996,SHA256=19CD78F13EDD1151A66B513A80B7980B375AA6E17F471F2A77560FBA7823A983,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059885Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.000{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\rebase-from-internal-branch.htmlMD5=9D047484678CFC4CEFA3166DC7614E56,SHA256=B8854FDD676E9097E0C2BCACD050376D7CD0EEDE9F79CE4A3F3480CE638C1FAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059884Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.000{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\nb-NO\mpuxagent.dll.muiMD5=39E93001C59A4A46CFB241A9031537F0,SHA256=8FAB28ED79F83FFF1D19D2721F94B6CEFA80C81859AFFB618CFE25670AAC7A1B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059883Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.000{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\new-command.htmlMD5=A7750443C94177B2191536872256D08C,SHA256=F22B9AC345D4FB51AF46DF47DFD9368BA2FC288C709CF7049CE7976366779C45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031807Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:34.784{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=824997D425278432C53BAD81FE3BE3AC,SHA256=EC719517CB549A2953164E9417AFDA6CFC2ED1C38710FB7A467171B7EAA869DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031806Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:34.114{CE7C8936-1A7D-61E9-2200-000000002202}1212NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0b4c8a78fb3fad9c4\channels\health\respondent-20220120081703-137MD5=48D9DB22D5DA72E1508DB4774F89CD54,SHA256=47231F73915EFCF046725A41CCC183BD3625BDF28EF9197BB172C87CF7B7A72C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060363Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.998{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Lm.plMD5=6B9F7879F85CC7C9B1B54695034197CE,SHA256=0CBD340F0C66B044687AD09D2691923C20A1F23DFA47C1E6126F1BD2D6B1A9C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060362Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.995{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\it-IT\ProtectionManagement.dll.muiMD5=43DF5F29586F65873FD7DAC6A3406DB0,SHA256=2483CB01A9CAF7A5DEF63740E640EA1648A2C9426C0D4448BABF9966F4FF5C16,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060361Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.994{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Ll.plMD5=903683C03BB2A84E692FE584A86F5757,SHA256=A403880EEF1F6AC8E815D86EA35178B295D1958D2593B37A4F6C6DB58F6789C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060360Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.978{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\it-IT\mpuxagent.dll.muiMD5=F5E020993CE8C7E9A39D9B3AE51EF265,SHA256=EF5FC01D0D44B6FBD6650FBCC42E0C5970D78860D56A75B7A64DF12F268A307F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060359Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.978{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\LC.plMD5=34061712FAD8FC932856256113FE3C2A,SHA256=38F4502010A7D9617DB7B2BA1ACBC72355BF7060DB3F62AC0E1308344D9B6858,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060358Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.978{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\it-IT\MpEvMsg.dll.muiMD5=49C7FD7EC07208B37F4424510B4E9F48,SHA256=E3EB3FF9F364608A5CFCFE951FEC413677EAE7E762916F00D7557C35ECB3D238,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060357Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.978{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\L.plMD5=2C1D7573AD68D2A6F91CB55E21461EA2,SHA256=67ECD0A2560D8ABDC7478657C95B5B3F1C697685AE722A6B5E6AF0CEAD153CD0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060356Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.978{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\it-IT\MpAsDesc.dll.muiMD5=2BB4AF4AAF157F9023E6DD7BD9A22037,SHA256=29441EF84FBDC8E45104E145F630487A42E72B1EDBE974C50BE153D25976718A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060355Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.978{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\is-IS\mpuxagent.dll.muiMD5=CC63D7229B687A0555A6F322B6CDE68F,SHA256=F88DE4EE2D61B50477C889787BDA48816B680DE2107A529178B82D3FB39D5AE3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060354Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.978{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Cn.plMD5=9980E1CBDBA08E7FA0DF8D9019D891E5,SHA256=AC3BA5C2648F13B5228B8777661206DC432F6FDC699C4B2AFD9016DFF21D683C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060353Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.962{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\id-ID\mpuxagent.dll.muiMD5=E02E26AAE92139318A7134A0A79D55FB,SHA256=35A9CD12B369D0097B6759D84F8997DDF2CD1F95E5AAD8D49406E4B520ADCB2C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060352Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.962{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Cf.plMD5=637EEB5912248910BFA6D278C26593BA,SHA256=D7BBD8145692462B51B467C46AF11AD28966FBFC0E50A84861AEEBBB87D02F8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060351Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.962{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\id-ID\MpAsDesc.dll.muiMD5=85943C2EBB43E9B241F2D884280E84A7,SHA256=8B23C55F41920D3A8FC90E91E36372DD1AB044C81BFAC26324835F2E22AAE511,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060350Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.962{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\C.plMD5=8325E222700047803BA9AA27ABD6760F,SHA256=F144D2DE7B9E67B38A21F9865F48E731F69F5DFAD7FDEBD0B645779BD990B9E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060349Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.962{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\hu-HU\mpuxagent.dll.muiMD5=1BB3CCDB0E85433A5AAA47FF46A232B1,SHA256=9A2682B2E05A9A42631D0D610F7DFE24088965694DDC363B3F76980D5F37C72F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060348Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.962{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\ExtPict\Y.plMD5=8A8B14CCAC1D13409DCDF7D3066D54F2,SHA256=0908AD631AB3F3B47AC09B50C64B240FC058B4A158312B205BAECFE6C05C38E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060347Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.947{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\hu-HU\MpEvMsg.dll.muiMD5=03C904D55257A07D037BF817AF55034A,SHA256=6FB1574D6647A6B8B1DD19CFC377091586677EAA1C60AF55FE130BE823DD8995,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060346Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.947{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ext\Y.plMD5=A98974A0B9525ABF6DFA78E119453186,SHA256=BFE2DA8161544DD0E719F5E1540E48DAE4EDE66FFC0EC39D729320CE80E83823,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060345Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.947{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\EPres\Y.plMD5=6AB4EA29627BC9C6E6BCC99E353F9357,SHA256=3F08911A7F2C1A3D6EDFA2E1516159A454C53513EAD2681D989B2E666A196B8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060344Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.947{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\hu-HU\MpAsDesc.dll.muiMD5=54F0DBD0C33802353A01CE3FC78D8839,SHA256=B8C5E09B04156FC7D6B3CB91BCD78E333FD333D6661A8A06FE2C79F967EDE194,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060343Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.947{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Emoji\Y.plMD5=EAC550EA266F25526644EDCC7182BC0D,SHA256=B9925DEF95B47E96A61321FF521ED82C2D9FD780C71A0E37D06EC96984DBA460,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060342Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.947{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\hr-HR\mpuxagent.dll.muiMD5=CA98D8B7503D61A0159675BF773BAFB3,SHA256=99C3BABEA53C2E5CB99A4FFEA8CEBE244D0D9D750A9382C100DBCD87B758A4F5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060341Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.947{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\EComp\Y.plMD5=444C131C008CE4C73A70B6F82D3F768C,SHA256=B3D018FC60859CB97FCFD2EF7BEAA64328E524982A7B1290FD738D0D1A8649C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060340Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.931{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\hr-HR\MpAsDesc.dll.muiMD5=FEE0B18D5A27CA7E46150E58D28E3A1D,SHA256=81DB7BFF60679B56D75C15397ABF0E546D5A320BD44C6871008079ABD5C696C9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060339Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.931{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\EBase\Y.plMD5=8C6200D82E43FAD5B56EB44D4314E368,SHA256=93A851AEF71832760AD7AA83A552F1A8F87710F2FE876BCB301C323F0AE08E4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060338Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.931{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\hi-IN\mpuxagent.dll.muiMD5=4711697C3001B09FADE00AD1CD52A220,SHA256=BA4ECEEE4C14EF4D7E0B0C31E8DC8B2DAE4C1668EED9318A89A8E9B4E9AF17AA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060337Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.931{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ea\W.plMD5=6BEBDA2E314CF87D28489990DF0FAF37,SHA256=ED5D9C73D37FDF6167B45A4ACF8839FF92C0A72683DD949EE815B1ECE67443A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060336Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.915{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ea\Na.plMD5=CEA84242C61B61ABA8051F82251C62BC,SHA256=EAB7C09A3F1E7B93616DD827AD387C18EC236062C836103074E88A8627AFAF8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060335Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.915{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\he-IL\mpuxagent.dll.muiMD5=9AC12A9E955057CA687BCB20CD0664D4,SHA256=A8F5B0D1C508B9FD92D570989B04E6B1CD7A17E3433BB9F1A424E31BA546B516,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060334Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.915{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\he-IL\MpAsDesc.dll.muiMD5=B9F6616413FD767904C0F7280FB6478F,SHA256=E2FFD9E7057FAE276B32187106310FE97249AAFE6BD0AA2E7C569C0023DE9910,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060333Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.915{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ea\N.plMD5=C0B7166FFF35E3210766A39B95A0BB3D,SHA256=7F090986F89433525402598BB1F3E13561141B3DA80A899F504390B04596629E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060332Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.900{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\gu-IN\mpuxagent.dll.muiMD5=A82039F34DBE3059BAFB353F15B821D9,SHA256=845CC18711421317F21FFD6ED981A55A1DFAB439F6254E61FDAF9238A02B37A3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060331Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.899{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ea\H.plMD5=50421DBA598E0880D8A5D97A1D6624F8,SHA256=CEEC58D04FE90945260816D940A2BF7C31D5559B12A945A07550CE940D5C1B3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060330Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.898{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\gl-ES\mpuxagent.dll.muiMD5=96F5728002472BD841A76FAFED8D7ACF,SHA256=65E0787EA9E028645FBE028887FE781E1BD225B58D529786FE24D4E08C56FD48,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060329Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.894{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ea\A.plMD5=DD6DC1ED364F99F7D0A59AB2985B6211,SHA256=F29276029468115E88247AB329B6CF00075B30944D3B390DD878B381CA8493B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060328Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.878{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\gd-GB\mpuxagent.dll.muiMD5=4C4A804E15C9160284C3D773FBB471BF,SHA256=21FB2524F6F01AAFD47A176A0E3D2654EF2EA425A3CC08D0A2CF87ED9517B973,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060327Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.878{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\Vert.plMD5=F26BBBF765E8FD0B658E0BCA9B33FCC0,SHA256=76DA17DDD1CE6B00223AD72B7AB308877D5B52FEDE6A1F4E13C8D77CE24A7AED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060326Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.878{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\Sup.plMD5=66D31D066FF38B35C1F2B4E176987729,SHA256=AF729DDFCC881E81CF81AC43C9ABBE5E314E1458B881DBE1341F1F0A8B58A1D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060325Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.878{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ga-IE\mpuxagent.dll.muiMD5=2FADD9CFB5B7F3FE58E9062CD42F99E0,SHA256=52CF2CD46ED43B59C0E7F431F54C1E5843A1AC7D297CF8B9DC0C0E59FEBE6D60,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060324Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.863{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\fr-FR\ProtectionManagement.dll.muiMD5=B3C206C579FDC4E0F136F666087A1A59,SHA256=115A0E34AE2005A5F0605C93CEE01063C0A43A357D3D350D5B388331E5C286C3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060323Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.863{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\Sub.plMD5=ECDB175BE642252CB0300F6D46818990,SHA256=6CC23F11AAEF503BD867CF883292C7E63B55EBA22964ED1DE9C3AC803E32DB2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060322Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.863{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\fr-FR\mpuxagent.dll.muiMD5=BF23D36F68C22C68FB4533BF2EE4FBDB,SHA256=3C75EDD06BF72FE6358159EE280AC2599B1464B3AB1DB62FB6B890439BD20F83,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060321Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.863{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\Sqr.plMD5=0A741336B808FBB207E92E033FAD15B5,SHA256=430E51F15A0E9D54C119ACA605CD4D2E0B95E61A3D8D7637D15D73C8B139C84E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060320Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\NonCanon.plMD5=E20B4EDEB660A665B2371CBFBF75AC29,SHA256=EB20BE21B49B084B911CCF7D5A6FABC939BC83E6BF1C863C0518B1595002A292,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060319Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.847{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\fr-FR\MpEvMsg.dll.muiMD5=CBACDD811B404C10F44B33AF6B551314,SHA256=0F18FA664A157462A28628ACFF0E44821D4B2B59A9264FBF65EBCB820CB2A2CF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060318Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.847{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\fr-FR\MpAsDesc.dll.muiMD5=285926E7F267F44F5A8A4D39FD6F3F9A,SHA256=0FA9712825450FD5554AD735C082386F9F981FAB952E0401E963300D8D8EC77B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060317Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\Nb.plMD5=8390B67CCB0C7F61AFD3146CD5060C4B,SHA256=D502D0933546452679B5D1CC9015B2D52CB27773C3FDBBAAD65584A7F721111E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060316Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\Nar.plMD5=930B15599848D874D4322BC6B3C79BF9,SHA256=A07087DA4C030AABF9583B29ED841583AAB42EA837B5FC319A34143F27AF3257,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060315Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.831{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\fr-CA\mpuxagent.dll.muiMD5=9112D2D8149ED6D27D8CDB1A59318D96,SHA256=4FBB2359F2E3D046355EF7F67A14358924C5F307344FD01AC5F9F469FDF0DDCC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060314Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.831{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\Med.plMD5=C33A39A8699D6697FEAEE08720648FC0,SHA256=EC70385F358FEF7EC131EC4F558DC901887A011BC73F986C9809880C0190D7E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060313Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.831{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\fr-CA\MpAsDesc.dll.muiMD5=D0F5A473AC62E4D9F4D84C991501D736,SHA256=D8837AA791AFF1175ED7BEA92AFEA813A4068A94498CFE29F6C1F4D81811F35A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060312Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.831{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\Iso.plMD5=CA93AA8E24C09A31E556B5E9DABE6D1D,SHA256=BF2985EC300A88D5E3E4D1EC18F9513AA2952473368CD60C4756FDB9BCA9B7D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060311Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.831{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\fil-PH\mpuxagent.dll.muiMD5=63F04EA51006BDFAC0E72FEC77793AEE,SHA256=C41D10191277F54E2F19A9D0B96BBD8CF46593B0C945F96FB10F5EDB7D2275B1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060310Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.831{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\Init.plMD5=AB2BFD56F88250A843A6C4E0E6CB9C62,SHA256=CABAE02EB09625947823BAFBBA1391BB657F8B9372873D0A2FFC01DB06EC746F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060309Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.816{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\fi-FI\mpuxagent.dll.muiMD5=8091855B10B231F0C616288DC931D144,SHA256=F4301EE452564C53FE442B8B82B2A6A3C43BAA14BC0A65519B5E5CD45BAEEC6C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060308Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.816{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\Font.plMD5=9DDD46FEA00858E293340DA77B3F05F8,SHA256=4E6C4A28F5AD295E4F126EA08116BE973C1161DA8F24251FFF541BFE05AF68B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060307Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.816{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\fi-FI\MpEvMsg.dll.muiMD5=6D873185C391DF16629C6A626599A0AE,SHA256=9CF04577CE63847CC91FFADE32D8E89A75DBEE357BEFCDAA5F35BBDA944D86EC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060306Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.816{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\Fin.plMD5=709D1F2F908CD7249EB47D2898CE8141,SHA256=3A47449C25A6147A230E9D82B6B6B484DD032DF5248CF52F57D164DC094373A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060305Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.800{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\fi-FI\MpAsDesc.dll.muiMD5=A9E3A9CE00F86295071DF298335F6C06,SHA256=88BAC39E1E1E0D987893162D8828E717CA3B9CC0CFB7A8314D98EE9F8D837104,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060304Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.800{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\Enc.plMD5=1DCD8873BDA253499DF137BB7904E8B7,SHA256=A51743154446C19522DB6E8E2AEE732F7B93104496A66174B147A8D089CFB8B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060303Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.797{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\Com.plMD5=07521B20F8F20A96605377846284C21B,SHA256=C4FCBE70DE91489FABF72A30547A802F80005DAF0C8D3F5321FA21FD70A65F93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060302Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.795{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\fa-IR\mpuxagent.dll.muiMD5=4DA0DD6B78BC8FFFC216EA883E6DC6C2,SHA256=403C709C2DDCE26D5CB837236A141B42466B271B24757529DFF64D2D8174D4D9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060301Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.778{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dia\Y.plMD5=120AEF1F90A07BB71D111082BC3DC55B,SHA256=89F235889E2CACC6A007B10059C0195A767A4C3C0C72BC483AD12EF42AF7D69C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060300Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.778{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\eu-ES\mpuxagent.dll.muiMD5=67AC5B49C88380DB336D06CF1ED3173F,SHA256=9E2A0FECBA2A37EE285CE2768D1209189D9250EED0C936EEE301EFEB5C96F7DF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060299Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.778{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\DI\Y.plMD5=E4DF2CCC66EB3CD7F0E4247A24DA5E65,SHA256=8A74FB86E92CB00D52C7FA765A2D8C96511A207ECC366DAB49A94D9E3D192CC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060298Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.778{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\et-EE\mpuxagent.dll.muiMD5=4A884A0F57FDBE52EAF0D87C581FB234,SHA256=3F0CBA6196FAC14F53B99746013C0D0B825B9BC02A1335284CC6B51559EE0ACE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060297Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.778{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\et-EE\MpAsDesc.dll.muiMD5=927FF21ED30775A8E85D131217C9D237,SHA256=B15DCC4C08E0852FC4DB69690630088C2B2BFA095BD57FEC08A559C085D32D99,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060296Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.778{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dep\Y.plMD5=895C0EF0B372EC2DA06A771AE5016D98,SHA256=A979575B8CD8791AC69DEA3882CF1C797543B5729D37D412A0115EF8BE7D1360,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060295Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.762{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dash\Y.plMD5=165071732FA705D371A95AD5541B4254,SHA256=DC7306B3CB53D916D46DE801CD892EF63DFF43D54F681B410A5A27029EFC0875,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060294Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.762{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\es-MX\mpuxagent.dll.muiMD5=63B754BE7F6DBABD068C15B39CE4C113,SHA256=EAE30810FAF0488B162E1E755048CF93002A9865E213AC97402FB7A3B9ED8394,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060293Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.762{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\es-MX\MpAsDesc.dll.muiMD5=5C35173FA74A3D672A56CC543A32FA5A,SHA256=3D6F9B57DD78182D5C68C2030394E2A2FEB3DF71FC9F789F6A7A24C58A6BFC66,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060292Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.762{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\CWU\Y.plMD5=FB015A4FFEEAF177387258F95CC89A9F,SHA256=29D9D4D37DFC01D77C4DB075B6C2E0F223CECCF71B1E53F65817375283FC88A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060291Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.762{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\CWT\Y.plMD5=BD829C7A4DD0D6C6EE17F3A6ACB83E0A,SHA256=679E9D16E1DECB30E2DEE42CDF3235615942781361BAD2AE49BE0DD576AC1B2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060290Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.762{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\es-ES\ProtectionManagement.dll.muiMD5=8A9DDB06A8571FAA347655E6C42DCC3B,SHA256=028CA6F190BAB7952E0DDFC77496A61123B752AB35702AF68C0A9A75A3C0CE81,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060289Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.747{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\es-ES\mpuxagent.dll.muiMD5=042B5EDB16226FF87B31C1EEE0919947,SHA256=9F728A89F7E3929C7A787496E84D3FE6006DD284CB8A0DCAC8BC07349E889625,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060288Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.747{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\CWL\Y.plMD5=5F6E7F0D30600F1F644E451FB7FBECAD,SHA256=B485659B0249C4A83A7456E13C51E05106C88A90268CB97D0C1AE5EB68958D38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060287Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.747{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\es-ES\MpEvMsg.dll.muiMD5=1405D597CF11D85A22F85976119B6FE1,SHA256=84D02E2B3094B0D28107DA7A4E9AAF4248AF6727B8C15875CDA6A3874A8A9E69,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060286Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.747{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\CWKCF\Y.plMD5=D8FA05CA2AD9577AE5A31C48DE78C5BF,SHA256=0DE7C41B0B9E3F14E2C81FC640A8DB5FF1AA151C4E2FAF29B68C0440FB8F36DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060285Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.731{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\es-ES\MpAsDesc.dll.muiMD5=6A1D6708A2926479AB25C58A2F1E78D5,SHA256=E72CDCA57721651D1C787ED2B67D7059D9123DC7A71A27241F6A57285EA0B135,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060284Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.731{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\CWCM\Y.plMD5=BBD1DB372868DB91B3A46619ACBB599A,SHA256=35450A8E8ACCAFFFCB42428C0762D87147651FD88B7EC73FDE34379C06B42D71,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060283Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.731{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\en-US\ProtectionManagement.dll.muiMD5=F50AF044431879E0D89FA35750944411,SHA256=C22A3F2938DEAF607461C1863306CA6265F26C6DAD758D4B9C06A114711D713E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060282Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.731{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\CWCF\Y.plMD5=10EE0D807541F2074D6B8A59A07F142F,SHA256=FFCA172A10CD4EB178C8D3D6C63FA17756353A33E92A28CED8C13AA0466551C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060281Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.731{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\en-US\mpuxagent.dll.muiMD5=AE09146725377A5CFC93F2AFB266D988,SHA256=9EF5437EED8EC59D55DC2CD5B3FCCEEB34587213202C8D4C89537569D132A320,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060280Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.716{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\CompEx\Y.plMD5=A4795CA642E1D9DB3076204AFB75107E,SHA256=2DCF530F628200777992161E64BD49D5744BC41E2A97152DA7B256BFBB881886,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060279Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.716{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\en-US\MpEvMsg.dll.muiMD5=DF0918B0EDBC7B3ECC4D16E57ECAF80F,SHA256=6C5B089AC989E1341C520CD158F27CE203EB2C0147BF58628ADF3E5B0B7C1CFD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060278Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.716{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\CI\Y.plMD5=3536C069CB03334C828FF0F6DB424754,SHA256=C3FFBD8530F1BD8D6CC9BD5D51404866B770C1326D9C63250C27489105FFCEFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060277Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.716{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\en-US\MpAsDesc.dll.muiMD5=187C46CB061A1195628F6B3E4CC5CB94,SHA256=6040A5971CF7C9538AB347FA9CDA4067A11D7B159557341BB6E81B4CFC3115BC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060276Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.716{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\CE\Y.plMD5=64F5BC5BC2B1551C19ABCCD996ADB480,SHA256=279310A9284786488C4838DB5D902790123A99595634E370A195D13D959DCD5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060275Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.700{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\en-GB\mpuxagent.dll.muiMD5=693CE8ED1E84826C547DAAC802C98A2A,SHA256=CBD7D1BFAA7D5FDDBF51113432BB9320184CEA5E93FBEBC061A247CEFAD9FED0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060274Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.700{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ccc\VR.plMD5=98275115221E7BFFEB626F5ED4FE60F6,SHA256=C2F31C9F60CDF1745CE0755ED26E7E4C1AD79C6345800A5E072C2B8158B760C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060273Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.700{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\en-GB\MpAsDesc.dll.muiMD5=8A798EBBBC7737507AD7D51ED468A5AD,SHA256=96A8EEA3E7EBA64442A6D0B70B483DE164A5C248F6A598AC925435A6FAB54BA7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060272Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.700{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ccc\OV.plMD5=83AD83885BBFD9020AEE73BBC04FCF0E,SHA256=2FF24FCB60488CF11BD5D5E49CAFA6631065041244E1134E8A14115C9F950E1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060271Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.700{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\el-GR\mpuxagent.dll.muiMD5=EF22A37059CD990CA97F246C417472FA,SHA256=6D82FBB32A867DECCB922A2F376110003CFE24C3BF5621BE58A24316F8C8AF80,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060270Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.700{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ccc\NR.plMD5=E772451C45C545CCB31DAB88CD1741E2,SHA256=D0C37809A5A42EE1BD9A6DBA34C6F691DF584E6055ABEE0190AA500073A7BB68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060269Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.700{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\el-GR\MpEvMsg.dll.muiMD5=FF87B719FC9B61CD168D95692D417CAD,SHA256=BB8A4C321D817BCCFBC0D30FA1B947430A39A8182559DC8199E691774519B76B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060268Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.699{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ccc\NK.plMD5=121B09413A2C254F8981905F835339D5,SHA256=F18521F228E47064FBA4C4008224659428542C4A6ABD60715F39A46B79599F4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060267Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.698{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\el-GR\MpAsDesc.dll.muiMD5=79E17EAD71A9B8D43F653576F201A0D8,SHA256=E2F6C603C69BA2A2DF791BE1B38BDC3C7CB09DF829FB1375DAFD96C5AE65207C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060266Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.696{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ccc\DB.plMD5=A3CFDE0A982048D203D7C2164F40D7E1,SHA256=7A7C51589B861AA5FFEAE839A94DCEC2DD523F53D1FAD8A053EA962762093E12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060265Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.679{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Drivers\WdNisDrv.sysMD5=1526B96991A61A91A8EF39D2346A4C4E,SHA256=63985A5BD74906F7AADF22BC60C9694AE2B77582DA0A8DCF9A35AB6018B19849,IMPHASH=B2232D76DB16949062B092AC66B306E5truetrue 23542300x800000000000000060264Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.679{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ccc\BR.plMD5=19950F06ED4FD3991CDFE137A1A3676C,SHA256=9619DE824BE669D9D4C4D8BFF7736A73CA152640FA046E0D93E933A4D0EC3880,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060263Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.679{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Drivers\WdFilter.sysMD5=8D341CCADF5FA9C342D03AB71C163444,SHA256=88061DE952D44FDC17625E0B779FFE9E144C3933D21D2B9C54322CB871BE5F9A,IMPHASH=D148E8A715DE2CD7B90529132F014544truetrue 23542300x800000000000000060262Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.679{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ccc\B.plMD5=73D12DF6B4C4AC5BC3922FAE438BE60F,SHA256=F1110DEA90CA71CDEBFB5B5FBAF8669750782DF1233D986F9AA888611443C95E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060261Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ccc\ATAR.plMD5=07514C263AA9272F137EB20E14253D66,SHA256=F48CBA0D6A07C6CB5A0BF75FFEC8E9137FDA2E9BB216C26663C2996EFE3E94DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060260Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.664{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Drivers\WdDevFlt.sysMD5=EA7BD4E901D5B77990B131E1B0FFCBBA,SHA256=87AD5AFF6B14B603708217E2ACCAAC50A8D12251AEC0A7883FD5B97292889ADC,IMPHASH=FFAB6852F7551B536A89E4E6E6DEDE4Atruetrue 23542300x800000000000000060259Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ccc\AR.plMD5=39F021ACD5FCF53A88553E8CADD4A5EF,SHA256=8DAF4203EF4D4ADC681C508BB3B0B7CE11DFDFFFAAB6011BD7642815F022CF50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060258Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ccc\AL.plMD5=3D3ABF39140D18971EF14CACE680CFD3,SHA256=DFB1FA38FB736022EC0A9FF8DF7D9A806B9EB951A42E499061A52B8795671A74,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060257Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.649{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Drivers\WdBoot.sysMD5=F275B59876FF941EA4C2AB1AAE5DCD9A,SHA256=A3087A5FC5A617DC951001B5C210BC275D97806629A8DB635A6A4E33DF99AA3F,IMPHASH=4B7A0029980F4F757F052F90FE2D4610truetrue 23542300x800000000000000060256Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.649{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ccc\A.plMD5=62731D694EF314A3284108A564B1B2E2,SHA256=F09592AC4EAC4563C96BC608359D40A63363ACD818AFB03BD9169D299EB88766,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060255Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.649{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\de-DE\ProtectionManagement.dll.muiMD5=E735FDC4511AC3B5A9CACFC371076AEF,SHA256=C7DF47BB80C160ADED39A0148DAB6A9CFDA612D3503ADEF65EDEC0EE6180A25C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060254Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.649{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Cased\Y.plMD5=A7326A6D42AE8CEDDE4CA742E02AACDF,SHA256=1279219F33CBD46A8FF1388FA6E50C4EC04DF994CF4A6C216CC80F7AC6D1ECE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060253Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.631{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\de-DE\mpuxagent.dll.muiMD5=1997595B05B49D3B2C65CAD659F5AE8E,SHA256=FB6A66079DCB5163A4E59DB6ADF788C31107222BA7565026117C4C8269A1EC56,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060252Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.631{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bpt\O.plMD5=E1D51FEAC3059A3CA87AEDE25C3BEAA2,SHA256=C8AF291BA31EF5B5328687730CCF2B0C7E7BDDAA511B6D8714A3AE51133B26B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060251Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.631{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\de-DE\MpEvMsg.dll.muiMD5=4F4B6FA818D9296DFD2C50E9FC8E3148,SHA256=5ECD0436B6A03F3492E8F49E77EDBB9980930026F901FA7B9320A977611F0519,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060250Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.631{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bpt\N.plMD5=290ABC6DEF8D32EFEEEB042FC86759EA,SHA256=AB0CF976434D6244D6A7ECA532AD4B2414AAB9D7B4FED8CC28F3A832800956E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060249Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.631{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\de-DE\MpAsDesc.dll.muiMD5=332EFC7E9655C17CE7B72BA2FAD9B8A8,SHA256=B9E56473D315682FDCA6A1C40D4B6074863D2B4D994CBC57540FE77E4BE0B7E8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060248Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.631{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bpt\C.plMD5=BD74D7D0AC519B9896109D8BD9C0EB81,SHA256=4BFD6BDD4BD742864EB834305136ADFD51413080D5E5A4FB927C0139BA7EB7A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060247Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.616{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\da-DK\mpuxagent.dll.muiMD5=7E79B3585A5EAAC5ABD4225BABD5CD15,SHA256=F0B45691C00E5B9533BB3386453B1DDAEA68060E5F03E391D8B98F74FCD09B3E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060246Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.616{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Blk\NB.plMD5=20BB29F3BEA16B7F1DCA02AD4D2D4517,SHA256=2EB6E1105F63ED524BCBB0246AC4DF92278A840372A32DC422EC3544C55C4798,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060245Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.616{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\da-DK\MpEvMsg.dll.muiMD5=251AC3CD9D8AB20DDF64636DB63F3DD0,SHA256=80078A983E83A160602EE29B9F9176003810DD018680E9DAD0B02456879E4D92,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060244Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.616{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\BidiM\Y.plMD5=BDD5F3D9CBF2C232AB5DAA71559DC1BB,SHA256=29466E686D415BDF089585D3ECCE06FD9BEAB52364A7A98066AB9EC349E6F959,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060243Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.616{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\da-DK\MpAsDesc.dll.muiMD5=6BAA1DE1B3CC2FCC7695F8FEC043BA37,SHA256=033A1FB10B2CE94260F72408E22A68BD88DDE3459A15826C9597E7981D801467,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060242Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.616{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\BidiC\Y.plMD5=8B6703204D8C7B771C6886E1876676D5,SHA256=1D74A07D8E41979DD2DA5C1310BD15FD92D3F2F7106DAE6EC045EEE0941C07C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060241Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.616{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\cy-GB\mpuxagent.dll.muiMD5=D476A8CE57FE38BA7F1E12DD496C23D2,SHA256=C5EEE24874C3F4F98DD9B08AC6D0EAB0D7622B00E546FFDA993A86173897BA7F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060240Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.616{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\WS.plMD5=1B375227182BF0697B624231C00D9C21,SHA256=7B0505B87BC150CB8116D5341B89EC7E12A9F1F28360DD2AF608C1532DF3518C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060239Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.600{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\cs-CZ\mpuxagent.dll.muiMD5=AA080DB759BD98AF8A33E851EE5078C7,SHA256=3217722393E01E8616CC6CD1D63B32931342F0CF28754C1AB3A1F8FD60966E25,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060238Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.600{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\cs-CZ\MpEvMsg.dll.muiMD5=A0A5FE002EC73797DA31CF029C342E0D,SHA256=7D59200CE5541BE46C0ADFD9E94397151543161E507A5DBA5A751690F5BFC010,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060237Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.600{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\R.plMD5=D4E61D82E5F8310973ACA5584CC94554,SHA256=4AB9E58081214CDC281666E18D8EB8F07CA9A338723549FBE488DB3CA20DAFEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060236Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.600{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\ON.plMD5=70CEEFCCEFF8A9C9387DC635FD428631,SHA256=946538587F876EB156F40650279634FF089F363807DE8AEFB55D23318F26BFAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060235Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.600{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\cs-CZ\MpAsDesc.dll.muiMD5=7CA2154A8C6E6FAA29554C0F8F9FFF84,SHA256=4EC3E83EB3A3D943F29918EC29B0CE6B9AC4A99021BF8D320148D4CF1ABC8009,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060234Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.600{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\NSM.plMD5=893C299387FB1D203477DBAC27CC7064,SHA256=20DA2BB9F3D42F55A23DBC9CD3E9994840771C24484845CD23A57E8CB72EF4E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060233Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.599{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\L.plMD5=B80604E2658C3EBF15D7E76D3CC1B802,SHA256=301C2BB95319CB9E9E12D721DEF1D8187AD3652C5029F272CF808F2BDF587DC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060232Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.596{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ca-ES-valencia\mpuxagent.dll.muiMD5=700994B603A3AD4C63A73628363BA34E,SHA256=5137437407BA412E9D6CA0EDD1E42A519EB9A4749AFA86959592C2971BD5C5BD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060231Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.578{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\ET.plMD5=5CF4751738A5CEF1FF0804AA5C6D3E67,SHA256=B28260039861FFAED5485EC22FC45D67240B08B954E17A6C3E0E4AC4E670797A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060230Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.578{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ca-ES\mpuxagent.dll.muiMD5=A2EDC36B256116D244EDEBCB9618A038,SHA256=C59F2084B4A938D2D5EB796C9A64EE998426A7EAE61364B6CC20733491CFEC28,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060229Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.578{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ca-ES\MpAsDesc.dll.muiMD5=434861E8B64AF92FE8DE8E9F90EBE587,SHA256=CA47D07911750AE7AB92B89829E22BC379EFBA2E86E8E59B274DADE31298CF28,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060228Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.578{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\ES.plMD5=6F6CAF218923ADCE72BDC23B00AEF1BD,SHA256=E193D9856AF559FC41CFF5020858F6C05E5D58B9F06E82423D170B581AD6BAC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060227Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.578{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\bs-Latn-BA\mpuxagent.dll.muiMD5=ACB24B7EF7EC07681320B72D17086145,SHA256=E094025F7C0549C550846D878CC9EA493FEC2958F9F297734E295F724E8104FA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060226Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.578{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\EN.plMD5=AB95EA4BF3CCC35B4880F2655446A57B,SHA256=D730D95E7ECA378F0874C4B1CC088E547738B46F4795EF035879F5E835D40D2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060225Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.563{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\bn-IN\mpuxagent.dll.muiMD5=9FA720C93633B9E7909D82A4EA786677,SHA256=E44A23E6D0F4A8621BFD34F11DFC39AB433A57FEE3D3E1272574AADCF54D248F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060224Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.563{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\CS.plMD5=35A73702473A5CBA6FC5AECEBB611D71,SHA256=76EFA82BDCF1D25B13AC7482DACFF3DCED44E25143BFFB34141FA4D8D9B760F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060223Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.563{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\bg-BG\mpuxagent.dll.muiMD5=0A1571826256FF307B6A7B02F15A570F,SHA256=1342ACDBBE2159B4AB9E15E5246C962D5B2999E00E056A025C2B61816700AD20,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060222Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.563{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\BN.plMD5=26FFC7FF1501AE604A293C41DD9BF289,SHA256=A6D12805067F9A0016E0AC041D1D6AFAB4FA127D9B77C19BED3AAFB6CDAE96C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060221Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.563{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\bg-BG\MpAsDesc.dll.muiMD5=94D852744FD8BC979242D35799A73D13,SHA256=2D9C27EB93CA87C869147AE55678EDF9CB5E44AC2DA44D2DB3E5E3A37F848FDA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060220Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.563{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\B.plMD5=6EF607A20F85F2449E46A42F74B8A55C,SHA256=0FC5B158814D575A5ED69928258DBE0EF31D24DF6DA2887B721FBAD6332D156A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060219Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.563{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\AN.plMD5=386C916290FDC62A454B01B7708938B3,SHA256=DE44A088FD4CE4B9E9CE47F53753E6ED413F2B355CAAB4668AA40FEEEA92BE1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060218Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.548{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\az-Latn-AZ\mpuxagent.dll.muiMD5=D47D16550919A2A09BA7B196E983E5C9,SHA256=A330CF212D5362D529B907C0EED9C32D33096DE3E5D044B5A577C33EB4FF9E07,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060217Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.548{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\AL.plMD5=FC092F25357311BF93D11AA6F844F365,SHA256=5A75FF4EC0C915636164955A2A7A574C95A72C99E5D897325117E2D1C11811F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060216Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.548{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\as-IN\mpuxagent.dll.muiMD5=704B97A099D74DE55B62BA93D2028770,SHA256=6F00A9E4787D9E37547185AD2D6B220AF416E79024C0F2A4D195F3A0A8FBFBAD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060215Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.548{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Alpha\Y.plMD5=88021B967D9FD3D13F7BA9B342C38070,SHA256=7DE1FEC0D3DADC0F489AF1080800BAAA76D8C1202F9DDD88B674D96DACB359A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060214Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.548{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ar-SA\mpuxagent.dll.muiMD5=11AF1EAFCF99F801247E5D15B307B37C,SHA256=A0D448C2117E94B22032CD58BC3740CE13286B4350AC172339AE702A832E5598,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060213Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.548{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V90.plMD5=04252245FE1BC002F0B20BC7645AFACB,SHA256=20B796DAC5E60353CF423E69EA86A8DA63409470DC0D2FFC5E255D3D038E3146,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060212Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.531{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ar-SA\MpAsDesc.dll.muiMD5=E6C0CA84DB6B98EED91C7FCECADA1A03,SHA256=98BCDD1DD54DBB1814B5C687AE917E70DD512395A1729DA0D290026DBA65E04E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060211Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.531{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V80.plMD5=219946FCB2C46A9D63D01E03854964B0,SHA256=6032EFCFA434AEA00432A5432D14A5D5AE2B94E2EF5E2DCB60AE39955F2E4B15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060210Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.531{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\am-ET\mpuxagent.dll.muiMD5=1ADBB96DFEF6ABD3E4B50F0920A82E64,SHA256=41743F683B41DBAC3FCB3A1B42261224741498A153A36EAD568D039867F81AC3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060209Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.531{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V70.plMD5=E44F082E68EC98D579CA8052E1D43DCF,SHA256=4C18D061954AAB2450164F4F5147E9799D48F0DF92E0C396CF2E743D6B3EDDEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060208Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.531{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\af-ZA\mpuxagent.dll.muiMD5=15DB2943DD1EFAA4734F8F77939A30BD,SHA256=D554657531449828477F4B5033073CA2C318028528B557573F7E931CC5E5FD6F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060207Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.531{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V61.plMD5=EC1B8D2FBFF6F19086CAB21A9C53F023,SHA256=32D11E8DC8A7BD01FF3A4C8334E23F4D1B41331C37BA1E035383A7B8CFAAE9D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060206Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.516{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V60.plMD5=E3E2DE925DA87F9EC7BBB057F5E3838F,SHA256=059D94E083BFEC7EFDAA80838F426D42A33D81EE179080C1EAFA72794BB49AC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060205Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.516{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ThirdPartyNotices.txtMD5=CE7313760386B6ABDE405F9B9E6EA51D,SHA256=73E26404B3571A9E859B3A1144F54C353172479586E0A23C3A7DDA0C1C0AE919,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060204Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.516{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V52.plMD5=95727AC8AFD999FC9F6E11DDA3361AF8,SHA256=928EECE818F91AFFE25CC6A7186021743CE7385094271666BD6A88A6CD7E23DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060203Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.516{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ProtectionManagement_Uninstall.mofMD5=72D045707D108D55B76CD70AD9A84AD6,SHA256=30A0AD834D7B3F4FB47010B4BB6905576792E83064E9DD858EABF0CCA17FC3DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060202Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.516{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ProtectionManagement.mofMD5=D9619BB89523F47C88DC5FC8BEA50BA0,SHA256=3ECDCEF5A04C90CA1EB296F3AE4F1C5BC96C371E84BE927C25FA64D6C74C34AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060201Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.516{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V51.plMD5=F0CFE0869AE649C309A5E518A17FB923,SHA256=2539AA17259F87644C8DDD5F4DF9BF455660D02C5AEFCDA49056479AD098B866,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060200Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.500{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V50.plMD5=E6D865138414BF5BADB7AD796569B2F9,SHA256=FDF099085DE660B92470E7418BE14F3211082F52B3DD08DD758E57563F1BBB79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060199Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.500{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ProtectionManagement.dllMD5=6961741616536665EA08B42A33CC4661,SHA256=5101226F1C66F21801910E1DA1292E197D0EC519D47C1F9BED4A9CCB6AA85B71,IMPHASH=9FC00988A6134F08C0D6DA8432A3B141truetrue 23542300x800000000000000060198Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.500{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V41.plMD5=5927F1B41BECDBC0C1FDDB6927FCEE9C,SHA256=0635AC9C654B2ECCDA473A0896EC0A4645BF7BEDC7CC9CBAC50E1E479FA2353F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060197Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V40.plMD5=D6D69300B6B94CA589A863251EDE39DC,SHA256=B5EB915D505A1C77D4DD97647431395F906DAA020DA8B14A0194BEC13DCC130A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060196Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.478{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V32.plMD5=B1C1A9DB6D0D6F9C795B9686FBD86816,SHA256=B7CAAC71A1886F69D29EDE13B3FCBBE0195517789A22EDA0414924BE763F93E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060195Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.478{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\NisSrv.exeMD5=8B681478CB2CDAA890038ACD61D89521,SHA256=8C0181F0DAB62F42F98F8DCF5799594025091519B70C57726FAAF04644BD989B,IMPHASH=1A1A6C24B2E22725BA69163837D402F2truetrue 23542300x800000000000000060194Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.478{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V31.plMD5=221679BCB9312033EC1D647053006972,SHA256=CB21128231DBE30F2F07A6CA304802A86D2B5E1BDC156A782FAF9A0B29819D0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060193Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.463{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V30.plMD5=4991B179382ED4C4ECD2A33FED496316,SHA256=7B9479492D618EA58A5B0BC677442E364742F9AE12774652A56F3A6C5F53E2E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060192Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.463{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V20.plMD5=5C7970D0785760B6906A66059CC783FE,SHA256=E00880F6FFD64407AA4CF23481069E3A0C9CD3131E6EF6218A247931BED3080D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060191Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.463{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V130.plMD5=D058B96ADABB51143C4706D3824FD976,SHA256=E22AA33C51449A1EB7A12646212F76F37A499797752A59B77C8AD7EC96FC80F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060190Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.449{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V120.plMD5=43B9E5D1126ACC0EFFDBED8725259CCD,SHA256=73E8F7EFB7D089157269BC9A25BADAE403392A5383D09A85F5DEC4A641568F4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060189Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.449{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V110.plMD5=353A237E83831FD328CA18DB8CC38C28,SHA256=E6B916AE713D77514AE2D012536109080363A277AE6C33F108883E0E44BD19E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060188Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.449{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V11.plMD5=95D5206FC8DD4A7D3CD3DC379477E220,SHA256=51E67681FD515F0DAF3025D8D30A0E40EC9342AD29279A63478057B4D0E2C3A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060187Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.431{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V100.plMD5=B169B9B170B2980432C1CAE278EC038F,SHA256=7E26368289E5AB31E848259125C6FD6F43E15414E9ED147532EFFF106C52D34D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060186Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.431{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\NA.plMD5=0F8845A09D2960A6ADB624765EBDC531,SHA256=7C2C6F240ACD112CD2BFC14FC2269D57170735C7EDA6FCB497588B398109C2AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060185Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.431{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\Decomposition.plMD5=AD1D12269EF70687A43953D9D188AD73,SHA256=FFDFC35B382DF28FEFB836A0CD97F91BC350659045743680841DD6304D21CB33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060184Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.415{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\CombiningClass.plMD5=AF7A9293538F5FBBB0CBEAA3BE5A05DB,SHA256=A7713D24AA96BE08975AC470CA650FED1D75F8AD1D784911D04ECE7337DAFE83,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060183Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.415{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\Blocks.TXT2022-01-20 07:58:53.413 23542300x800000000000000060182Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.415{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\Blocks.txtMD5=39A97FDF5EBC78AD271D432D59FA21DE,SHA256=81A82B6A9FCF1A9C12F588D7A1DECD73A9AFDC4CAC95B0EB7E576E7942D6C19F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060181Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.400{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\perl5db.plMD5=196AE683FAE27340F221BB141F86F006,SHA256=BBA6D48332A7CE4DC652DEEA8CF9F49545D9AB43E3BD6F84A1C916B8A2C75B7D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060180Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.378{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\dumpvar.plMD5=903CF4F02C20D88697316CF67DB64D2D,SHA256=296E0E0E5628ECEA52C235471B7F36AADB40C4BC7EAC8B59470976640F1A7C9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060179Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.378{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MsMpLics.dllMD5=3A0822C50B25F60F6BB3258DC4E7E2F3,SHA256=BA0768BD9992936F57DD752CD273F6817A3B07954DDECEC5AD91F4044FDD82A3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060178Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.378{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MsMpEng.exeMD5=60388873132DD881FB92F5B4E887FAD2,SHA256=5F7EDBE04ED4A7F616AAE597E7D0AB0D2E9DEA30F70601F80BD45141DA5FEEA7,IMPHASH=99C98AC382B2B1D56BA3D07EBC95CDEDtruetrue 23542300x800000000000000060177Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.378{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpUxAgent.dllMD5=E144F02A93F5CAE8E460EA5651932FC4,SHA256=707EC580499BC3D12464ABCA3573211033DFB93F3EAF5C1B8798D611DDB63753,IMPHASH=32558E4AF479B2A1D13F5DA57D6FD400truetrue 23542300x800000000000000060176Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.378{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\bytes_heavy.plMD5=50D2926265097AD82558258A95FF0DD8,SHA256=C7DEF62CBF7D031C4FE319E414117043F2A273885BFF93BD18E11935D00A6677,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060175Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.362{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpUpdate.dllMD5=4BCF3530A3E32835BD10EEB2573A4092,SHA256=7F6780AA7CCCC12D7335F7D0F3DA69D39D17984F816BE7D2AB4A273B8206A76A,IMPHASH=61AE0536E72E995FE5058EEF5884ADA4truetrue 23542300x800000000000000060174Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.362{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\mintty\lang\messages.potMD5=35B586B0E811FF47A61706E9B02F02DC,SHA256=E0D59463F49472A5460FB4C83F938B99B26463B8569C7AAB20F273723AA10100,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060173Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.362{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\licenses\vim\license.TXT2022-01-20 07:58:52.741 23542300x800000000000000060172Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.347{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpSvc.dllMD5=F2C455102802A5ACD50E11461AC60443,SHA256=CE93B78AF09312AFD942B3244A5CF82F1E2ABB229D539D4C5D293EDF0D7F6ADD,IMPHASH=869A767128881B43010343A3C9F41E4Ftruetrue 23542300x800000000000000060171Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.347{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB2ECE2D24B088D93B873F42C87EF04E,SHA256=9981947851B32B18EA557845822F39C6427DA45FA3AD35445EAA72CD39F1DE86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060170Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.347{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\licenses\vim\license.txtMD5=A8D87EAAEB761BFA9B33CD57564E871F,SHA256=DB793C305D2AEF8A16F0F475727FDD179DEFF051ED823F8B8DCB859F3B52AD12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031809Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:35.784{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=560CD7280832E6CE74996E1B997EFB04,SHA256=B7D1DD340F4AEC66CE27BD2CE52F492A637FEDE8A4E11D472E5C9B364EEE494A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031808Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:35.128{CE7C8936-1A7D-61E9-2200-000000002202}1212NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0b4c8a78fb3fad9c4\channels\health\surveyor-20220120081701-138MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060616Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.988{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jt\D.plMD5=5EBBDCF24937CB08BDE1F1EB30B6F58D,SHA256=AC97C0E60C89FEE2D05B4BD8CBAD11E4196A914994B8944B3249348B1F3228FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060615Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.988{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpClient.dllMD5=D914720FEDF21717A58BA74EC24C65EC,SHA256=D6EAE035E6A51AB6B7327D472120EF1666ED557AEB986441EC600D0B2D334507,IMPHASH=624E1189FDB72BC74D16BA15256EB0FCtruetrue 23542300x800000000000000060614Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.975{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jt\C.plMD5=D50D040AA75E91CA5BE6F0279408604D,SHA256=317349A89D8BE6C0712F7456402912A86B903B146FCBEE55217C80F378BE318E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060613Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.957{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Yeh.plMD5=3BA1D5A1215D2819AC763E50C74B8F4B,SHA256=851C50101AC25506EECDA99060CC14CA79CE1F8F0439F31758784836F92C6CBF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060612Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.941{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpAzSubmit.dllMD5=EE9619250DECB7B0DEF47537712DB87F,SHA256=5308801F1B784A27946C3E30BC026E4DF18D8D149220B679271B602FF7118927,IMPHASH=300ED5E63E8A71D34B395F9FB0DBF683truetrue 23542300x800000000000000060611Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.941{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Waw.plMD5=03BE90F3DFE5D9B00F1A9C597BB93206,SHA256=DD2FA0F2DD31A0BD05440F4F0D6F71A5E85DDE04372AEB3154DE4444F9390C96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060610Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.926{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Seen.plMD5=7A9CDC20C0741B7E9F23AA26CF3C150B,SHA256=E4EE0336472BB827080D20BEFD2F0DE1AB569F083FB73DDEC788DFB9041F4E94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060609Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.926{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Sad.plMD5=37F6726AB7C00890CAEABC23923D652E,SHA256=9FE5C8D6A8E7CC1C894E4D8B923819538A48654E4DD09F8D7F25DD47500FD68F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060608Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.910{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Reh.plMD5=35AE29408F79558AF464D7B5CE499DBB,SHA256=44981712D5002B7AF097D66F1AFE04AE2051BFD1CCC4CD74762E58B198F881E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060607Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.908{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Qaf.plMD5=FA37F288CAD5AD076315792EE2E1FA20,SHA256=59E5BDA626934B0F11E6D7757A0E2E47CC85B67CA4513851C4D3850E4532F235,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060606Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.904{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\NoJoinin.plMD5=AEDB0A503090CCEF80574A94BA3A326A,SHA256=0E7D1B438C3DDA155DA739CCA564E86733E4E9663EE7559BA55C33C16D58DE79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060605Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.888{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Lam.plMD5=AEC16B439DCFD246F83C8D1029FE5853,SHA256=849E9D237262EC262F5A7972710BA5089FC2BCA150BD10B8B0647A9EFEE56A09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060604Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.888{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Kaf.plMD5=5C54C00586B78AD66FA4089EF1D96674,SHA256=10B9D65DEDAA9E5320989D75DA1DD912C30FF49A4D9C91B05CA57693D8BACC74,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060603Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.872{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\HanifiRo.plMD5=AF1312546113533F62F9E096E1D1FE7C,SHA256=F39EF6310E8DCD58DF4731A3D80BB0D46B71E88C1B3EC72EFCA528CC9F5E3059,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060602Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.858{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Hah.plMD5=9BD9C6730E98711A383AF1874809CC85,SHA256=9604787608B16A4AB2A9FCB64C600DE0662E1DFF7AB7E0777BDF654065490B97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060601Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.858{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpAsDesc.dllMD5=7F998A9A9EEC218772883F0B69AA0E42,SHA256=5FC120E0D3DF0C03F9432F1D6E3CCC786636A39660AE140325EE7D77AE5B81EE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060600Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.858{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Gaf.plMD5=B028C81AE638F36354A6C1621C3CD6D8,SHA256=4DC65322106993A8E2118A79206C1F291E9634CDD24EEC4679FE6C33A8393762,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060599Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.841{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Microsoft-Windows-Windows Defender.manMD5=36F8A68EECFB5B89C4C571F6A63E3ECA,SHA256=4D76246642181E38F87B623AF82BF7454050D05775F546506CFACA1608BE9633,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060598Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.841{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Feh.plMD5=2D61A869FD5D3146D54692B17C4CB34A,SHA256=29F36475B76385A910A3F16A26F9C57E833776AFB4401298E43C133C6531EFCA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060597Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.841{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\FarsiYeh.plMD5=1BD624542709FDF81488E97A65C8B59F,SHA256=A2FA85BD3118C3B8D517D10FD52FD8D34B5C837FBC585FFE4DF2480319D6BEF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060596Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.841{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Microsoft-Antimalware-Service.manMD5=59A726CACE276AC73893F7C998614936,SHA256=A8BE69E37EC346256296C55E571A26AFC0F60F1DF121A156DC5714B608C21B0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060595Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.826{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Microsoft-Antimalware-RTP.manMD5=0EA061B68884A0E5AD4B1F4A93B1FBF6,SHA256=1F78E8C7AE754DA422F11439E732628BE78F8BC85625CF4EBFFCF64C536679FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060594Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Dal.plMD5=1F776E3A9D39774BDB4C834EBC91E76B,SHA256=26334E08FC37A8A9EE9B55318EEA7684539D581AE2C76D860BCDA7334A3DFB8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060593Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.826{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Microsoft-Antimalware-Protection.manMD5=E4AD891E7B62475FCA109C0DF4DEF16E,SHA256=DF9AD93CDB61587A35FCDCE996955A64413439A474D85C86133A9E9C185D1966,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060592Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.826{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Microsoft-Antimalware-NIS.manMD5=5562965C32F03AE0DF8B9DEF950F8651,SHA256=EA64BE59286B67AE930729FA92B2B08DCE5C2EAEB70FEABE2320C47FB6DDAC6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060591Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Beh.plMD5=0D2EFAED8823AB4ADFDB6668F523716E,SHA256=EE23ABB5F3A2F6CEB4E270DD809CDADB90B9997709A4D28750D51BB321F8D663,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060590Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.810{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Microsoft-Antimalware-AMFilter.manMD5=B6D65A86FC1999A62DA10EA3C4CAD3E4,SHA256=05B2BFD40FB3A344C3AE178C420A7FEA9595815CB1CC07843078112F5F551EAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060589Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.810{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Alef.plMD5=5609B705A593FE8EC066726439E0A7E0,SHA256=BFBB4171491F49D340AA92485C89A8006DC86C4C96AEEBB9A160843E6EEED459,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060588Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.810{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Ain.plMD5=17E3DE34B5D78AA26F29D73F3B4825B9,SHA256=8C4E5AA641A8C5EDEB7B23241606D914824587E095972DE51498EFCC1E14FCC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060587Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.810{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\endpointdlp.dllMD5=2C43237E1D1377CF68470EED7D961467,SHA256=948563733E7ED68AB573A7C28382919A1AFE1E439EEF07BAC9B30AAA4FE095C7,IMPHASH=97B577A6A90A243C3D426A4000BED6BFtruetrue 23542300x800000000000000060586Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.788{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\VowelInd.plMD5=18B01E8A8458DE6C1056477FA25A903E,SHA256=3C5B400D750B32447BE822255DA15F42FCBDB62B428E3C5F84FDF1B94CA6A0D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060585Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.773{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ConfigSecurityPolicy.exeMD5=EA0F0D2BEBFD211C27AA39C73F74E916,SHA256=36973D49650A8F1405F4FBD3D7E0D0614F270524235C7DCBBFBE6FF2E83F86F6,IMPHASH=C1B5D6B4F7C8A5BCC84810A010E14536truetrue 23542300x800000000000000060584Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.773{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\VowelDep.plMD5=02A8799EFCEAF4425EFF4AC77A6EC32F,SHA256=09161EAA88AD17AE15B1DEFB0718852337525B0C485DE808E6FC26F49BEFA3D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060583Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.757{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Vowel.plMD5=60AF31949ABCF4DA5F610660AE76DF78,SHA256=7502E4272D800AA07A78605449D75E46C3ADFCB103AE3C8B1BA623EFE5675129,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060582Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.741{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Visarga.plMD5=660252C693E05A459D88728006370013,SHA256=7EEE79BAD30DD91682F930BF92E1AED728905A0F17DD0EC47C32FD40F65E1C5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060581Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.741{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Virama.plMD5=38EBE1A62FA33121B5AE72E3BE6AA05A,SHA256=0C208B18F8083CDF3385A54FDE6B5CB0A6088FA793EEE8C82A557AC53D5E38E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060580Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.741{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\ToneMark.plMD5=D57568671892CB4AC8886A6938FB19C3,SHA256=DBA2F2A04C3BE7B78DA6A2CBC230CEAC1B615C6DB9ABEA98DA33F7EFB40D1DBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060579Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.726{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Syllable.plMD5=CA2AF4DB425058D5B71857AD6666C7DF,SHA256=800638D3A22391ADE7A2BAFE29C75E4B9A6B157BC3D8F2F9076B975E7748ECC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060578Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.726{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\com.microsoft.defender.be.chrome.jsonMD5=60A2FC65D3CC1D3DE9ECD2C5319738FC,SHA256=6C6F52B13235148AF305BD614779EA885C00B64D0BB7CC764E3C67198CC524A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060577Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.726{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\PureKill.plMD5=5B4363CCD13E9CDF290FD58F9EEC3FE9,SHA256=94892EDACC3C7C3D3F57975D7D0C165738D4FE8480AC68E8194D466DB80D9B5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060576Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.726{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\zh-TW\ProtectionManagement.dll.muiMD5=A6643FC514B4CC543B0FF3004DEC733C,SHA256=B8BD12EA29B3F76578C55D22768935E32E2655D87D9AD5DEDD98469C1914F829,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060575Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.710{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Other.plMD5=3FC31E61076054F3D8AB347E63B36188,SHA256=AFBE96BF25A55D6B17CAD2782FF4197F6587BED4A38E016AD4A6F580F708071E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060574Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.710{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\zh-TW\mpuxagent.dll.muiMD5=75E6F3057C3C1F565FDBB16B7789CF4D,SHA256=6D72B10E5CA074FFF2017F36A9E766A12F9A503BAAD5F8A87CEB36B6DB429233,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060573Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.710{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Number.plMD5=5BA2AD884BB8E1D833FE5E26044EA19D,SHA256=87606BB492A620FE8F91997580C8398FC40DED55D4789C456F7279188082269E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060572Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.707{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\zh-TW\MpEvMsg.dll.muiMD5=3AA52A36DAAE30C57D5257B6BF9D631A,SHA256=3B8F18EF2402B5AC780AEFE62F5671376B952B50E50985586812C832C7D4BB01,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060571Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.705{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Nukta.plMD5=FA333AE14D7802844EAB79F1D3A206F1,SHA256=3D1A9243D564E122A81219AA17205DCD53BACC6F931A8029BFCEF7848C9DF96B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060570Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.704{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\zh-TW\MpAsDesc.dll.muiMD5=A281DDC951C0E5075C724FA32C8F41A2,SHA256=FAEDA25066388EA48953094938A36F88B6582DD8AAD9532A9398B185A3623A05,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060569Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.704{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC1C66205E5D9D6EB7E09358CC145F0A,SHA256=5AC9715E66AC6468FD7C6C7277920FB62C063996A03239E42E76F314B71D8B20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060568Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.688{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Invisibl.plMD5=D6951D8F9DE4A2C2C46F018C417BB73A,SHA256=D3482BABE9F5DD281049D968306FAFB5FFE181584D3F84C3DB120B0369E2E095,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060567Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.688{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\zh-CN\ProtectionManagement.dll.muiMD5=37B2C102377EEB1C9B6E1F3E7DE794E2,SHA256=66F9A289E579458A3FA83D6542637600B1DE9F2AFF2EBFC6C2A136A2F0F8A182,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060566Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.688{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Consonan.plMD5=8446084593634C847FC8F4D6DA542EBE,SHA256=02C398E245E98FAC1D3B4A33E9096640753C318D85BC2CE9808E931E44E83E9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060565Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.688{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\zh-CN\mpuxagent.dll.muiMD5=4DDABBBA91F6AECE7BA569F25824740F,SHA256=F1D9A9C621AC9F45AAAE63D6626E48978297AE3157AB60209A54A9E1CAB02BCD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060564Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.672{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Consona9.plMD5=B1913BBCF347FF90639CABF2D50AAEFF,SHA256=0BA1C4B2981D5CA34623D89B960A6D00C236213304BD92944A1397F97CCE258D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060563Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.672{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\zh-CN\MpEvMsg.dll.muiMD5=2AEFDEB6F51BE7C54A19071BE6D86CAC,SHA256=AEE4E2CA6D996A1F4FABCF2FAEF12FDB9D4A5674AAF2772142467F18451E0E3D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060562Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.672{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Consona8.plMD5=03E30E11DC840FDBB9C2E18F7E500988,SHA256=CE5D15870F08B7D708FBC6802B2ADE025F9908C5C429ED0940D660335D277138,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060561Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.672{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\zh-CN\MpAsDesc.dll.muiMD5=0006D54713FEF461B95EB505018D054F,SHA256=66D87C7DF196DA1104FA392A87AD0054655AD3B86B6F56E21B47FBF24968D372,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060560Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.672{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Consona7.plMD5=F8DC64006A04BE7ACD750D8636829D05,SHA256=77419E1FD19D01C7A23CE0BC150A6EC7A4B4DB14BC8386E5507E18740D5E4021,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060559Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.656{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\X86\MsMpLics.dllMD5=F00BF7A69846E54C17081105E81E1934,SHA256=8AF4179A985DCEFE8FCECBB0FE1CD902BB478B5ED60E5A2A884959F7C6EB52E6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060558Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.656{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Consona6.plMD5=A8EB733E6B3B7732822BFB5C1FFDD17A,SHA256=088CF182AFFE2D67C9E5D27059AA13C5F68C92AD2B5EA5DA7E5B48D08909ABDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060557Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.656{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\X86\MpOAV.dllMD5=D0DE21C310CADB79D723886DD8D10686,SHA256=DD4536C2DEB3DBAB2252C2ED4CB55AFD64DAA44DCDA099B84CDFDABA3D3F954C,IMPHASH=B153971B18B753F5A5050CE54B02C2E0truetrue 23542300x800000000000000060556Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.641{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Consona5.plMD5=5D7B15CABAD967A26F520E67E845D92D,SHA256=0137C0831FA65C37C89383333A2C58406A593BE417E5D5F4D1C17123B887E501,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060555Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.641{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\X86\MpDetoursCopyAccelerator.dllMD5=77F166B7E4CB414FED4E1EBE6AC66408,SHA256=E983447B05F5292A01A006E129D00C9CAFF1C0B11769CFABDC870FE5A7CE05B0,IMPHASH=74478D3FF071B77E9B32D63F1F5AA17Atruetrue 23542300x800000000000000060554Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.641{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\X86\MpDetours.dllMD5=010D1B6E9B46C2AB43DF552E541F53BE,SHA256=B19F2ABC0ABF67550204560D40EE1F7BB20DB0D8BBFA934E77DC396CA2A9B68B,IMPHASH=6EAF4C00742F1DF994A4C265382B3E0Ctruetrue 23542300x800000000000000060553Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.641{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Consona4.plMD5=7119664990C91C28796F7786156ECEFA,SHA256=C259534DB89F0FE91DDA04E9F10DA69E66E6CCC9CD06B26C7A854E72556B3C0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060552Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.625{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\X86\MpCmdRun.exeMD5=4B139C1413DD5689C8D3BC3A38E52986,SHA256=17160C70EF219DC95499020CCEAB91E666B5004B86EC80BF3D240710480A8424,IMPHASH=D53B9A9284ED1C3789C06C4D975F8A59truetrue 23542300x800000000000000060551Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.609{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Consona3.plMD5=C4CD8F19D31806A2BCE91D6A433DBB73,SHA256=F4D9EA56C4ADF84732CBFB99280CB34365441EE538433EA5C250D054CB7FD539,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060550Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.609{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Consona2.plMD5=A2C00CDB94FB8BB3B496F91FDCA7D1D0,SHA256=A44B5324C88F8054AFD3AB06E3F0689FC3055F0F44F58C16DA411AB78D594C6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060549Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.603{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\X86\MpClient.dllMD5=F7D44EFA4C28A88E0DAF1CDB23CD2892,SHA256=BCD8C042D874FB3F2BC991654EE5DBA308343BB64BD3AAB9D9EC65E628888580,IMPHASH=0E644468AB17DC09175E735D79CFB0C0truetrue 23542300x800000000000000060548Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.590{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Cantilla.plMD5=72FF736D32D2E3E2859F0D600F01ADB3,SHA256=F89E8958FAD58F8E578783CFD70431298490006B73BAB2CA35289588E80167FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060547Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.572{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Bindu.plMD5=9BE00DD83ECDABCCA8A0CE03F1837D3C,SHA256=1080A31BF4E4ADA7ED4909EDD3B12FA2EB980C4AA0929387E44D29BD15D15443,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060546Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.572{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Avagraha.plMD5=81B3C7E1DCAA265012E40E8A049EA857,SHA256=6FD75D1A4828BCBE7B515B49E0A53518A3B718642793487D6A7D798255BCC097,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060545Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.556{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\VisualOr.plMD5=1D4668D931E0A42A5FA8D5CC27D8EF8A,SHA256=64E337971DD9510254EC7CF88257C16269685CE0C437E35DCB4C9A1A1ACAA8FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060544Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.556{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\X86\MpAsDesc.dllMD5=A2BB183B5DE2B4C0CE7C7C5AF37D9AB0,SHA256=7ACFB0BA3AFBEDD7EA11AECEB3ED795501BA8E3B59445AF6378753F6BDCD8C90,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060543Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.556{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\TopAndRi.plMD5=66E9D0DB757C56B4CF7688C5B931433A,SHA256=ECB77E8CA69BF4762408DCEF835FC253334B775AA7FCA6116637E36EFA0CD9E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060542Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.556{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\X86\endpointdlp.dllMD5=D31B7BBF2A4E1F6727BEF92C51CDAC7B,SHA256=5FC33962B7872651D5AF1E7533EA38CE676F67F7D48ED4F5AB214743F59EAF38,IMPHASH=881E23198BCA1D0E73E1198892F9636Dtruetrue 23542300x800000000000000060541Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.541{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\TopAndLe.plMD5=C4E9D18CC1612524F71484F3B58B1CCA,SHA256=BFE43901154CF2034D74578B22216A237258537D03E3FA5A4FC0BCC24B85148A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060540Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.541{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\TopAndL2.plMD5=BD2C2C128B39463CA95ABCB5AB7D6282,SHA256=24E6EA625ABF3322954A3D55920848C59F28961BC24F4B2EC3F46C6F94754EC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060539Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.541{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\X86\en-US\MpAsDesc.dll.muiMD5=E358396AA763AD53BBFE691F7583101B,SHA256=6D0183EBF8ED1FB253BDF38765B3330E4A4E873710292E1F4C543589445334D8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060538Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.541{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\TopAndBo.plMD5=FA63D5C28E4E9CC41E79F806A87DF0A5,SHA256=1A19CB26998C457F127B0EB390AB5FBEA2B1EE2F4472E7FADF9C2DB7885EB143,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060537Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.526{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\vi-VN\mpuxagent.dll.muiMD5=93546D11D843DD7246BA3AB3CE0232B5,SHA256=D8B48B820584C6D7A0D31DA479DE9A612E8082BE97599055A18A956DF56F7BA7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060536Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.526{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\Top.plMD5=B74C65D76D0838F6FD32591539AB36D7,SHA256=9B8FF535E7CC6786D91FA1E074F770562BDCD0F7EF48250A053697CB38882823,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060535Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.509{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\vi-VN\MpAsDesc.dll.muiMD5=E0753E39A74376DA225485673DC44AE9,SHA256=307C6225372FBFC803CFE97572D94074C52B4D5B921262939D4CB520B2D5E92F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060534Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.509{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\Right.plMD5=308E99E8CE51B44F1233E903914E9574,SHA256=5B8FE00D43D1A82A94D9975A6BEC230B25A324D9C4E2169A96FEAC2A04CB526E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060533Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.509{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ur-PK\mpuxagent.dll.muiMD5=FB71CCB9A55BE6903211A2553F550CC9,SHA256=23A8D16236CC0DDDBC324A3B64B85547D3DEF0BA555D64C988D43526ACBF2DA5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060532Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.509{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\Overstru.plMD5=890BD4919820E44D4478749FE83DEF0F,SHA256=3763DBE4DB6D9E0B9EA943F9A08FB7B8394EAD71148B568F1AAEF34C10273AAA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000060531Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.441{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52446-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000060530Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.503{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\NA.plMD5=A3BE5198EA7D209CDFE712EAF7BAADCB,SHA256=7B2DF97E1CADE88CBAD5FCC5F2496E4E83A5D996B38CBDB1C7FE32855D407204,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060529Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.502{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\uk-UA\mpuxagent.dll.muiMD5=E567348DFFB2A4822F03AB6031E470F0,SHA256=2F48C04BBB10082D3341BFD0B5AEEB1D1E9E7A7B3FCD7C2FDC6F43147CE4DCCF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060528Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.489{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\LeftAndR.plMD5=8C5A09A5FACD886A7CA387CEE2BD5866,SHA256=CE8BCB65B7B185228CF18891769A4714E0A470A1635E17237658F1AB18B72745,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060527Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.489{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\uk-UA\MpAsDesc.dll.muiMD5=BD2BEB6FE7062E7441E9343977F951DF,SHA256=D27B62A1D7BB56CA93E090F41F173C346124EE867DD954EF6F269C90BCEE96E1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060526Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.489{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\Left.plMD5=20E09732DA3EB910B5B7626EB53F2EED,SHA256=496E2DDEBBDA83D2502E80730FCD0347025DAB62EB99AF8427C2AE1569520D0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060525Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.471{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ug-CN\mpuxagent.dll.muiMD5=7EA1650BCDFAE680998A4BFCDC9DC7E2,SHA256=8C69BBF044DED1299182AE18F542580592200C06CD30A04C16BDCF388AE04D15,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060524Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.471{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\BottomAn.plMD5=1F585789D676D4A320812F62F7432A95,SHA256=0BC0957082672252334213287A351055BFC12531FAD8935C445ECA9229497EFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060523Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.471{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\tt-RU\mpuxagent.dll.muiMD5=A90BE8AE9BE190903F05BF5712AC00D6,SHA256=399CF9813A5C41D51F8A67BF38594E419F338074FE75DE39F6E1A2B217D465C9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060522Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.455{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\tr-TR\mpuxagent.dll.muiMD5=E5746BFF43FFDE6F22726D8A3C55B359,SHA256=336D5B061F856216A91D36848FFAE9BF3B92E75C47C4009E0F4222536089A77A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060521Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.455{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\Bottom.plMD5=703168246B5EECB9CEC63731264F4941,SHA256=F0646AD84D12BAAF8E45EBC31EA23CA6B889D30D3BD0C0BB158B03F1613AEBFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060520Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.455{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\tr-TR\MpEvMsg.dll.muiMD5=DD7CA24DB33DB7E0FE85004DB7CCCAAA,SHA256=BD949368CA4CB8843FEF082AF3FD30FC53B863902C202FB001606F1EFF9998A8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060519Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.424{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\tr-TR\MpAsDesc.dll.muiMD5=4E2E2F66DAFADE0EF18A779E939E6925,SHA256=F747BEC5848F875A723F68DFB0107D7B1812A9860178B0CFFB4AA360C11AD58C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060518Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.424{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\9_0.plMD5=9839ED127C3F7B4D9C7A9CA841B977D2,SHA256=BA6B70BFC27E3634048071317AA80107A7337A34ED9C2CDD5BAA373DFBC0B732,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060517Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.424{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\8_0.plMD5=479A7C7A9035E943EFB10ED38BF65F91,SHA256=DCAE607A6BAE7FBE37645E1A043CFA8232FC10578796332C9259FE9E27F5D659,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060516Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.408{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\th-TH\mpuxagent.dll.muiMD5=4D62EFF18866F721FF0CAF0EF6A010BD,SHA256=CA6ED94A92BE5D0CC80775B3E6B6C0DD9C9988CD6A4C3B06841931BBBDB16922,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060515Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.408{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\7_0.plMD5=53B03752708AB4C2FFDC22CE430B0917,SHA256=9553C601F473B0F8A9C145D8F861C961E617A39F7651BEE816AF6E7FC360DC94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060514Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.408{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\th-TH\MpAsDesc.dll.muiMD5=2340C0D45E832BF04D8CCFF101ACEAAF,SHA256=A3CFFFD5E1BAB687121FD1DB2E2CD6F051A3A7603A3F2A860235B831AB58ACB4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060513Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.408{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\6_3.plMD5=49B6BD0B07BCFBBB1D98CCCB9779630F,SHA256=A210E0618CE1616C0D7C3438195F37FDB01870D56AB6A823A65DFFE065239474,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060512Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.408{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\6_2.plMD5=49F2456A147F7EEC25FC2F61418D46C3,SHA256=BDDF30B8ECBC8CA2879CF8D9E2BE579A2DDB5AD63CC6662679B33C3A4882E8E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060511Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.408{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\te-IN\mpuxagent.dll.muiMD5=E91AACF39AAAB709F9C83DB237FDB5A6,SHA256=5F4D20D9F3028F3DD5CB8E576197EB32648A3584716020D581F9499219BFA504,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060510Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.386{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\6_1.plMD5=59ACCEE59618F61C9D0BE6F654587D0C,SHA256=6280319ECE381E07CC58C583F6A1007685765EED3973DEDDAA9E562CB5CABD73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060509Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.386{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ta-IN\mpuxagent.dll.muiMD5=0C19EE18C124C7FEC312FD7820421284,SHA256=8C1875C00AD41E217448B0C600E67EA723BAB621458B6AF326D50758F320772C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060508Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.386{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\6_0.plMD5=52E31DDC6142BA01D42A81564350B37F,SHA256=69C0D71E23B32863F2CF618E24CC624633FA103DC6614F0DC64B60A83BF4156D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060507Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.386{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\sv-SE\mpuxagent.dll.muiMD5=6DBF66E7553ADCDF6CBE512BE67081AF,SHA256=A18AB836593EB0BBFE63C6E12568B2EDEEDF7CD47C8BCADB39F06B696A555676,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060506Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.386{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\sv-SE\MpEvMsg.dll.muiMD5=57DC0CEE83138B18C31EAA216C1F7E84,SHA256=A263FC60604A9C622DDAF84ECB93044F9CCF58BE849B5D3F131D522C55A9BA6A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060505Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.386{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\5_2.plMD5=C5106F08A93F02A8CB86DA6FB1B1DA8F,SHA256=2EFD41F29756DAF63C559E51A5D83ACEC0B6482942432C34C362060D7D53B24F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060504Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.370{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\5_1.plMD5=40C2E8E7E27EE1A469AA62F81453F990,SHA256=061E211CB926B952CFE33812D6CA598C91EDA1F7E38F61397E744D235DCB180C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060503Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.370{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\sv-SE\MpAsDesc.dll.muiMD5=241952F5D2761C2C31313F378134D6C6,SHA256=EC6A416EABF4492DF0D09A85AD8C23F0AC85A4CE01F3535D2283B2CC93E215F7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060502Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.355{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\5_0.plMD5=750A00EEB79A40BC68EB31744282DB84,SHA256=19D34EEB13E28A058DD55B52167D1D1CA92793153AB4DFE760EBA2A8F25C6BBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060501Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.355{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\sr-Latn-RS\mpuxagent.dll.muiMD5=8D1C0D1DC4BA076850622C57E43E108B,SHA256=373812B4F37D2738470A6DE2B5E8EEF04687E45BB7B8890EBBBC2ADF36FFB263,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060500Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.355{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\sr-Latn-RS\MpAsDesc.dll.muiMD5=3276EAD25D3BBDC52EE082C9DA1F0B7A,SHA256=98288AFDA6DA9EC145558FCDE25195F4B4FADCA581BA5D89B9EA5B511DC4987A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060499Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.355{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\4_1.plMD5=E0DE320C6A653F8CE29C00BB047F7EA3,SHA256=8D5987079C259120D4E4B50D1A6847C6F244CCFC89284E7C7914AD3DC0DEF439,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060498Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.355{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\sr-Cyrl-RS\mpuxagent.dll.muiMD5=59C61E98E128E47DCC24978A1AB31409,SHA256=D8FF8490B51BC6A2FC9BE1941978C1685AF2CA1908C64A2FD02FC6139FABAF88,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060497Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.355{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\4_0.plMD5=A8F6E14E4FF406567C3242B761685995,SHA256=6C51BA8CE0190AC26F6738C7AFFE9883FB01752921D203B73F3C4145B6647878,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060496Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.355{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\sr-Cyrl-BA\mpuxagent.dll.muiMD5=A10794F9AF078006A01637473AABAEEF,SHA256=6CF7B2D357B358AE91A377F972C5003F86524789629261D727D00898A0D1B757,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060495Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.339{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\3_2.plMD5=C920C368B3FF05DEA52C577100997FA1,SHA256=06F4E742E652CA6224C8A105672C4F32E95E0E6AF918A55289BF6A8279956915,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060494Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.339{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\sq-AL\mpuxagent.dll.muiMD5=D916D4AF97C23DA73920A239459136FF,SHA256=EE3DF61A91C0853698B6FBCF7FEBA3E7A49C1BA547B014BFD3AFD2B8F999FEA2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060493Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.339{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\3_1.plMD5=929D3B68390505A42D7ABAC51C62DFFC,SHA256=2AA17BA109FE554EFECEE8EBE113ADD4C3EBBF71C74272E0E1DBE0C2404DDAD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060492Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.339{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\3_0.plMD5=5D924BA91794FD423B12BCB5A14843B5,SHA256=0F7C1EA5272333A3FD4179C7A6C61FF8706EE464680E868A3158A08F046F2770,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060491Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.324{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\sl-SI\mpuxagent.dll.muiMD5=588B3FADFD391714D259DA1E672D9A3C,SHA256=3F410A4E228C5768B8765B745B601E0F8BA011E9E9D3C8FF467464D9FC99DEDA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060490Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.324{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\sl-SI\MpAsDesc.dll.muiMD5=A877EDA9E896B92554B7575D4FC6601A,SHA256=2149D5A86DBE070E68EF2D82CB299CF51DB0793C915AD59202CD2A817444140F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060489Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.324{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\2_1.plMD5=D50F17A5526872D035B27E0AF7346EDD,SHA256=B5B53074EA47B85C36199C203E86D1BEF5D8AC38F42CD3771F248F72CD35D70D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060488Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.324{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\sk-SK\mpuxagent.dll.muiMD5=C30FEA18E3BCEB2E57C234D3CC92BAE1,SHA256=BE6154269AD4C2EE16BFAD92B1C3D9C634B923AC9EECCD6B14338FB9253FF3D1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060487Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.324{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\2_0.plMD5=AD7DC6B207B43C740ED27507577608A5,SHA256=3C2C02DAD64FF7DA5A923454A1B62152181B86E5A9F7E3968B29F56EEB3D73ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060486Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.308{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\sk-SK\MpAsDesc.dll.muiMD5=ECEA9C1B9EB050C553C28960BC1E109C,SHA256=9F2595CA29A2C3225203AB4F7A2108F603143966643BD95F028C43D65A9AAB82,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060485Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.308{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\13_0.plMD5=49FDDCAF8C809EF42336ACD0662657D5,SHA256=9357C9AFE8AE5114C3006812ABC5E33B415C905D611442C30AD10F1C68CF3B47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060484Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.308{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ru-RU\ProtectionManagement.dll.muiMD5=75A77AE10A0FB99EE3EBD99B3BEF5412,SHA256=F2817378A44DC6E0CE67E21029DC316156C01BF32026D82995701F5247FDC448,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060483Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.308{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\12_1.plMD5=A92ADAC8E088B878A540E433D3C96DB5,SHA256=B59008E9E9DA728F2AACB86CB6493A5EEE6502D46379E20A07963D6D279D8BE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060482Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.308{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\12_0.plMD5=A09819FB7FC6B6592FEFCCD8FC140C63,SHA256=3026BA6595AA625C851E24A73EC2CACF906636A9C3FE0EB73D81E946310229BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060481Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.308{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ru-RU\mpuxagent.dll.muiMD5=E7C767FE0B6E6B8CA1FF9C857224A1E1,SHA256=724ECE305261A4909DC5B6F0A7713EFA870322C6E90A4DF8FA9FCF2413FB5647,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060480Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.307{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ru-RU\MpEvMsg.dll.muiMD5=F5934A1A8B91FAC2B63903EF595B7201,SHA256=2FF8FB6EECBE5BF1964B6754993F2542EC5F15A36975C5D0374F69F9471F1C7A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060479Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.305{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\11_0.plMD5=E2EBAA4A7210C9EA17EF0AA401FA6360,SHA256=ACEBAA818D09B220C65B40880FF83F7E65C5AEB05BD577BD6D0D3408F9C5EF91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060478Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.278{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\10_0.plMD5=C016B2C148770A887E3A94A08E4A75EA,SHA256=93D748A7898A74946FA2FBFD7DC1D5926C4099E6D681C6AABF6EA42BF2BF9E39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060477Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.278{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ru-RU\MpAsDesc.dll.muiMD5=3AB8F03931F8F8988E3C58C099CFCF9D,SHA256=D5BE49E26B6A65DE5F9B82E63A39D1F1E966DDF8B306529083F108353D3F1DB5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060476Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.278{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IdType\Uncommon.plMD5=24AFEE6288B22F1CD15B99EDE75DD18C,SHA256=D2637B79BCAD5710B6489B5335602040A1CBFDF6B29A8D4A4DC0BE5F57119663,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060475Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.278{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ro-RO\mpuxagent.dll.muiMD5=214D87A4AF663C8C760FCEDDC59DA045,SHA256=76AF67985AF5FBED62A98DE0AF174466BBDC1511D4175773D3CF970A98478532,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060474Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.278{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IdType\Technica.plMD5=792624B982F802D3DDCE015460989D77,SHA256=8B42A8B1566BBCB8E3FE85F85728F1E8B27F39AD658B35D223F26741D58BD163,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060473Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.278{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ro-RO\MpAsDesc.dll.muiMD5=54E5AA8B1250D21B6BBCEFEA9FDFF06D,SHA256=C9F6923AEB37BE5BF4BD9E44917059DE6A36AEAD2D6F803D9614BE6E8B20FD7D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060472Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IdType\Recommen.plMD5=BE202927EF82EFB83719A6BEF2E12D54,SHA256=E5104705FD4C5CB936EE4922EFB5195196E72D46D7978D4BF151BC64BD4D25EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060471Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IdType\Obsolete.plMD5=A5419C3E9395BC66F87EFD8613F6CB97,SHA256=6987B2E9808C85CD2F43F4BDB17F3FE0C8116F74B0C7AC6E1B994DC5D6BA7633,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060470Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.263{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\quz-PE\mpuxagent.dll.muiMD5=AF9E03A136080D8875E7A0FC87EFCC67,SHA256=9CAF77442DE09FD6D31BAF6A3FC859C59BB42A8D070F04811C2FC1D8D4574F4A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060469Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IdType\NotXID.plMD5=798BA5DE09A4E37029D323230CA3A89E,SHA256=5C09B9A91919D69A6FDDCBDD19AB7F31870C25281B7132FCA8DF65CD961BE3CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060468Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.263{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\pt-PT\mpuxagent.dll.muiMD5=62450641571870F4F025BD852B775F82,SHA256=C5CB4EA73C2C8C031804BEB1975FA44131CAB267B5B31E962D9DAE4F5DD71422,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060467Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.263{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\pt-PT\MpEvMsg.dll.muiMD5=2DFB712E1ECAABB598427216D41CEB2B,SHA256=4BECD14441BCD5188AA970E4BCFF00D15D0AC6066B2DDF99AC59856F16CF92B0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060466Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IdType\NotNFKC.plMD5=A74DAECAB1656257B9C8DD81E8A80B67,SHA256=F1325FA2FA3131E7CFFB8F04CBD672D5A4543B8B128D66B96914A9D3C323ADDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060465Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.247{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\pt-PT\MpAsDesc.dll.muiMD5=A0F78F251516E721DDBE311B363D92C3,SHA256=8B5BF06EE5FE05C305A4CB8DE23576CD5D1ABCB384B9F30A925F481A313CA5F7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060464Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.247{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IdType\NotChara.plMD5=679FD17CC677D67E66F095F8FB1F4271,SHA256=5F5BB114C3A6608AAEDE37A06F681CB36F6D8F523D3E86AC2188DE677CDD5BEC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060463Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.247{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\pt-BR\ProtectionManagement.dll.muiMD5=2F44A204BE50CA405B75C51CAE972551,SHA256=ABB117DE85064F1335D935AFA5A70ACD7139DB4027361C760844E116AB5A19E5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060462Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.247{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IdType\LimitedU.plMD5=D3D5C1B44E458F4C0727DDCDBEC0838D,SHA256=E401CA7B8BA79F7FA62CD0436E72AA15D108E074C3D4E94D1220C27FC7E059E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060461Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.231{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\pt-BR\mpuxagent.dll.muiMD5=8F7A4D1BA20EC5FE22AB8F72E492780B,SHA256=5FEDF83BD8CCB5BBD1C3E2E06F3D0E9722BFFDE4B52A3CF89F4FF721104A1EA5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060460Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.231{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IdType\Inclusio.plMD5=E63C41F90CAD182EB6E2B4D6532086F9,SHA256=FAC3A65BA3F8F13FA04D33F49BA2456F6EC94AC30E1B8DDF4BC4A6C4F5CE2496,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060459Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.231{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\pt-BR\MpEvMsg.dll.muiMD5=9E6582193C80680C38B48DDAE28368D6,SHA256=E22ECE4D4B21E5A323D9217655A514C699E8EDFC036F698DA92FCBC3DADA51C7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060458Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.231{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\pt-BR\MpAsDesc.dll.muiMD5=6567DAADB6EA86B36540B2D690DF98B5,SHA256=CE581EABC6805A2FCB9CF2B44EB37F9257EF614DA53EE1BEEACC00EFEE5423A8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060457Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.231{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IdType\Exclusio.plMD5=9C1CE49A186C725AD48B669DA1A048AA,SHA256=69BA81B3CE94D3054C41F45228B87A039FDDA4676F26B667218858EEC71283CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060456Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.216{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IdType\DefaultI.plMD5=22C86840FD7CFE7CFFCF96A69F53FA49,SHA256=0FCC9C004E9A5AB94609A414649499DA6E27787A9A7D14344219903FF5546049,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060455Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.216{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Powershell\MSFT_MpWDOScan.cdxmlMD5=D9A490F7F4B69F4F154F0512AF068FCE,SHA256=C97EC11395B35AA1294293453A4BA33ACE50E9687F6BD5A5DE9137A18119EE6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060454Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.216{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IdStatus\Restrict.plMD5=F1F8EA11D5DBD2CF91361DFDF5E12ADF,SHA256=D163EF545477E1BBF059C45861A725693C1B756096A9938C35197158A867D50F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060453Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.216{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Powershell\MSFT_MpThreatDetection.cdxmlMD5=89E9A865E87A4DCBBB7EA722195B72AE,SHA256=83727671BC4154E7FA2F2D1373FF6842AFADBFA485A051302B822C3C1DDB6E07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060452Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.216{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IdStatus\Allowed.plMD5=6F7F6009C38B4B8052894AEBF0B507DD,SHA256=054CBE170B9C156424B43244CBB7CB36AFA12124163DF3E5F7EA022A3BF065F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060451Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.216{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Powershell\MSFT_MpThreatCatalog.cdxmlMD5=0322C1453159DE2333C83329D4258699,SHA256=8639754D6DB93FD8A4AABF06B87D218B9DE9270458BE1E6A38FE0A0402E97FCB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060450Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.200{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IDS\Y.plMD5=867932AC8BF2870C6AC6F6A993EF952B,SHA256=4F68F3F68162C795D71A5B40BD0C5F080BF96808CAEB2660874FE8C186D98FDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060449Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.200{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Powershell\MSFT_MpThreat.cdxmlMD5=368447630A1F29A15B337DDEA1847A45,SHA256=4D7049ECCAE3970C041C5F70DA78C465CC90A5BCEC1C02D5F6CAFBBEBA1BCC52,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060448Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.200{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Powershell\MSFT_MpSignature.cdxmlMD5=951AD18618A18F2EBC0C38A7CF2D48DB,SHA256=20F13DFFF8DB3B358650FF1D7FE33AE6AAC0A2884DFE764BDDA2C9EDE64409EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060447Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.200{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ideo\Y.plMD5=4A365DA6DE125A2319444B34447D9864,SHA256=32C288EC4B0E0DA6121E3C33B3CC340F8AD1951613CE293C3C899AB36142AD9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060446Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.198{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Powershell\MSFT_MpScan.cdxmlMD5=D414B25B1D087BB77AE36A7FB648D1B8,SHA256=40BD053A87DDC3B144350935BE16F2E8AF332877A55ADB8CB5716516AB897B5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060445Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.196{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IDC\Y.plMD5=F450351F3097BC85D2624F51E0162A28,SHA256=6D5384C5B724110DF1E4CF79AE7A8927277622D7001AF970B23E637CFB95722A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060444Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.196{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Powershell\MSFT_MpPreference.cdxmlMD5=693890B31D01CABB17199EBA4CDFAD6E,SHA256=49508780628ACE108561DFB27B62CF918F669770AEB4F77A7C276C7F5E89AA64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060443Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.178{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Hyphen\T.plMD5=19D229CCFA8136CAD00C05E98C8C996A,SHA256=7EE531585E711652B0A30A9C74CEEA600AAB5DF7A3F1E1A46C5FC0010ACA16CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060442Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.178{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Powershell\MSFT_MpPerformanceReport.Format.ps1xmlMD5=5224C879069533594F957182C54598A1,SHA256=9533C120C1B00477DDE88A52629358D5BAF04AC714CE9563258B073AACF193AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060441Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.178{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Hst\NA.plMD5=9FE863DB4392FE5F79BE9F8DE7C0151F,SHA256=46B93D3511396ADC25755CFAC5C880B5BC917E2C07E6992DF16884B607AE0EBD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060440Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.178{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Hex\Y.plMD5=7E6319E52A920C5C5AE231B78524016E,SHA256=CD74186A806A03B2EFF1D2655DE719C54F88B0B0F249475F1E3662891E37C95B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060439Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.178{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Powershell\MSFT_MpPerformanceRecording.wprpMD5=990729AD92C1325C42B04BC975ECBD57,SHA256=E796454FEE4CF17EFDC25DB5FEEF00A5D7C1B335E6C4B4FE996E8AD7CAB01BC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060438Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.163{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Powershell\MSFT_MpPerformanceRecording.psm1MD5=F6944971576646F5A0CCCA406155FF7F,SHA256=6E933F757FCFD5FDAFF4DA1B02BA8104273F621B3CB67C6CEA0F12019B27D519,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060437Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.163{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\GrExt\Y.plMD5=2A1DA0456836E54F0D840C09E18295A7,SHA256=72AB273EB12899CA3F19AF27FB0D1050F7EE305177F1360284A2ECDCB73DC69F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060436Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.163{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Powershell\MSFT_MpComputerStatus.cdxmlMD5=4EE29D71C991316C509F2704E1898CC1,SHA256=01845DA368E6EA6813F552D37ADB74F2DE1306A093EA8F0754A15A585D2D2E49,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060435Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.163{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Powershell\Defender.psd1MD5=A984FBCDCCB917E0E6E19368C1CE6407,SHA256=7F2DC7F16F71411336A102A1F16228A65A137DCD592F0812AFE9D33DC5F67F86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060434Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.163{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\pl-PL\mpuxagent.dll.muiMD5=11638D258F50151829917FE996BA2ABC,SHA256=1389C318748423ACCDA73AF1E6190A1AAAA8C22A2C86E3C03AF16BF1D0155630,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060433Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.163{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\GrBase\Y.plMD5=8BBCC647A0FE5BE43384DC7CEDC1E0FC,SHA256=196D156AF9E52AA1A43A05B61924AD53BA2B579CED09054BDBC1BC13E0BAF03F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060432Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.163{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\GCB\XX.plMD5=5451930A28697B8AF864BF2A1B5C38F7,SHA256=1505A2AF8A61AD275839008B9B9ADA1A35470097CCA8AE814F0E633C05355D93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060431Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.147{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\pl-PL\MpEvMsg.dll.muiMD5=761C0CBA4336B12A5AA0F2C880627F8E,SHA256=9A5528DFA98B2C431A01DFC430B782FCEE2A3E0B66DD001821D3EB7A584BFFDD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060430Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.147{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\GCB\SM.plMD5=8EC6F1F54C327FEBA8AD212B4DA572B2,SHA256=B1DA02D1C3FC35F9A3E1EB037A96F535A0477DCA18B9DECD9E6F73FBB1011DC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060429Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.147{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\pl-PL\MpAsDesc.dll.muiMD5=B401083F2A501DA8336270EFC4A7C2B7,SHA256=42492C00E42DC745EACB8762A322EDB07FAFA8B75CA4F86B5AB296E01F5B5731,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060428Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.147{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\GCB\PP.plMD5=02E044997BCA136AB71C2DEB6D04D3FE,SHA256=9626C0B0CD970DCE656EC14840712EBA91EFD1F7D34AB46A6B706AD429A3CADE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060427Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.147{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\pa-IN\mpuxagent.dll.muiMD5=4C850541D6D5FCD22D7EDDD326237592,SHA256=BCF712B90946EE922B6006B6AE2CB06C63F5759859D4ED8C33C193D3BF85D929,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060426Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.147{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\GCB\LVT.plMD5=75DC6541A3369B065238D13375BBA547,SHA256=76A3C76661856B9CD31306F3CF72C72674A6EE1E37A7D64BEEBC47D3A1063F02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060425Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.147{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\or-IN\mpuxagent.dll.muiMD5=67F1E4690049BF45075F47F5FDC3CBA5,SHA256=BAF327C320A2DF51ED3587970E24A63D15AEC602C8A04D737AF544D90A49F542,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060424Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.131{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\GCB\LV.plMD5=A22EE91005FE324AFFF6364C0915091B,SHA256=D8E07D266E2C7445CD6D3E66A7DDDF12E5F137AD01F72227B5088838778C9E67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060423Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.131{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\nn-NO\mpuxagent.dll.muiMD5=1A054A4D4664B53B1E7CF3D41D636D81,SHA256=C8810C2B9C2F9A2CFAC2F796F3ECD08194CAFF4426F82306A8DFCF6CB55F768D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060422Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.131{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\GCB\EX.plMD5=F8D16CE86A782AF8B2DC5BFDA50AA43F,SHA256=690B8F88D9907258E33EC8598D88A2CF36C9CE8D89C47B5475012C486A3ED424,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060421Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.131{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\nl-NL\mpuxagent.dll.muiMD5=7E55F07806CDF92BB8E4A9F9A08AD113,SHA256=B04D0987135C5BE091154DE260E9656251A9FE56B858F6D7CCB7B8377CFE8CDB,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060420Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.131{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\nl-NL\MpEvMsg.dll.muiMD5=C7B03BDBE1B44F1E4D1A5CB31B0E3D48,SHA256=AEBEBF2E049BF6363458C8C27BAF50A5C3B5EC0306220A776E8B9E0042006FD4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060419Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.131{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\GCB\CN.plMD5=B78961F94ED8EFE17A6C356AA451C07B,SHA256=4B1204DF7533EF5EB41143C3B03715AC138617B6C8A644B01623BEA7C9EAD2D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060418Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.131{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\nl-NL\MpAsDesc.dll.muiMD5=2BFAB6AB228DB7C31EA1375C9387AC2E,SHA256=812C33C9F36C5B59B7EA8CDAAB72FA3C9E73C2A2510D09C951294DBC324288A2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060417Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.131{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Zs.plMD5=6DCA80F1572F8903BE18341AE5289BB8,SHA256=20744FB476772B5671D4F95A083C5C8EEB37A9797910AE2D6B007989F06A4685,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060416Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.116{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ne-NP\mpuxagent.dll.muiMD5=BDA62FF800DC54E78BE512A9817296A1,SHA256=8D9C952CC6DEA5BB24C28F020CE008800234D410202294D91978D26A73F9B7DF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060415Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.116{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Z.plMD5=1F8FD10D96158CD3D0388BF5C929223D,SHA256=80EF818E53B43309AE91408069B8B30EAC80160783DC58C7715543EB8F7AD969,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060414Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.116{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\nb-NO\mpuxagent.dll.muiMD5=9C2A110EAA6FC97E3C5DA47646644808,SHA256=17252AFC4ACC242594F4B7E3658A46D42B613C3A44812F02FB493325C04ED4CE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060413Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.116{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\So.plMD5=6238420908932C6E1362F4E41AC20E84,SHA256=4B85716DC60A8FA18E7FF2616167DBBA80B94FDF27F94DFF5A3B457C436B8675,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060412Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.116{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\nb-NO\MpEvMsg.dll.muiMD5=274F55B1372D0E00476F7317A6B18102,SHA256=D2F6EDD39F099DB01F16BB9FCE879BF5B3CC0D0E9D92452386CFF1FC48054B13,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060411Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.116{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\nb-NO\MpAsDesc.dll.muiMD5=7B7FA41F68671935365EB91EEA46CC3E,SHA256=7FE884436AFC67314E91AC08E437455E9D65A19E69A357AA4C8731F48A67A46C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060410Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.100{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Sm.plMD5=03C95808D07CF7216AB71C3F51D51A98,SHA256=55D097C8312D261546E1B04C33F77AAF504C8A2816FAA0E000EDEAC5DA398470,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060409Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.100{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Sk.plMD5=B236361FA4D32C5498AFA6C75DFC3B3E,SHA256=06F2AAA4FBB77ED1085EFC1827B4F8F389978F56BF7F765B2D5ECEBAD132D424,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060408Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.100{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\mt-MT\mpuxagent.dll.muiMD5=ED84C38AA2B7F9ABEC006A9FEBFE7EF6,SHA256=91F2CD6856DBD5355DD686D174273338689751DCEFB222BFB483A7B8A780A0DE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060407Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.100{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Sc.plMD5=32F696B18823CC2B90B3B16F0CB3F6F9,SHA256=F1C6B11EDC04A11D0A94E9EE7B851354263804A447BBB89D5B73D34F88664DF1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060406Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.100{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ms-MY\mpuxagent.dll.muiMD5=100C8A0F6C65E7E8758F4C21D343843B,SHA256=F8CEF87FED4E8A4A81E6730051EC7E5AEAC9C3D0A0C92A02122BEDCAAAFD2E1C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060405Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.099{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\S.plMD5=D9D65A9A106E4143010A4138C5320BF1,SHA256=A0B5E28796A2720253F82A35953D5F6B26B28B7AE2FE542E6075155D1BB3F83C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060404Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.097{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\mr-IN\mpuxagent.dll.muiMD5=0357ED34E45AC638376BCCB20686B007,SHA256=98B9926F73522499889C87DBDAB469584D3F1F227643D89673A4C615C4DC69C1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060403Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.078{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ml-IN\mpuxagent.dll.muiMD5=8152B5AE1D28F86FA4676D490C629B73,SHA256=E96B27DA4251B080A70E1BA9FB3FDF5A75E5893F64141019953CFA5979A20F3D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060402Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.078{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Ps.plMD5=A2CB44AF1657553B17978C5D1F44C831,SHA256=F19B37245973EDD504284FC202AF70F3672CF56207F26351B41EECD61FE16B95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060401Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.078{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\mk-MK\mpuxagent.dll.muiMD5=E8E3CC331E4C2ED9110E6C482156859E,SHA256=AF9A7B8178531DBC899382AD925A341DEB154DFF92CB7AFD2B9040B3DCCEE6D0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060400Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.078{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Po.plMD5=E1F93CB5E58411B2EC1C3A3685F19477,SHA256=342A4F1BC16F7EB0B9723406FB493BD083FC8826D2B57076A77A288B0BB134D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060399Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.078{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\mi-NZ\mpuxagent.dll.muiMD5=DC1C80F841F208EA10819F7E98B8E318,SHA256=780D728F4432C48AD9FE89CDCFD763E0B4DDF55B96A5B7DE4DDFA4CF0006FEE4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060398Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.078{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Pi.plMD5=CDAC247D2206BE0F1D0E89C24FE107E2,SHA256=16AD95E281DD566F4FE10F261A9D2345EF3BEE2B54F34C29E6AB693D11800AF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060397Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.078{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\lv-LV\mpuxagent.dll.muiMD5=8715A0A82126811B284BEB7048C9EE9C,SHA256=379B83B23F5251396461C2184AD74B2FF6C80ED83286DC35B072F42CDEBD4404,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060396Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.078{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Pf.plMD5=3FE71CE64C198253D2C00FF28A8FDA8E,SHA256=D4ADC816454C5B7CDBFBC8EDF84A9FD9626C80FFF50812864E20D37FB659AE1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060395Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.078{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\lv-LV\MpAsDesc.dll.muiMD5=83EEA5727866C15FB534F7E793E9C422,SHA256=8CF18A0DF4955161E083B2D206D18FE559F546E63DDD8AAD95D6CF3743D9872A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060394Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.062{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Pe.plMD5=69644E3726828D9CE843C8763A220B5A,SHA256=342F71B0B3EDF791071C107B78CFFCD50C261EFDB3A18DF8784BA9AAF897B7DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060393Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.062{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\lt-LT\mpuxagent.dll.muiMD5=0BD46E92BFA8B571696B42AFA026A788,SHA256=A0064AF8E8B9ACF8F0FD5EAF6C44ACDD0A5089CC4046302C4C2D878A83A9F2D1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060392Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.062{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\lt-LT\MpAsDesc.dll.muiMD5=D0B875F11FE3E603D76BAA308C4A698C,SHA256=0C02077626100E0BF153A0B368616B0A0BD4D72AEB566776E6C86010800C507B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060391Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.062{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Pd.plMD5=336E807E5922D3DBC39998708527ACD9,SHA256=F5A922512519EA682CFA49542B8E5C9C256798B4289347D473AFDE8B79CA9B56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060390Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.062{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\lo-LA\mpuxagent.dll.muiMD5=4F4D5B43666B5DD91A0E6B68FCCA841F,SHA256=460E8072BF289928CE8F1C3B12C37C4B7DBF764EAA39620425B6F9B1D753C9BE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060389Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.062{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Pc.plMD5=E9C1180537B87B430EA03D2CF64D83C4,SHA256=536B78775C75CB33EEBA5AC9E1A5AC84E9695406BE294495571C7B442E458AE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060388Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.062{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\lb-LU\mpuxagent.dll.muiMD5=1F27380ABC9C4F1760B64C8255C7B851,SHA256=3DB7134485EE1187D68E438EB417B621F207941FB7754856E5F8E33298B64CDB,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060387Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.047{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\P.plMD5=D5F2C68E3EB7C534F45BE10E7FEFF27E,SHA256=64B5303CE6C51831BE983EDA5D407BAB06201EA67C33F435D3C2048325A22F5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060386Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.047{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\kok-IN\mpuxagent.dll.muiMD5=15737A6D66877C827870F413C742A329,SHA256=863B211AAECB3C2DED40E92C0953300F9DF8F03F86F4A422A878BC159057E8DE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060385Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.047{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\No.plMD5=86A18AD0B042AE412562FD63CB6489A2,SHA256=5921C8D22D439963E4B05316BBBA5B5F3BB5836FAE73B57568F46421B8DF7E1F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060384Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.047{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ko-KR\ProtectionManagement.dll.muiMD5=661008A5CACA2888CE61A460FD39DD4A,SHA256=44A0C02B1332E44AAD10A96916B50CD7D75F4B85F487A33EAF93C19E613373CC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060383Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.047{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Nl.plMD5=A00D58691C6B8D07160C0392F0CD311D,SHA256=E8F30F96503C44508EB2101D0B909293B2284CF3F040428494833E0CED93BC57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060382Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.031{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Nd.plMD5=BA7711D13EF3DB9DC02977F4CE952A2E,SHA256=C7DA75A3CABA0E94614BC42C21082CCE764C0B7F617161E63EDFC673B44361D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060381Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.031{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ko-KR\mpuxagent.dll.muiMD5=B184E8EC7AC67130DDE049B092D78E10,SHA256=A6B341E148C9DB03E3FA5358E9413F3FA3453AE7F48F978827124E846D1679F2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060380Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.031{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\N.plMD5=6CDC5D5E8B5C39BB79ECAEA85F34C910,SHA256=D45BE3C4CCE4C70A4FA7BC94FF621ADB90DDABCA7E1488BDA393CBC09B72C6E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060379Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.031{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ko-KR\MpEvMsg.dll.muiMD5=07D2FBE82A3409F1C9B831AD58888E49,SHA256=F4A1F7766CE3A5F62A3399056C05F4E9EFBBA08D6534DD1826BDBE4A5F1B6C26,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060378Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.031{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Mn.plMD5=1F4141C6F8C8B925967121393EA50B90,SHA256=A8F13BB544548FA79E6CF73888CA365BBC140DC9A07A715F7F58C9A3CFCD08FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060377Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.031{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ko-KR\MpAsDesc.dll.muiMD5=C90D96FC52F760C48925D72D1400F37E,SHA256=77FDC8A8421A1D89E3875A79C3ACA574AEB79248B03D04001722709F37DF48B7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060376Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.015{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Me.plMD5=4115C46B5FC241477F7916864AB19E89,SHA256=CDB20C58E91260B844A9A23775F1829284BD3BB1D41EFF9B5DD324B963E8094C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060375Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.015{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\kn-IN\mpuxagent.dll.muiMD5=7DD43D571370DE5ACDAC23F06DA931FD,SHA256=535843FF64ED6D4B35B3ABABB450F047095A6A89CAC67AF3C90FFF8DF48EF2AC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060374Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.015{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\km-KH\mpuxagent.dll.muiMD5=222698F0A8FDB2DB3C4594C96F88D06D,SHA256=1D325D6928C049E7AC1F00D49A4101AECE1485EAC92C1708480057880B759E2D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060373Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.015{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\kk-KZ\mpuxagent.dll.muiMD5=E686D76F881048AE5FBC203371C3C5AE,SHA256=DD171656AF7165FCD5055C360805A29BE92346894D57A8FCE4D821324D20BED9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060372Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.015{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ka-GE\mpuxagent.dll.muiMD5=1327C783EF90968165AA47F93277F5CA,SHA256=D6A461F6F468CAE22E658B67DD1CD5F7386AC09E01BC4423BF0014C1A441487F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060371Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.015{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Mc.plMD5=A572999E218B89771BE9D4A35947A5C7,SHA256=748C06F8FFB2E5EE0317DB039086968BF7D8AE831D57467199BF9EA48C3EF7A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060370Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.015{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ja-JP\ProtectionManagement.dll.muiMD5=016C9D563CCE5D2B4176C2709188D418,SHA256=CB5330A576444D21C9CF949804E652C9DDCD9D6645B867C0B6D040C41704F302,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060369Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.000{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\M.plMD5=49ED483CBF246EBB1A0A571646177741,SHA256=3EFBA05EED2494168197F978D70B029A41F498BF019C64013775FB5670FC835F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060368Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.000{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ja-JP\mpuxagent.dll.muiMD5=36CBA59B6BD0814A082660074A450C8E,SHA256=0F684185EE9E428EA9F2CCB51179E7C7A5D79E4F08551AABA4F7B727945012F2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060367Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.000{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Lu.plMD5=91F0F0904BC2BD4E03F1880B39AFE865,SHA256=D62ED24640807B87B1534BCB9BFC3FBB58943E6810644B7A48C60A2D140AA11A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060366Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.000{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ja-JP\MpEvMsg.dll.muiMD5=3C0F43A583E39BD19364248B99976272,SHA256=2ADCB156C8FA238B255C91BA6BDF8A00E5FBF9B1065B1565238898BFA1EC7099,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060365Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.000{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Lo.plMD5=83DAF2D553E215A5DFAB08310371E417,SHA256=3D92C52C7937DA82D57AC72CB0061000BB4834F8026DDA04671F95D528E2FA43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060364Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.000{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ja-JP\MpAsDesc.dll.muiMD5=B5F06A74EC5CE97265CEB51C02A32E73,SHA256=3AE75A9C93E42FA79FF56AAE113CC205F4AA47A70F0432FE25D36503B7EED7A9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000031810Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:36.800{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5F5A8DB9ABBD89F45A229D34CA3E8F9,SHA256=47FEBEBA5B0BB133390247CD8138DC6109783CC39D3F7D5080ABCB8FF8D4119D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060793Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.988{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\SB\LE.plMD5=B0F08F5F6BD7DC3CB152AA126A351913,SHA256=B9A56AB8B46DBF2318B04956A88C679168722069DC902EDE588ADC7D05A71A03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060792Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.988{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\A4\A4BF3C62D5997AACD71E8754DB2F62B6443C58CAMD5=81102DB41ABA1759906575427A34B05E,SHA256=B0A32E078403E58DA7907F8A1B93269B1576E73ED85669744D8D286518F570BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060791Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.973{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\SB\FO.plMD5=1A9BCF772A81AC53DFEADC0262C95A8C,SHA256=BCA40E79E1F724C82EB90D293FED1ACF683BA8C3B496660BEF44E1FBBDE57646,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060790Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.957{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\SB\EX.plMD5=D2F71B4B49E119436AB87CBE59E81195,SHA256=30AA0D5A42833287395960E2ADB9D116F9AA3FBC2C23CE41E197B8F48970AD71,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060789Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.957{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\SB\CL.plMD5=0996FB18ED9094DFA429E2C5D196C7C7,SHA256=B625533E6BF0BB1C97D6BDBCE4A033930374104C310DF0B9BB7353ACA6F8AEFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060788Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.942{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\SB\AT.plMD5=2DC4C5354D02B82519F35CE8920FAE33,SHA256=69E3CF8C6A56CC5B730FF0461EF57B9123E965A01C38B4B9BA4A06AF09AF16F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060787Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.926{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\QMark\Y.plMD5=79BEED6D714CE9CF5E237B9D05BCB1C5,SHA256=8E53DA41BB32583845459ABB45FED3D4DDE3C8A99D915F63958364E8520CE5D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060786Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.908{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\_PerlQuo.plMD5=CF7A35EBFBA1D8159E511DDFC755EEB2,SHA256=6A8F0F436A1B4370F19CC113985733312EB02AE3A8718C08586D156D74ACDC56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060785Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.904{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\_PerlPro.plMD5=A5F908172056AD750654E64EB94D4662,SHA256=8FB079919DF94640ACBD7C99F958A98EA5CA47C68741DF0A3E3757DF1E834E03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060784Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.889{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\_PerlPr2.plMD5=1849288683AD7F679529C084360B3460,SHA256=3A10CAF5EB4E796B525B76F9D969297DB0FA2E56549EA6B540A1C857CC0BF73B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060783Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.889{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\_PerlPat.plMD5=2CFC39C59C0EDDB7CB7C9B74F73EE92A,SHA256=03FBC37397587F3249FE6440F9AA538F965EE3477157F11C358C54F5B4BB12E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060782Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.873{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\_PerlNch.plMD5=A5245441721F4A9A54B7DCBEB96CEC53,SHA256=20F7C3633096D8A41589EA544B527BFF0C1DBF7EC9FD2DE13A9F4F21AA401FC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060781Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.873{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\_PerlIsI.plMD5=6D22F44C0DA0CCEC3F2012BB1BDC323E,SHA256=EE420B7E6ACF8C658DB2FCC7CB40BACFCC01B4AC9E21DDAFACC1858B10445D49,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060780Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.873{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\_PerlIDS.plMD5=1098ADC7A0104C1B535C397BD74B1BE2,SHA256=D588D66B2778F41D4F45F45284823FFCCE838A1E80B04C8F0B75D73B1C8E3C37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060779Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.857{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\_PerlIDC.plMD5=8A02DBEB06FD40EA3E2387FCA01231BC,SHA256=434830011DDFD901F7BF964EBFECBBC7E3C473EDAFEB5B1C9B5D2CD0A9576CD1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060778Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.857{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\_PerlFol.plMD5=9FA0FFCC087431859459836AA6E6CE4D,SHA256=6D814EB9E302923812CB56290320DEE676447742B41ECE74CF86BA822C6D1B50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060777Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.857{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\_PerlCha.plMD5=F5A27176B06DD8F33E29D1E781716F40,SHA256=A3BFEEC92B2F47A220EC858A895DE36069E50C9446FD37E0E25D70716AD8525E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060776Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.857{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\_PerlCh2.plMD5=175BBE41096CE05AEE77C670D2A90527,SHA256=DC711D2B9826ABBE7EA886B8CE3EB247EE27033CA9863396460DCAE1B15AACA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060775Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.842{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\_PerlAny.plMD5=3FD806F871A774CCE76F182A00261EB2,SHA256=DD8E8C5399C509AEC084D3CEA1E16D0AAD280BDF5868DAD02430BDF220D534DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060774Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.842{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\XPosixPu.plMD5=0B175D70BF44D5FBEFFFADDFF2DB0BAA,SHA256=25C154355DF061760CB91D8D0E7CC3563ADC18B492867187E464A487ED32C12B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060773Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.842{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\Word.plMD5=38F39741DE0221A46E39AE8F6A0CE5C2,SHA256=BE905A740567A664775A1D3641C164475C18B07F5AB01E056BB0E5BDE0537DF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060772Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.842{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\9B\9B38C71E6E2B3B27351A904AC029F2834E0D25BEMD5=AE32B9E77C04EE95B05F1F0ECD75CDDD,SHA256=031DFCFCD6E85A6248D878A03048AAFC4870D1D964451FE12674C80B5E2B7E99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060771Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.842{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\Title.plMD5=0B75335852E9CF8905C219A3A38C295A,SHA256=0AFD59E488DD7AF3D42D85B5BEEF83EB4317B4E4926F3B6F7C44270B46C0B994,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060770Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\SpacePer.plMD5=56B95DA24753C494F53C1B618486772C,SHA256=6C05F7F09CD8C9DAF05519BA63C2B27613F22498711A738B1015A657CB5394A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060769Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.826{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\7D\7DF74B418160C15C90B31407CC76BFD757FFBE59MD5=35093B7AF4C34C52E4C5873CFE5BCA33,SHA256=C3E66A496C67784080A04EC4A0C1102D80B2EA94DACB6EF9C7BCF205F9B51B89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060768Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\Print.plMD5=F1528445487254C59876102E10D02087,SHA256=8CB4BAA84443B44E1F1EFC4D721079373B1219E8AF910A7B04C5FA1D5CADA37B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060767Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\PosixPun.plMD5=C8D03570B9E42D6F369BB0CBC010AC4E,SHA256=851DCEEAF224EACBDFD17B792F33712E482E09954BFB0142DCF8F9C9E04FD6A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060766Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.810{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\PerlWord.plMD5=991A2BDE15927F67E1976DE31B9FFF17,SHA256=EB95EDF3C82DD0B4AB42310E6240D892B7F7876B4F8B9D32CB03B7DAABA0C3E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060765Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.808{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\Graph.plMD5=1765251CBDA946D39C79ACD4B426B1A1,SHA256=F10222103C26BB2A838AB0552CEA86056141BDA301A37C52C39D654D36361313,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060764Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.789{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\Blank.plMD5=4E1A9B66BDF2043A5EFD5CE74BC527DC,SHA256=1615557F670F9376066955CC612D725213E82EEECDCE9AA80D998DE675379DCF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060763Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.789{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\Assigned.plMD5=58E16FA8CA3FE4F2A16B828EBE22277B,SHA256=E8E5A02C602B797A37B7AF44D2E5DA61D05F547BB013C42509EE6B2E92EF7C0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060762Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.789{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\Alnum.plMD5=9DE3B219C05550649217B3709C6F1BA2,SHA256=831067F852BFD900E5B69C1940279468764DEE5CB267610B672FD41645089427,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060761Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.773{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\PCM\Y.plMD5=823CB8BF40E5E0BF2C965E6150F81F0D,SHA256=0B9F59486772A0FCE001326E985B241CA3495297ACF6E33261D5D11747C4B3C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060760Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.757{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\PatSyn\Y.plMD5=29C90583CA79E0460362E10F84F6A350,SHA256=C5B0FF269F1BE5A6AF9688283F5F763FE514068AA47D446914AB8565BB673A50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060759Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.757{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\90000.plMD5=4D5DA9F549447AD209F94EE534BF433C,SHA256=51B89D61085107164BC8179892DB4D972C32BFD0C91465FDBADA0153B0F9814A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060758Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.757{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\6A\6A9287E3C515614D3797D35528011E0754C1EAB5MD5=2947C8305D120E32B1A67A0ACB763AFC,SHA256=40FB5672CEDB126B3D70CB7C19DC29C6ADAFF1FCA07337165F77E1218D8DBFE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060757Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.757{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\9000.plMD5=6521A500609BDCDD90A61B07C0E804E0,SHA256=33D770CB1F9D95E304B581DBD5F785B346A41226E0648DF194099D60AB0B38A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060756Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.742{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\56\563338B189DE230AEDF51B69E6D1601FBA40292DMD5=BA21D88A5B03019D57E5DDABA751F931,SHA256=404F56C4179E59685D3020456632AABF0DEE13D9AC40FDE389DDDCDC1ABD8D02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060755Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.742{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\900.plMD5=B70544FAEA26EA547C9E74134BAC1B49,SHA256=2D0BF26BE06288D5C7AABFDE27006AFE05308E15BA26A259B16952613734D1B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060754Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.726{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\52\52FBD0186882E6605124DFB4758D4E3508EEAFF8MD5=5A0D116CDECC94A66F6E8C1C6B14994C,SHA256=8F9CF0CC15EAD240BA34EA64CA520D5E092316A9984F87AC66171DEDF129F712,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060753Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.726{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\90.plMD5=BEDBE9C7420AAF99BAFE5AAA428E6F55,SHA256=E8B4BAB9F4DD02A717EEDAA1D3998C1EC614487EF52752D4A03CCBB5FFC29D75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060752Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.726{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\9.plMD5=02F12923564114F24AA0AA39F0D03A49,SHA256=D510E0FB70E693632E0EB2B3E75755DDDD1D88F3DAC6119B0FE7B3ACE079C073,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060751Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.710{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\80000.plMD5=1042ABBFAFCED2456BB3F1050B533B16,SHA256=2BC62D8C091BF79F9B4EBF13A4AE98CCA3B1B677C1D96934D43722D448F885D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060750Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.707{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\8000.plMD5=6853D01A66B42FE15135FAF82016270C,SHA256=038EF91FA873E3E43983136BA046A33C82F36D73E189DE28B2EA41B90B172854,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060749Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.689{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\800.plMD5=7539D0C59B2AD397FB93F36E503439B6,SHA256=6791157E833A7C7247BFBAE64374B31F5150D4E812C4529A90AA72BB98920DC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060748Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.689{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\80.plMD5=DEAEC4236D3C3C8D64553FBABB38A19C,SHA256=4A662F1FCA4993C6065AF307AB4480EB10AA9A17ACB423E4069D2F8ADA569811,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060747Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.673{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\8.plMD5=F6997B6D8936ADDBB37DC4C1816D691D,SHA256=7284740F47DAD25B610D3A1530355094777CDEAB8453B1722EC47E76A9419FAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060746Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.673{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\70000.plMD5=BF523F7843B460572631E04B07B6A5F5,SHA256=6FD85FCAEA8720C8FFD23CD53952CDDF4A5489B440B01C93AAC6E85933111AD6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060745Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.657{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\7000.plMD5=5BF0204E7E479C2AE253D5194F286903,SHA256=7FD5418EC1C71B599F8331D05DDA6A34AFCF5DABE6C2F41583765C61D0FE774C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060744Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.642{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\700.plMD5=8184F584E5043C9D1EECD0C4BF9DC4C1,SHA256=74BBA087D72873E875709695282BBAD75CABEEC113CE00A4A3B5F78E7D327C2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060743Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.642{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\70.plMD5=83ADC2C265F1927A691D61D4111B04CF,SHA256=F47DC70C4240FBF36E5DFBDC73B3869551346F004DBD0136A8A4A711C0A2A863,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060742Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.626{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\7.plMD5=2995883D826F8BE7CDDEFAD79E6633B8,SHA256=50B7F796D5144648A7D7A6889AD928FC7DDA00C835BB3F7BE5F5280A0FAC89D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060741Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.626{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\60000.plMD5=7CF0F680E7436579A251763D4B7F9F3C,SHA256=EBFFB4884E1368CD203F9541471F47DF334DE58138A5CAA8149C4100BF242F21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060740Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.626{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\6000.plMD5=9A839FB7D4A0CBD2B92938EED1B995A9,SHA256=1FA633A3A3CC6DA0521588D13F6770E7DCDB2798EA605DEC7F8804CD34A365F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060739Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.610{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\600.plMD5=EBF7E2421766F5B1B834138A3FC499CA,SHA256=17A5A5DA420DB90AB5B4C17E7B96F5901F6C82813A8D1DC8F0D472F2C46448B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060738Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.589{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\60.plMD5=5EBB3738B2551496684E7C0192B89356,SHA256=4D6098B627C5716E7B6E853199517CCBF013B714AF4D7A8A96583391AEF44147,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060737Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.589{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\6.plMD5=828D1DBE34D57E7B41F7DF88F1BCDAD4,SHA256=F22CE6775B2E36CAF2B42338AF5DE80DD7E4BA0607635B1B6C314FBAB9DFB11A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060736Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.589{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\50000.plMD5=BC69545A40778A9EA725FC9708AC8EB9,SHA256=32465E42517616AD38505723851AAD42F0EF0BDD04715CD3958A86319E9481FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060735Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.573{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\5000.plMD5=54FE3C4898BFB3B1A0D064B782B846A0,SHA256=9580D9FF364091715DF41B7019C75C115BBA428FABC88CC8721A661D1537E0C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060734Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.557{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\500.plMD5=36CBC81A32691AB7AE10825870C4E5D7,SHA256=6000EB2277CD1524DEDCFCE8EF2105F8BF717AD7FD85FA5FCC907C9970CBCBAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060733Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.557{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\50.plMD5=F87DAB392BAD32744BC7CE0E44BF104A,SHA256=3F5E923D8D8F72E2D6CEE397A94E4A829CA5F06AA7D705E318BEB3A6E962E49F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060732Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.557{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\5.plMD5=F6E233DDB8C4349F77112A2B22F96CC2,SHA256=0BC27536CDDF3255E95F9F4D7651173AFB0F9E30B9CE6746096C77FF4A6E869D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060731Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.557{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\51\51C8A99C2ED44DE841C49BE026604ED72AA95822MD5=E63BE643CD57EAA3E04C7F8082974FF3,SHA256=EC9F91DF46923BC8EFFA3603DEEE383956953C6BFFF543D160DE997E8BA8FCDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060730Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.557{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\40000.plMD5=B30610825D8D58F0345364B0F5693538,SHA256=06FD8A0392610679F5580DDFEA34442DF65D050D72A6EF0B09E773AB9311D23D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060729Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.542{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\4000.plMD5=C2D24B172AC62FAB323A83E9FE36417E,SHA256=D37D8AD6DB8F5B480B5FA1669506FF702B101D7F18876118307EA286A3B47DFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060728Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.542{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\400.plMD5=9C9E33E3311A8946A9C72F989A157E53,SHA256=D2A097CC7D0E096B24A8007AA49BDB044DF9F30B6BAE1CCF857F22C6DF1C2909,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060727Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.542{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\39\39A7038115AD1E578B15DD9FCB7772C1A83A898EMD5=9D4E0789C0B4D9F59E55C6BB0C80680D,SHA256=CDA8A8380396CAA8BBAACD0F6C2D8590FB0BFBF89AB975636AF6F88C04B8DA9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060726Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.526{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\40.plMD5=5F336DCE3319AFEAFC7D90F344128576,SHA256=3486534C332A2FFD41339FDBC391044FDA6B0B01A24257EF23551B520CA9940F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060725Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.526{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\4.plMD5=2E1FD6AC22C62ACE136C018CF527E9C5,SHA256=7D83485D7B8FD7AAA6E737771C285BF95302A350FB1C4AD6198CD502AE7E67C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060724Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.526{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\3_4.plMD5=5D6B8A947CFB6B64B6CA14814E2FC05B,SHA256=07BBD9EB737F5D176859320C2E2C93070E7CBFBE7F5A33C20C3172350FE46ACC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060723Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.526{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\3_16.plMD5=9DFE78880BA0551CB12C4BA0DCD1831A,SHA256=11CF6B9A748BC6557AA447B613AF2B2BAE012A89D315A2EF25BF0B6AF7F06448,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060722Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.510{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\30000.plMD5=705A7B23AC03383DD553AF9AD9441B01,SHA256=09F5B3441070A46B84D155D2A7070C3BC6071B1050683D44B8B8D5A0FEF3FD52,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060721Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.510{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\3000.plMD5=1A28336DA6E878B1D35382766792E0F6,SHA256=373809E62972E1803C8F497B114C7FB83B6E9ABBA251D17259E58297894401B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060720Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.510{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\300.plMD5=22354AD764B7D486A45833C1F704B71B,SHA256=0318E8DAA4162789AE9AD1F3A322336AD6268A1C5B180304F95046370490FD00,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060719Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.510{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\30.plMD5=469CE2407DE1831FA0D7847933B37584,SHA256=70404B77104E5128FD22DC73827F3BD3B99EDE9BFA4B2F54C2EB5D56E19E5490,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060718Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.488{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\24\24FACE5B5CA39CE04CF462ADD690AC401051AF97MD5=5A691A7F6AD7BF736DFA25CF0D0EBD4F,SHA256=7118372FE2583547A911A94FCEC55DA2344335C70FCD7A752277A71EDA9B69CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060717Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.488{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\3.plMD5=881114E45D74B144CAE9321F38932B04,SHA256=ED433FB682A1F54D076335B3AA272F321079E45D863D0BD060696F62060E61F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060716Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.488{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\20\20A244C0440ED0B418F454F8A12ED0DE6A8BD6D2MD5=4C03160737FCFE43A3C4700494C37AA3,SHA256=0172389EBCE4361E65A26CBCFE5DC34394C246DB528E0149EEFE5FA54BC726F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060715Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.488{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\2_3.plMD5=224B98D1DBBB7147E7FF55FE2E054B55,SHA256=96C6F67881AA2F3011BFEA4C2D1481E4A10CDD08C7C93802467BC6BD654F9109,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060714Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.488{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\20000.plMD5=7D89A02A11148F4BE0A8C80C20CD9F26,SHA256=906C8C12681C30D1826BCF7F002AD0AE7F3B9F31CB65CDBFB6B9E1815DB00656,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060713Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.473{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{E01AD230-00F2-4114-DB75-9C788D7FF24E}MD5=6D0E58420DA3F6608C3AB85C17F242C3,SHA256=3257699D305A927937F386BA2C0BF4AF684EA256B60F872771DB91202F2E060F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060712Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.473{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\2000.plMD5=4BB814C58E9204E14BF0A69CDA365AFD,SHA256=C2E04BA9AA8E13CD473D328BD6A6103E7BF1EC5C611AA0385177E6A8740372A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060711Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.473{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{DC52B15C-2EC1-5CBD-DD73-0026033674D4}MD5=C06B57E3D22182F44086B0CDDE79507E,SHA256=EB3331CC8C651CB906DB8781B4CFA9E1B1E4616EA003689B1736E05E31F8D58F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060710Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.473{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{C8B4271B-7753-C4AE-DA75-2DCD3C27A0AB}MD5=5D88DEF616D7FBCF72C30768A03F4FDF,SHA256=D1B0DC9DAAF0751C658FA72BEE234A55A16D893ECC710DDFB742EBD2BA981058,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060709Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.473{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\200.plMD5=663F69E46E77ACB03D7198F445C584CA,SHA256=93D10955335E5DED0606DF8DFCA4F3EC1F52C51B4DCE045B7EDD2D1F6C67461E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060708Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.473{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{A59C741C-0B17-3F5B-C21F-EE1993E1E19E}MD5=93AE45B3AE2663DBDFE71988A6760779,SHA256=B920957F2A4A53B58BB2B535DC6353361B2AF8205644411DB21447830439B3C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060707Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.473{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{9CD7968E-5F23-B83B-A3A2-126CF8F3168A}MD5=14E435ECB0B6DFE92B7E1C7D5BDC4467,SHA256=F894515969F882A358B1F3122AB36D135112AC01119E2A5EA786640CB51FB6AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060706Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.473{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{830143B2-F526-C024-EA03-13DCD07868F4}MD5=425FD4AD38E512C56CD42AB0B11197DF,SHA256=2D660FDBF6ACDF6DB86DC67381056B651CD4EA50D92F4AD226C1C3FDF262DD66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060705Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.473{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\20.plMD5=6EEA837E0CFD7FE587CB5E842952312D,SHA256=54A1124B7C091A8BE0345A7AA23678B07E3C22C00D92DA6176C3BBEC802BDB69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060704Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.473{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{790D7354-EF74-7B90-6BD5-12E3B1F9A7EF}MD5=D5E92C3715AE2DFF62F0355BF5864A4B,SHA256=95C0BCAC81B777080EB0F9E6F1EFAC1B6641EE9E1B3260ED4CCBF166141CF509,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060703Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.473{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{73788C98-8557-29B6-338F-8559E3DE4D68}MD5=B4466B3245F1E79C435923E7B180E571,SHA256=6EDF05C7632AA456D17FD27F9E6F2451AA4D86182EF4B687D8C93CABF8366075,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060702Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.457{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\2.plMD5=2219225CB0682074611190A29EC36A96,SHA256=F25CE50E9A1275DD3D256D367C93532BD30317C74DB74F2FCB42585A9590A544,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060701Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.457{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{5814391C-0379-0644-BCB5-61696E94879C}MD5=4E65FAF03E72E09B37A16D4584F46659,SHA256=6668F207E30330E4CA0FE6ACDE15C8BE8274675B98078218D4730A8167E210DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060700Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.457{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{4BF2B463-7479-3DAE-72F0-FB54116DE50F}MD5=795339D17F443FE67F946748B235D322,SHA256=A399530FD383441427EE98542BF57AF62DCC8EB884C436B751FEBE4F6EC20A34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060699Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.457{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\1_8.plMD5=36133B4C4F17A247BE357719287BBE9E,SHA256=93F5E92006CD536462191EA94225B689E3701D01679ACCA3BF80A8B3A5A4EF64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060698Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.457{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{4951AB05-CB9A-E18D-0C55-EB74CFE11108}MD5=92D0D9D3AA7F51322B153BBEBF6B6646,SHA256=6A7EE758B14A3D001839BF247411692D159711763D5AA2C076DE657CC10FA973,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060697Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.457{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{1E841055-9691-E4DA-4634-425E676749FC}MD5=D87AE4862B9B09B0BE35E6C1B4BAFF20,SHA256=A5E438C6E2565DE23429CF29BBC9EBCB50CAAB59ECC67104327515E9FCD78B3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060696Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.457{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\1_6.plMD5=EC9E7B606E00AEA5CF3D2EB78EC7D21D,SHA256=1A31D55B3E656F2CC1848E5866E5890634B74DAACA50D2FD6DEC1F8B84DE6CA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060695Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.426{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{1C4E74AC-149D-39AE-B74A-B53F4CC32D79}MD5=89ACC76E63829B566EBA0164E6FB5F6B,SHA256=BD2FD026EEBA0D6DEBE33D84A7015D4FF4BB8C61848E16E9BAC6F1B6F469718E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060694Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.426{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{063FD797-5F24-091F-2B4E-0269D13D0B70}MD5=2A4338E8DF1B698EA2F246434A626891,SHA256=D9C0AE540FBE575C6ED4D3248B28D003B84E69A92F1BB0AD7144F544C50B0924,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060693Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.426{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\1_4.plMD5=DA0DCB9026BB538BCC46643DB1F89C95,SHA256=F0B118DFB4EB2C412BC6EBB2D02B224EAF5EE3815ACB122A1AAF73A1BB8CC051,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060692Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.426{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\1_3.plMD5=FF6C01A96343050AB67DF7FA409C1B5C,SHA256=CB3BAC4B65D09CAB333BB1C81DBEBFC471E9E6037B8DA37773E1FCB971F4203B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060691Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.426{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ThirdPartyNotices.txtMD5=CE7313760386B6ABDE405F9B9E6EA51D,SHA256=73E26404B3571A9E859B3A1144F54C353172479586E0A23C3A7DDA0C1C0AE919,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060690Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.388{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ProtectionManagement_Uninstall.mofMD5=72D045707D108D55B76CD70AD9A84AD6,SHA256=30A0AD834D7B3F4FB47010B4BB6905576792E83064E9DD858EABF0CCA17FC3DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060689Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.388{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\1_2.plMD5=F93D59ECF70B0A15397EBA4DD906D948,SHA256=01775760878037D9494F505BE8DA08099E33D89BF4A2855AAE123D631420A8A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060688Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.388{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ProtectionManagement.mofMD5=FF03FC94B051706C0B57D1C73933CD30,SHA256=93A719D665159851734370530A6224347159F0FA23B8A8F321123481579B28AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060687Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.372{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\1_16.plMD5=9B2B340E767FC4594355B2125B6E49B5,SHA256=6BFCFBFB5E73DE9A3972C7A23F68777D3686500EFA71AA8318AB1627B2132E97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060686Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.372{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ProtectionManagement.dllMD5=8B0BBA3117F23F81BDD84D68AEC65A92,SHA256=B5758D2C6C3CAB0745F4E9CF8B9D17BEF2CE4481C2A6438149297FFD6DA0514F,IMPHASH=90575EBCAD810516EE591F80A078E79Btruetrue 23542300x800000000000000060685Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.372{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\19.plMD5=59293A8795B4D87E73005BEA50F0F49B,SHA256=339432412337C7A9F26C01E2BCCA690EAF6F4563EB7233EF0D8D1B4118BD1D72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060684Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.357{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\18.plMD5=632D1E1E7734FFE47915AECA26B95891,SHA256=935AD47054266B7379EF1B810B2C08EA136B78E25C007DFE6C94D9603D8E8DEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060683Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.341{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\17.plMD5=2D635E0DF71D5B80DE50D8E827C386F8,SHA256=70C57A8D8A041DB5704ADEECAE1420EBFDD97C082F06F39FB1980F603B07E35F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060682Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.341{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\NisSrv.exeMD5=77CD94DA15DE9BB02A3803626C999DF7,SHA256=A11B9F5D4FA4C1271BF06B56D653F0BD7FF2323C08A3654FC233D281DC51D006,IMPHASH=1A1A6C24B2E22725BA69163837D402F2truetrue 23542300x800000000000000060681Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.341{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\16.plMD5=7C0225D5A42DE1800601700390A168BB,SHA256=0875F2766AF84055D2C9386229CC92BFFD28B51C596C200BE726105E680A98B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060680Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.341{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\15.plMD5=A1A95463BC1D36A470A2CE58E488141C,SHA256=8AB2C24704F64F5D7890F37456ABB99161A9E562DBF9787BF53DF389832299C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060679Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.325{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\14.plMD5=538E020F06F620C6D015D56896D4B6DF,SHA256=D1D6F100049488E43E9ED6D21115E02D45C176BF6D1131C82E7D05E3FC7A621B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060678Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.325{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\13.plMD5=8B64B0342F3778202745E3C3000EB3C8,SHA256=66D8A690B497E4E315A56EA13E6A8B90EC3FE249AED642D7751F3A76C13240A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060677Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.325{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\12.plMD5=83DB5F7FB8F5546C5972555380EE5652,SHA256=D37E4CD2432EC07DEAF66770DE398B46CAC9339DDC45A07505B179055C755A64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060676Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.325{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\11.plMD5=2DC46C8AE3F7ED2AEB3D2B5066A90B5A,SHA256=68D5E1C5E7AA4822410DD602D0309426EB905AEEFE630741BF1B1E64536C6863,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060675Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.310{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\100000.plMD5=5B57F517B5C569362015653BAD95C6F2,SHA256=EBD8DB05EE4A74F1B3D705E136BE0D9E8456762B7AA2430FFA858CC65910C5F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060674Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.310{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\10000.plMD5=A4FBDEED6FB7B76832E4C0C5A91614B1,SHA256=4056B98BA42A320674D56FDA7F4EB632A4F684F4998FDE167A6DC9A8B94980A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060673Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.288{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\1000.plMD5=1DB5FC1A416E3E795B048913B2F932DB,SHA256=7B626A22BBF0543BB751C7764A185F75F1BE7C94F8F3DC05DC91C3E7C5ABFF21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060672Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.288{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\100.plMD5=45186610AECD1888D420D43212A23E05,SHA256=FCD944FE69BFB276917A5D0515545C47CE9D83A2CCED25986394B18054942820,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060671Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.288{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MsMpLics.dllMD5=B12C86137A1BA742738F7EAB9A1818BA,SHA256=D35ABBC49CE9750FBECEC13FDB8195409B085B4C8085D24BD91E73DF14E8E0ED,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060670Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.288{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\10.plMD5=E93BA04AE1B478343576FE2766085687,SHA256=BB240ADFFE5F78C61AF404063B0175486ED8C475F19CA46BCFB5F9FD8F4C953A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060669Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.288{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MsMpEng.exeMD5=D8A7203FFFA4097D85746A2581B7D884,SHA256=A7C1FE30930D982D69CC263076142EDB451AE896B67EFBCA347B54E064C93BB9,IMPHASH=99C98AC382B2B1D56BA3D07EBC95CDEDtruetrue 23542300x800000000000000060668Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.272{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\1.plMD5=206CFE8F08BA7F41AC25674100BFFED3,SHA256=D9464F946C8A3C330BE5DCBBBD8FB74769A49ADD764B6FA00A2CA6B2914DDACB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060667Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.272{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpUxAgent.dllMD5=47CFF59698E78A319D18B813546BA512,SHA256=8656A963B5511B096CA65E3E9788D8B827751426380E0D93896B86BA05BCC7AA,IMPHASH=32558E4AF479B2A1D13F5DA57D6FD400truetrue 23542300x800000000000000060666Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.272{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\0.plMD5=8264F6AD447AF5E76697AE212842C2EE,SHA256=87786633FF5E25F0DE2172346196306ACFDD207C695D6BFA3EC97CE64BFBB303,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060665Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.257{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nt\Nu.plMD5=41F428C2386E861F6249971D845F958B,SHA256=37F535746458181804377CA9D0745CBC598E29F5CC6DF48184ABCBFD9CD9CA45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060664Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.257{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nt\None.plMD5=D0C6D600D5F3087FCD3C8BE3ECB646D2,SHA256=3F1F68B13B902BB4EC8D82711718FAFCC64B8E9645781B72DCC4D7C6B0FAE569,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060663Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.257{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpUpdate.dllMD5=6D9E4BD858D0FD048EAF8B73159E7304,SHA256=A28883348988BFA82F1505AC6D89ADEF6769B10DAD86042E5E72C15A71E35FE1,IMPHASH=61AE0536E72E995FE5058EEF5884ADA4truetrue 23542300x800000000000000060662Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.241{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nt\Di.plMD5=2279E425A50307C81E76F68E9ECDBB10,SHA256=9EEB7E459166BFCF74A270582A6ABD187DB1F9D32CDBF2B67DEF4B782ED6001E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060661Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.225{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpSvc.dllMD5=D038BA7B52FF15E0F7373460049321F2,SHA256=E0404F07E33C24D661FC67830B282C0CA0E64F22474ACA3E986B6D5D9FBCBEA8,IMPHASH=E6A69A0AD2CAB38614D078683A73C876truetrue 23542300x800000000000000060660Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.225{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\NFKDQC\Y.plMD5=8FAEB737581D14C7F015A3DBC1A9B697,SHA256=7087A679DEA02E4D3BD26DC496E028AD5B6D3F470C71EAC12365DAD2E32FB444,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060659Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.210{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\NFKDQC\N.plMD5=0B1602E47EAF03C7CF261A3F450F49C6,SHA256=300C4535BCE5B68D63379A31FA41CF3CCAE479815E741E82049350F15D5F296B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060658Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.188{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\NFKCQC\Y.plMD5=9254A457EFF6114C0D8FA6FE5576E5EE,SHA256=BC0BBB018C99CEDCFE843380DC3E73BD76E260A4D6D3225BF6D7235AB3483820,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060657Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.172{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\NFKCQC\N.plMD5=EDB4F40327323DA7D18D951DD8391F7D,SHA256=BE09F0C7B3AFC7BBE257EB49CDAC550F0856694C7EEAE72389958D95F6074A0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060656Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.172{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\NFDQC\Y.plMD5=26F7A9443147135B0A0C6DFCD8162D9A,SHA256=871A018FCF9F8E86B2B4BC6E4B2804715B45B8C92477BE8CDAADCB7D9B2A0240,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060655Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.172{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\NFDQC\N.plMD5=2CB3CB33FBD00D4C9E858EE2F5521D15,SHA256=62128C47437626FFAACBB2A9765209C755200007772763EBBF40A388BE340D6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060654Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.172{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpSenseComm.dllMD5=C3F2809D797FD605F846D62B15835293,SHA256=C2D6474F9FB7CCB07CABACADB2784AADDE5AA3C438FFBE6BE4126B1AC5F4E4F2,IMPHASH=0C1616327A61C6B75A3A0F7F4F63D53Dtruetrue 23542300x800000000000000060653Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.172{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\NFCQC\Y.plMD5=F4740C5D36D2D53F2CEBA27414FDE4DD,SHA256=3FB239DA173313EAA41648028A8CC5D2D8594EA5C29AF2CFA7C170C7D6C14ECD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060652Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.157{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\NFCQC\M.plMD5=CF30AFAE1D47177F54FBDE3F51EF640F,SHA256=5B603D517A761C66C27427999436B3B50C5E53104D5570DAD3932670EA6775B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060651Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.141{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Math\Y.plMD5=A84C011A3718FE2BD231831A5884DA6A,SHA256=B223F2DE5592C56A62F48ED87BB39FB69FBCA892C40D0477F5DB78445E97B4E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060650Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.141{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lower\Y.plMD5=4E0F7C8FCD009AB14613468B676D3459,SHA256=82C1915065AC422F7C8AC3F2D456E12EE01C2C6038299EBA7B8EC3CACB19414C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060649Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.141{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\XX.plMD5=3FD0BF5238D4D556FAB4EE6B237A88A1,SHA256=F7389219862DC0E69AFE745B4AF2DB49EF1C646794413037C7EBD6ADCA8BCA3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060648Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.141{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\SA.plMD5=5612E5EA1BFA9ED67D9281088492F900,SHA256=74C34C26EB1F987F0769C99E49FD20276ECFD311B43F6554F209B0BB67859118,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060647Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.126{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\QU.plMD5=6C50DE084B5546FE72D9F479A803155B,SHA256=EFC5DD7A35CEDB8FCF171E67583D72C0F213D5218D13EAA0D72B616DBE0A7F5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060646Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.126{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\PR.plMD5=CCEAFD60D7D2EC71417B117E89E5CF2E,SHA256=49A6AAFB5C5B45A05D6308951C7B649DF4583C3E189EDA5A2BE0A8087BA1DAD0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060645Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.110{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\PO.plMD5=0853EB0EEDC59F9407DCC23FF830A68C,SHA256=47A31DC9A28BE28E4BFC5EC982A3310536DF646644793DDDE74439889996C8FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060644Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.110{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\OP.plMD5=5979D053EE5FC0B965CBC7EF66A618B8,SHA256=32F3BB90D4D0CEAFB1723CBE567F6B6A9477A8C92DB2F32A789FFC6941AF034A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060643Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.110{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpRtp.dllMD5=25C823829EBE564946BEE8CED618B656,SHA256=85A5C9E06A70F4BBFBE8F72F27ED3460627D85ECF1867DE7CB979FA776883444,IMPHASH=E267B2123A2B15425413A946734E72DEtruetrue 23542300x800000000000000060642Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.110{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\NU.plMD5=535363AC2F1D5B0A2757AB6D2A4DD6F0,SHA256=3E304E1B9F378109931D35325F977E504023C5D2B41946C9D69D9F5732FDDB25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060641Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.088{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\NS.plMD5=411B551EAAD8F35A8608EB6291F5AEE8,SHA256=9E970F5D356FFD345AA03C4CF9C2E501C29A91AE34795BA5F065E6750BA3AEBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060640Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.088{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\IS.plMD5=693D26CCBDBCAA98BBCFE7927DDF6B29,SHA256=4AA9941C2B33CE50EE22D0DF1A12D42521F4711EA7CFA8ADE1BD25672FFEFCF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060639Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.088{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpOAV.dllMD5=32D965D3173257DE5E2BD5863EABB843,SHA256=8C07CBDCE785BA67910529F55A9A857877E691559ED07634426BA6EE8278B635,IMPHASH=03EE692DE6217827EFB332DB1F358A4Ctruetrue 23542300x800000000000000060638Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.088{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\IN.plMD5=D6A5DF06369E3AB235EAE3EC67EDCE6F,SHA256=81BE1DADAF4DF2D94AADB10BF66242C1A9C423AFC8E59CA9C285F5733C52892F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060637Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.088{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\ID.plMD5=E49B8AAC1BCD15189224DA2D5C20EE96,SHA256=B2B9CE7F6EEE7D06287DF23F26BD3607F53DEF3BCA4C734E806239BF7FCF15A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060636Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.072{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\GL.plMD5=14EE6FA92806CC80E4DA0ABBD643DC70,SHA256=106209EBC1A3ED505C358466F690B58405EC0FFD054CC5A7E24F164BF9D5288F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060635Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.072{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpEvMsg.dllMD5=C82B528CEB56D361F292AE8F907B2C77,SHA256=06DE4F7606D61E202663929441D7D6E60CFB0AE982479BE36C0B5EDEFF98C84A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060634Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.072{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\EX.plMD5=80E7EF46A05240A53066BA3461357357,SHA256=DB25D62DEA2A788114C45958CA0AFEDE34CC59DCA8C8255BB6E6D588AFAA7F11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060633Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.072{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\CM.plMD5=0C372BAB491866A679FB075945F839F5,SHA256=1AFBF8D51D9226EF279B2CB985BCA0771405E87074E533106A5813482683C93F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060632Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.072{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpDlpCmd.exeMD5=B1B5421261A9F0274434156111C7A0FB,SHA256=940FF74E86479C611D36403801F94576E42CE50C7080F4ECF4EF76D518CA3DA5,IMPHASH=73B146117A6C5C4715CD7F3710845C83truetrue 23542300x800000000000000060631Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.072{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\CL.plMD5=41D33BD866DBEEF9C32BF4A77FCACAB1,SHA256=CCD0977B13BD6C5CFCF74709644BA727D56AEC2C58958CB480A195EDD6DB4BE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060630Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.057{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\CJ.plMD5=011A5C23805587F6CEE1A063DF5D40BC,SHA256=AD9DA444144420D002B17E22412584D7F3244C48B0DB4BAC4F20B98486AB9B38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060629Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.057{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpDetoursCopyAccelerator.dllMD5=10BB9EF88771ECD9E3756B04D36F4739,SHA256=9FF6B5C36C317FC4F91481315F9216CDBF1006CE7026FB7A3162720B89123DA7,IMPHASH=F50111F80E604507B2C7408826513BE5truetrue 23542300x800000000000000060628Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.057{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\BB.plMD5=D436D8A2744B078CE06CE93468758D17,SHA256=2AB039D4D775FB1EE5FF3D4E5A9D066C772505F36892626084816B72FE14D7AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060627Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.057{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpDetours.dllMD5=AAD4064B21497E7336FEC522F183DB6A,SHA256=89D85A3DE418F8627D4FF5771BF7AA7F5E01894C9ACDF87980578B0F4910BA4F,IMPHASH=89C33082A62A5A6375336153F8B37410truetrue 23542300x800000000000000060626Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.057{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\BA.plMD5=4204149CB3BCF2DB846D911025560568,SHA256=33207A7A11BBC3BFDF19F91217524829FA79BBCB595C4F30FF7F7A596A696E77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060625Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.057{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpCopyAccelerator.exeMD5=A5ADED1FA195C016AAB89CB253C2073B,SHA256=9DAFA14CE9A36C1CC3B1D9910784657C2E8587365BCA59328B2B23D32B5A9DDF,IMPHASH=2E64BE4FE96382B4D9FDBC155B3FC191truetrue 23542300x800000000000000060624Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.057{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\AL.plMD5=693416A4EA5E73B956736AFB620BB225,SHA256=CFE04E40DBC5367FACD9D8E7148579A418F8D3D911965426896DE9A6A30D956D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060623Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.041{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\AI.plMD5=E0A6C921DBB79A0E8F3E4746D62A52ED,SHA256=7A73084E7C7EF8675D0AD26A3E7387097A6DA9D36BDCD590C73622B6DAEDA492,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060622Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.041{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpCommu.dllMD5=2DAD4ED3FC93427314D0735E63107815,SHA256=A25CA1BEBB54B60A4D5672BDE7BD27A660D83C7E155A8FE6EEA5F02C820B4156,IMPHASH=AD5E342A18927A2111489BCE81EA6EDDtruetrue 23542300x800000000000000060621Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.041{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jt\U.plMD5=C222FBC036B8DBA63942E55EB485CAA0,SHA256=1B7D52C840AE55741420F07B699341DA2085D1DFE3F0E1AE843BA1B6CEAD56F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060620Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.026{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jt\T.plMD5=8AF951ACE16EA91043BE2F8D616DE73D,SHA256=885A248C8509907C7FC7FB4831C8CD353E26EF297D55EE9063AECDDC4609283A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060619Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.026{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpCmdRun.exeMD5=3CCE296373EEC3D26440C30976CFA9F0,SHA256=9A8CD75B33515D8E25E8889AA06DC7FE2402F67762E7CF516AA1DCD790EE41EA,IMPHASH=BFE54B9A9FB809E3964F535FD29E3413truetrue 23542300x800000000000000060618Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.026{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jt\R.plMD5=21BE8A4BD8C4B71B02AF8AA6047F7D23,SHA256=7B21363291A3171A85D3D556D4B1B05FDCB6D67EE1B0729BD3CBCFC2FA5D9DAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060617Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.026{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jt\L.plMD5=10E7A682E190A4604FFC7B7533E2DFF6,SHA256=94FBA59A80A2F4293946659B1384A911CE41AA8FD019FEA1312698E90088F074,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060923Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.980{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\4B06CC29-0000-0000-0000-100000000000-0.binMD5=C1F2937225CED1B8A6BDFAC3796C25C1,SHA256=D985F08DA34FE34EA5441CBCA7FD47FD6941FDF2ADC4732B894E15BBC5B0838B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060922Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.980{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Shrd.plMD5=7330B9EEB1D699E748D972B2C754D4C1,SHA256=671056B7D9354FB1F0C1956211BE853D93FBCD459BA892F670C040D93C0F67F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060921Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.980{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Rohg.plMD5=5750D976C60E262453153152216815A8,SHA256=6A362C8D18F7F7DD348EAD043BAE4B6C86EAE1A003DB52567DB0BFD8667FBBCE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060920Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.980{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\48CC2F57-0000-0000-0000-100000000000-0.binMD5=723D76EC79D0E771FBE24FF9C746A857,SHA256=4DE737A13904133AE5AF425B545B6D315BEA4BDB148D62BE98AEE1EB331E5FF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060919Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.980{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Phlp.plMD5=44D7B371633B71CAE0EE116C405CB943,SHA256=8292D07FFF755A2981F2106E2E4A9B37A7CD3B69BBAF5D5B7CB2CCC1F1911467,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060918Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.965{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Orya.plMD5=781BFA15BD9F81566260CC577F70FDBC,SHA256=3BF2B0E63F21268A45A1A9638025D3535060BFB426C3D86A01A53714387A7B39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060917Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.965{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Nand.plMD5=016050BE3A3149DA2A155652EE2D2082,SHA256=C3425292C7B568FF96CEEFA283CF76D338E74DAD834071A7E0DA29B05C63D8C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060916Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.965{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\41103BDC-0000-0000-0000-100000000000-0.binMD5=161E959688CC117F8E2EABD1596409D9,SHA256=E4F025929C4A721F9F621F483A6553DCDDFAD0F7761ABC4049047D810A5B5B95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060915Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.965{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Mymr.plMD5=39EC642FB4940921EC68F3B8CF28B1B4,SHA256=011A3928E8C4A7FFE605672536FFDD27E5FEDACD1A81B3678EFB36040E00F5D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060914Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Mult.plMD5=CF37CE4AB26B900BE5B768CB88AB8616,SHA256=AD6841AE5196DDF2D31766A118E4B9F71696F4CE1151126BC57EB5D76F16A17B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060913Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.949{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\3CB6EFBD-0000-0000-0000-100000000000-0.binMD5=1D4C805C11D5D62F316FAC2B5CED1006,SHA256=5EB6C2B8A1C365FBADE4B17062E5559B797661CD844ED50E683A3D161C57310E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060912Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Mong.plMD5=06664287EA2678E9E59615173D0C8C68,SHA256=C697169957BB52526A00C97F5572A795F0A8A74DA534F900C371439185A2EB45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060911Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Mlym.plMD5=4B54BF3DE2420CE4353EAF026DB528C5,SHA256=B2E87333102FFD186EBA3E18520760F2D3283E917E608962E28CCAD18C84E8F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060910Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.949{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\39DFE5EA-0000-0000-0000-100000000000-0.binMD5=599971CBA9CC60813683275AE755523D,SHA256=BFFD1353BD8CADE8F3515806163D9989ECF60E12C8D9493E64D5A21B1CEA8022,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060909Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Linb.plMD5=6FB18E4ACB2730883EA277E6A6DFD1E5,SHA256=597A6E54F5F65DFCBEF1596DEDA1A7F5D03522C3BE031B2F0454FE64378A7C10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060908Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.528{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\3056F574-0000-0000-0000-100000000000-0.binMD5=282EC945EEBFC6909DE2E4BF7802E2E4,SHA256=E113891375034ECE263D55509BEF6B8831B4DAA4A3A711D123E80C2E4853F44F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060907Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.528{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Lina.plMD5=DACA571F788A2C7723CD796706ECCA88,SHA256=E041ADC51FA3F69523436DA47678377FDDD2B7DADEF421C1F90B219E64383356,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060906Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.513{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\2F5B0B75-0000-0000-0000-100000000000-0.binMD5=FE7A9642082ABF3A5AF28C81663B5BE8,SHA256=CD352F67358609649546BF7259880FD48B7D52195E2AE52B626015C86980028A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060905Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.513{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Limb.plMD5=A0AC6CE8B68AC6058A2CE34A7BEA15D9,SHA256=288B856FA5537A6EFA185B74FA1F106BB20D6FE72E3CF07B7E1BC9A374F22F1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060904Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.513{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Latn.plMD5=1C65056C72AD87CD7F2DB77C47B9E89A,SHA256=DBD6BC100766F13A4FCC306EF97E07140A0494DC68E85677F0E70F94CABF0BE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060903Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.510{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\28ECA76B-0000-0000-0000-100000000000-0.binMD5=92BC1A04A7DB0722386872FA3565CCC1,SHA256=82DB5C0EC2B60B51ECD716CBAFFDA5EF60F21F51C9BE707570E3BCCEF7F7E043,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060902Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.509{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Lao.plMD5=D135F9A92A0C05ED372A4639FFD194D8,SHA256=F5198C93DB957E521E963503A57280A58E82755B9D68A5F0CBD0225913CCFFF2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060901Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.491{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Lana.plMD5=D0CAEA9535CA8B8A854F1A16F93D3AC8,SHA256=B67687AD16EE49DE4DAA8E164C33850735033549EF0793A6BA6E03D59B54CE0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060900Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.491{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Kthi.plMD5=3AB26343EE3AD393F3DDF14263EAA42A,SHA256=F8AE3A30BDB174AC4419A9D9C82F2EF288494E612AE2523C714C2D19158CE166,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060899Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.491{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\20F281CA-0000-0000-0000-100000000000-0.binMD5=450EFE1902D2D02CAC7713543634714E,SHA256=9E02E84882B9E6E516B028CAC2CD86C169B24ED91B490022AD959B0D58DBF92B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060898Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.475{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Knda.plMD5=A0E766F10E3D0F3D22A71E9082AFC34C,SHA256=BBC67CDC16C4B73831C6F040FC5137DD765DA0DF696878D163599DCBAAC5AD63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060897Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.475{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\1E505DD4-0000-0000-0000-100000000000-0.binMD5=6AC78D081537195085D3541D0418D0A2,SHA256=69C2CC06CDC04B85B6570E14545C64F2BCFB35F8C8633C4BEB873E978B811A21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060896Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.475{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Khoj.plMD5=DB6B6A61895E35E707D1C258085FAEB8,SHA256=BF1D062C77B793C8144C62433AE3C3709E67AC90A3AFA738E3ECAFE3C2C40C06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060895Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.475{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Khmr.plMD5=577725AA91F761450B34EFE299F76509,SHA256=E41057926F3917F9EB86A4A29E60F11476EB642A7269D652FBA9DA4D5B544FC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060894Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.460{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\1ABDD9B3-0000-0000-0000-100000000000-0.binMD5=8CC1D37BAA452800BC42F4988012C9D6,SHA256=684D033C9540AB535D2BC28861006362BD98297DC68892BB7736C1B228D59684,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060893Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.460{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Khar.plMD5=8B9BA86A2221750AB9EB5B42B38BA5B2,SHA256=66488D5ADEB0763895BF6495DA0CEBDDFE9F4A4EE483B39D7B541F61597FFC06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060892Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.444{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Kana.plMD5=88085882A5E0551C08AC63DAE0FA7874,SHA256=200FF9134C8457F833DDD0C89E0C27E179E4E9CAB44D48A8A08A3BC301B7C684,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060891Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.444{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Hmnp.plMD5=A750FB521949ED781E43C82E56BAC182,SHA256=EA593597BA626827C9ED311FF17E245B537CEB1BEDA315665E027A26BE7F52A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060890Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.444{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Hmng.plMD5=A8A4F2F4E9D92A9E5FE3C7D2C40143E0,SHA256=24D714B14EC1D39084E3313A81A1E81684C325C4A1BB9BBB7BD1CDA606A1EAA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060889Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.428{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Hira.plMD5=104B0FB89564CAD667BEE75E809B5D4F,SHA256=E0E01F82349ACD78449E908D274CF131DA69ED5B96D80A200C3122418C2D4468,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060888Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.428{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Hebr.plMD5=96E37F4DBE5F61F35E9BF89488B349B5,SHA256=4BB895D4FF3687F1CE69144C86405AEC2BA1B8A94C06B74F493BC5FB8D3C307A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060887Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.428{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\18AADCEA-0000-0000-0000-100000000000-0.binMD5=3A89A0BD18E5062B20B1F5188B191501,SHA256=70103A46383F67DEE391F9407CF7FCEDC67AE6C83C4AA11315367EC5563AA2F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060886Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.428{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Hang.plMD5=BBB07413D00757849CF7CEC9FE70CDAD,SHA256=E2310B66D9DA032693FF05835CC1D35EBEC5A953BD106030B0CE77CDA467C322,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060885Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.412{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\12B34F14-0000-0000-0000-100000000000-0.binMD5=FB6AF23B50D8668EEEA51F7BFF19717C,SHA256=AD92BAB3B28D0B3C99649F9EFAE15636B91E745DF2E37283AE8FE29936546727,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060884Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.412{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Han.plMD5=823C9736ACDE8C2B2B8ADA16E19F2241,SHA256=133A7E4AF4B1D202796F9E6595C0AC7BC3BBCE698EDDBEB3386FB89B1269634F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060883Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.412{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Guru.plMD5=83A5E63CF764C40CCC32B86B5FF13AFA,SHA256=E0191735C76D333C34718134E64AD6950F218CCD89457A0300DEEE2C38E7AB87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060882Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.412{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Gujr.plMD5=E49B077764DD74799BF2249E779D525B,SHA256=EFD43661533BBABF16CD5618A34247CE94302220D42EF0B09F5D0B91F073ACCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060881Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.411{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Grek.plMD5=B2B16BE8193E8A54B92154629B718950,SHA256=853B2FF385D3BDFDBF5C6B5583965B854DFDD00D95FB0294E168FF51A040C6B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060880Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.390{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Gran.plMD5=291441ADE553F64732CD0B781B8B584C,SHA256=FD662E9B3456F674B56F56925EDF66626E7F55A1507054F99C1F30B300B7C627,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060879Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.390{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\10C99B01-0000-0000-0000-100000000000-0.binMD5=FFE592AF3F2C00FE33FEEED7E329B540,SHA256=19BCDAF282E0B2FF371AF0A8ECF6B0F15B88DE54663831BA21E2D24B7B91EAAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060878Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.390{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Gonm.plMD5=229EEB5B35910D7591FFDE794933872C,SHA256=E1B6DFD98025A86E795E6E2F85BB38EB66BA19EDC37756CA0564FFDB9A8F227C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060877Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.390{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Gong.plMD5=557EC85391ABFB580A4129EA34732111,SHA256=D29910670A32F0C355976B2DD0EE8F9060198AAC056BE0B1A6A17EF7DE0D530A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060876Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.390{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\0ED77DA6-0000-0000-0000-100000000000-0.binMD5=031D12379438525E4DB69197C2B1418E,SHA256=CF298A1CD74A138A61D04347424F399FFAD0CFE44E33AA4BFEADBA8FD66D43E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060875Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.375{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Glag.plMD5=A5E1AD215A99F8FC746E55A258215C8F,SHA256=86EE3A0ABB0AA030D955467369D2CC295CD0EE43BB0F714B32FC54038D017713,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060874Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.375{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Geor.plMD5=E9850F85B821B9A11A1FBB32B42D6B57,SHA256=2E23B50987AF747863F57EAB7F90E67B4A570D1B5B83D350F8ED4400EBCF09D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060873Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.359{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Ethi.plMD5=3843F21DEFA472EFBC05FD8E2DE7AD20,SHA256=4B758BB0D3B89C9EBDCADD62B0EFAC3A5DB00C43140D60A03CE85D5FEC386927,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060872Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.359{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Dupl.plMD5=081B320DF1CCDFDB0C8620FE63864023,SHA256=E9488E9C8D38AC7BCCBD9F85EA1101EACD3E2B82F766FA71F5F99191A5144C6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060871Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.359{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Diak.plMD5=9FFE099D4ABDB8B5755EF5A3740C9DA7,SHA256=90ACAD943289605CD7439E0F6A97BC23E10304886F9EAD7A24F686FBFB3393C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060870Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.343{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\0C308890-0000-0000-0000-100000000000-0.binMD5=17476C3420D4211975B9D8EB96BE2A1C,SHA256=78B3E2BB2258291BE6C828C634B98BEC0F6FAB3CFFF6EC2257FC2BA0369573F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060869Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.343{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Deva.plMD5=C2B594F39957075E7E56396DCA714592,SHA256=0F683843AC0EDCA511837CBA6AD0EB003EFA4B210E64234CAC3A8FF8ED6AB336,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060868Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.343{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Cyrl.plMD5=882451BD084664D1E12F6EF2B54052FC,SHA256=FB1995CD7BF4F810A03C1EE913874D70924701A17D94E312AEFF91652F3A001F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060867Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.328{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\0B0FA0BA-0000-0000-0000-100000000000-0.binMD5=8B6DC308D2921DCB5A9E7ABCEB99F4BD,SHA256=3F8D02754ABC33C538F22A8758F95E35AC0EAA154C0B90A99D3636DC0F027050,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060866Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.328{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Cprt.plMD5=B2FB083E144CA889CDA962B319F707E4,SHA256=267E2ED1DE66B531EC13587E39BD9C0FDE2BDED7F17F1052865C40EBB4B947B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060865Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.328{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Copt.plMD5=E8C7505648992E828BFBE022C4B59107,SHA256=11AEB68FEF714D033A5322E9D2A7E2C9F565F047BA1266C8D8B0F27C50947018,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060864Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.312{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Cham.plMD5=FC3B187E20B527A4CC4B45B4765772C9,SHA256=48C3F072C167EDC52FD972480CBE7E10A0FB9348348E80F241B2FAF7A51CC2E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060863Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.312{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\08A9A161-0000-0000-0000-100000000000-0.binMD5=B632E7A40E029E22ADBB5948A02073DE,SHA256=AE870B4EC58B491273D26A0DAF2EAD36F1388E8A1A068C256509F2053B0455BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060862Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.310{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Cakm.plMD5=6F10E38975AE07CAA6E57E42DA5CC63B,SHA256=1C2D15CB076F45619BD0C8363D6D503758F457889E061D96AD48B8AEECF3C604,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060861Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.306{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\05A2C67C-0000-0000-0000-100000000000-0.binMD5=52D81ED854D8539263A463933AA9238A,SHA256=B783770BCE621CFDA1F22F1C59D53B33A543785DC09601757A6F3D3E2E6CB9EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060860Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.305{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Bopo.plMD5=701A2A9F9A86B0C9DB5277E590F9F3BD,SHA256=37AF7F10E97CE1F5DFEA2BF036ABA3D639685680BB89B99949B1C3F7C899D022,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060859Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.290{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Bhks.plMD5=92839EED3301EE6F1F7701843CFBD69E,SHA256=8753CE464E2C9AC3D6CC37610EB2829C1EFD5405A0E0424E6BD2A29165AC3004,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060858Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.290{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Beng.plMD5=0FAC7E8DD7654337301A2F24DE40C24D,SHA256=94297B2C381065B79736493FFDC84F8C4FDF89AA66BF85C7A38AB8CDECC45627,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060857Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.274{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Armn.plMD5=FEBE57A423CF41DF277335DC20BDF768,SHA256=A4A90A6FE3FC80BA92927AE109B3E24388CD67925D45D4F245792A2164AC7B8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060856Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.259{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Arab.plMD5=EFD4D35E0242548820B6E90ACAB51E7E,SHA256=AC6A96D8B0883631C451B9EEC189866F7AAFB3F297760844CE9587286F34D359,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060855Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.259{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Adlm.plMD5=848385F76ED7011F2992FE092F9BF56E,SHA256=197345E489C188C23B283652C9E921AAD9C877B95DCA6387BB3687114B419423,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060854Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.259{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Zyyy.plMD5=B76D478A695226111D9FBC706C53BD5F,SHA256=8552A6A1CBA3C7EC87A427DEAF967DA40BF8B27682D19B0F155F2327525EA940,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060853Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.243{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Zinh.plMD5=88BA3EE60FB3E7457CC4D5146632D19C,SHA256=2EBB8E035AB5ABEE6BF349D303EE9BB3FA5FFA6DA8946C3E109BEDA7463AAF06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060852Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.243{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Telu.plMD5=57E33D8D88C459A1D476BE8E064D1412,SHA256=537C73F8019DB9C6F877AEA4AFCAA67F5C2D01C7983BF4C6662920C73C3F82F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060851Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.227{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Taml.plMD5=116F14D83615B6813AA3A9F9D65681E7,SHA256=5C166AF0F2CC2CDBB5993F09BA9752734CD80C4654186EEE462DDB2C40B48BE0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060850Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.227{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Syrc.plMD5=FAEC9B8F4EA81F9658A0AB14B310BFCB,SHA256=5225DAE155EEBEFD51C9FCFF6763EFC0BDF5ED271BC4A7CEF6FB11EF6FE969C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060849Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.212{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Sinh.plMD5=C1FC07ACA2A56163DBF4CCA7E7665D46,SHA256=E193AAAC2786274B229D0854837EEAD0D7A7168F3700EF465001BC45FC5E6907,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060848Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.212{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Orya.plMD5=A3CABC8B52E171964F3E36A9B0C2594B,SHA256=7319B030FFD8D2DBA604CCA237D12F9BB368BCF182EF1C3030920C9FE03A20D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060847Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.209{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Mult.plMD5=6F778C87D7F2D04BEE97B05F33C50710,SHA256=C9DBFD081C8B01FCED89722E8E83A7EBC1DAFEE8B745378536F034FB66A52EEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060846Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.190{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Mong.plMD5=CEBEF659E7CE81E305C7282B617068F0,SHA256=2C7F813619AD0C6C5C6567B9CE2F20636CB89C41CED846CC5610550212915650,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060845Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.190{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Mlym.plMD5=FE5E260E46EA28101BE9402A9C1480A8,SHA256=1AEF696CCACF4F621FF8904473B36AFDC47EFA2E76440953D71606F9B56D02FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060844Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.175{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Linb.plMD5=ECB5402356F0292E72B14E867EE03BAB,SHA256=0EB418B09B52341734789338CE5D4E35C25DC150EB6E909BECFAB0CA895B44C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060843Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.175{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\F1\F1B962CF2939030C15C91226D97B9EEB9649A04AMD5=CCE5005C2410A3E11E8FDBA5D42A5D24,SHA256=C3E02C76B3B0484AE3FFB71E45D79F0F5ED3837D44CA4999DDD1D5468DF09358,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060842Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.175{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Limb.plMD5=7D9D8CDC1E3E6B5112A361C74654E15C,SHA256=DCB8FC2FF837F514BF43EFE5AC686EF6AAF9726752D25328B72727714EF71CC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060841Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.175{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\CA\CAC50F6B11D80BE2A0467166E0BA108D07410860MD5=730D5AB503DE35709DE99D7914D1429B,SHA256=2BB256392B538C1365BCA5CAF32E93D4875CCE975B761399EB4E4F98228D6856,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060840Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.175{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\C9\C9C133660468FD1D9905F598F5052DBB01F42EEAMD5=0BFB64C70DFBE45EC596985D0F283E07,SHA256=86EFCED762A03840D63AEC7D9AD2DB12926719A722E1D9A91C74D37FD0C43B10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060839Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.175{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\C7\C70AD53E38BCEC126D90CC89968CE3D4FC05100AMD5=E4A77B50DEA7BBA3710C67CD5D3298E9,SHA256=4C2E11B627AA35B13D91E4B60FE4CAF0FAFFBD933F13DC0E9BBF42CE1974CC50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060838Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.175{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Latn.plMD5=17B886311A87D7622B85B1904CF6894A,SHA256=3F55301ABF2AFF350C962FB3FF0BB7F76097E10BCFA46E21F1F6D97EAB0DD034,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060837Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.175{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\BE\BECD026FFBAA428FA50056A7BA0A990F009175A1MD5=9F4C197E74390A750461FEFC369E6AD0,SHA256=573D69DEC7277A300247A5986E4C5E86277C550180FBAA77D41F72E78F66E92A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060836Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.175{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\AC\ACB1D7CE5E021B164F4FECF38080A056B91F8A25MD5=208DE6EFB2C8E905577DFBB0F7435D10,SHA256=824A954C45FA623747EC78DD66422B904FE8B180A18C37FBE07281157A2DC02D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060835Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.175{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\A4\A4BF3C62D5997AACD71E8754DB2F62B6443C58CAMD5=4D53CF31842ED30320686865DD70577B,SHA256=851B4A2501E587CDDCB4B4ECBE289FA6A270CE82CEEBAC6AFAFF3CE83890E0DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060834Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.175{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Knda.plMD5=A0DFCBBC8C1F0612D9F8CFB9F725EF7B,SHA256=4D2B21A85D58D39AD66922FA32ED739B8F001F1760A9DA47BCBC4F2D3EE3CDDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060833Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.159{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\9B\9B38C71E6E2B3B27351A904AC029F2834E0D25BEMD5=B1E3A09CD3D8E3D561382B94B6CF0F11,SHA256=E9823092435C8A3F676A81EE273CE132655D0B14C8F9D6C89C8B7E4B98840E24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060832Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.159{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\7D\7DF74B418160C15C90B31407CC76BFD757FFBE59MD5=B10F0C3AA065190C66538FD2E3D0903D,SHA256=84720CCBA1EE6DE78E8B6F2402EEFF47C1DD62EDBE0A844C344444468E9278EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060831Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.159{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Kana.plMD5=3B3940B78622E1195EBAD506AFB33A0A,SHA256=5AF56AAF223EC717126FD9DBDFA8578FF2623973795C70677D0490F5053EBDB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060830Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.159{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\6A\6A9287E3C515614D3797D35528011E0754C1EAB5MD5=377661AC5332EB10990B16C0A69B9365,SHA256=D3290FD60DBF75E35F9990535B116576B63C8A1723C44A5BF566F621EA67E979,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060829Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.159{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\56\563338B189DE230AEDF51B69E6D1601FBA40292DMD5=33CF85BB9F127BC00977D08F56E7B114,SHA256=EF27396E3529C199D6836B820B6476F0D72233B2302471099BC80B38231ADA1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060828Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.159{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\52\52FBD0186882E6605124DFB4758D4E3508EEAFF8MD5=536E9DAECF442DE643AEDE99917C4423,SHA256=FB112358F53D6D40C301C83D7A64F90F2F67DB38294B7575ABFFBD28332E75C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060827Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.159{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Hira.plMD5=CD4D190312FB7C65286805C4C760F59C,SHA256=565D05C9C153DD6AFCE70F0E16669E1EF8CACA055A82EB20F77367367AAC8FBD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060826Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.159{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\51\51C8A99C2ED44DE841C49BE026604ED72AA95822MD5=D4CA183D804602EDCFCBD72C46CE01A7,SHA256=5D74C9BBFEEDFE8A22D66C3E65DCE38AA819EE3A89F8CB9688A30F0F559A84CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060825Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.143{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Hang.plMD5=11052C82030197FDC3076BDEE68DD5BB,SHA256=EB95A4F50CFEDA02E79F699DA7586795B5CEA895BC548EA809A0E98F65514CD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060824Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.143{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\39\39A7038115AD1E578B15DD9FCB7772C1A83A898EMD5=CD581A93E42EB5D5C8F44CD2CCD33B47,SHA256=023A563C8C88BEEB4C6CECA3F2440FBF105AEA77F2649473F2F0749B8D752FB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060823Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.143{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\24\24FACE5B5CA39CE04CF462ADD690AC401051AF97MD5=9B2891268BACEAC52602819A4C31DEF2,SHA256=297AE80C6A1B2259A880B59C457EA994B916DF937F047027B4804F68C1DE4BE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060822Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.143{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Han.plMD5=DB4231A490A9F2989885E1CB3029FC31,SHA256=7345E59ECFC94811C21DA693AD515B932BF35EF9B8AFC4D4E5C794FC6DCFE2A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060821Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.143{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\20\20A244C0440ED0B418F454F8A12ED0DE6A8BD6D2MD5=821F9303E3FE9F77F1D1A9C63458EA83,SHA256=4A976636EA6B4E42020A1FC707688E18B7A52B5EE3BCBAE3549E1413CF0EB46B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060820Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.143{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Guru.plMD5=3C86D5E6524297C2AEC41EDF0D3862AD,SHA256=668C5483F5A35A423FEDDB35F191905951005C2B812BBEB1F5CB608F244CAF79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060819Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.128{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\F1\F1B962CF2939030C15C91226D97B9EEB9649A04AMD5=47F08CAAAFF61CC97656D343CF54F184,SHA256=069B47A0AC2458E7A3E65A9782FD82D35CCF9462B7D731BC09F6B90DE30C2897,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060818Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.128{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Gujr.plMD5=EA10F0E6FC9C124E65984A908390FEB2,SHA256=009BE32FE8436DB725A7C84773A3FBE5725BF173E81FF78A58C4B717488777EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060817Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.112{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\CA\CAC50F6B11D80BE2A0467166E0BA108D07410860MD5=D0227BDC57A6C65965038A8BA8FD26CD,SHA256=059F7AE5C295C0963DB2F53C7D0A33C3CA119E9A66A5EA675B127179D83FE4F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060816Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.112{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Grek.plMD5=B841F5A5EC97CBD838CA18DF55FA3592,SHA256=672D583B8A038B9ABA2D20A9CFBB0138112473CF835D3BBA616D56F11E3C0E79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060815Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.112{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Gran.plMD5=53C964CBA20069709CDB228E816C8C1A,SHA256=E84FF29FAF9E5C84DB70C6EDFFA8AADC07486B8A2769982F490A416B284182A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060814Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.112{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\C9\C9C133660468FD1D9905F598F5052DBB01F42EEAMD5=E7CEAD95A779F0A7EE499163C058D9FF,SHA256=14BDAE43B5969FC6053316B1A28F96040F2E4C67A0B41BFC8EE5524271E61061,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060813Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.106{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Gonm.plMD5=49B7B820EDE8483266B8842839B2A2C7,SHA256=899DB77C2CA6EEBF03F29A3CAF0CC4041526D12AE73EB6BDFC36EF53D350F79C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060812Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.090{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\C7\C70AD53E38BCEC126D90CC89968CE3D4FC05100AMD5=9146E32CEA706BA69566E9B1B12DE795,SHA256=5C99B827C9B5E887AEDD3FB9209971B6791CC3287F662FF2B8EAA87799F7A3C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060811Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.090{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Gong.plMD5=385566579EEC65FE7D5AC5753C565F4C,SHA256=494880574D3713D857FC51D46671FDF9641A53AF0948A222ED37ECE9494FA8AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060810Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.090{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Glag.plMD5=AAED2196C0186FE844520106BE4A1367,SHA256=56FE75B48D25F93DD590E2776B2C95E6608958C001559991ABC8DAC60847C63D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060809Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.073{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Geor.plMD5=AD457BADB11CD51CA1D8546404A4A17C,SHA256=7754A7ACACC50A7ECC32EF6FCB5BC59818A9121397A02454A90E4F26AC33BCC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060808Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.073{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Dupl.plMD5=B17A4F7147BD836BF1EE42D3683439D6,SHA256=EBE0A1501D4B2286F7EE55FE482C1093C4FFA047AFD28AFA4BA28548F567AFAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060807Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.073{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Deva.plMD5=4075905CAE02E7EFCA56932722DB19C4,SHA256=6EA55933F141C29FE73293D7B3B58833DAFFA3563CCE78363B0B01F515CFE324,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060806Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.073{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Cyrl.plMD5=C8FAFF436B3DA6DA450F835B1F035B0A,SHA256=21056156521DF855D28D9425CE2232B1B5907FE523AAA2D2CA023AD362E422F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060805Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.057{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Cprt.plMD5=A10BDA3DB3826A2C54BC8604CE034D39,SHA256=46CF88656123F06680BA0D84F18079D579EFCC60FE94AF95A85BE647FEF20EE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060804Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.057{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Beng.plMD5=96B6E20CBE7B51C7B2D3DC866F47F182,SHA256=FB48236413CF0317E6A7C236040943EF5D667FF4179CEA45C8C54F1D165D91EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060803Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.042{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Arab.plMD5=B440837E71E10C78F64474466282A3BA,SHA256=4F1A42DDDCB7202C8414421AA9BC0C154EF12D45523013E21C850C7AFD76BA2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060802Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.042{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\SB\XX.plMD5=9B3544BF071157BD8153934B6CEE399E,SHA256=00558C4DBC790E083ECD370AB69CBEEA3A33976D17A2F57CFC59D9B9FE754AC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060801Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.026{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\SB\UP.plMD5=B56639A7AAE56E4090D1480F83FF5E71,SHA256=0CD8D5714D72E166B710A367F7ACAA4FFBFAB6922C8B9A608BA3F557CA2209B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060800Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.026{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\SB\ST.plMD5=3645EA6656E8A19E7E383F3F4DD96102,SHA256=01565E268DF046483817536686201D895E809F5075047ACD8212FFFCE8E08974,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060799Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.026{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\SB\Sp.plMD5=69341A9F0B1AB5E78F4B6B5848C4F987,SHA256=31436F6765D28CFC412CEA024C516B01E9E09E50C857FC5386CE328F19FE9210,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060798Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.026{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\BE\BECD026FFBAA428FA50056A7BA0A990F009175A1MD5=5886AC9AD32545FBA00411FDF7838958,SHA256=F9293A366BF52F4E1FDAA5A67895CED7AF2E569525EC1E230022EB0DE671017C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060797Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.026{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\SB\SC.plMD5=3E562FAF6835B7DB9CD4943190B81A5B,SHA256=D23C26C6DB6F84A9D8A52717C441D0476A8144A75B1A40D0ED0E960A5FE8BFAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060796Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.010{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\SB\NU.plMD5=F0094A13B14E87F1B2EB81B0FAF153D9,SHA256=82C2E96AFC7E03198E4A7C342E80381131C73BE4B70DC46DAC9DF2D0B8996058,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060795Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.006{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\AC\ACB1D7CE5E021B164F4FECF38080A056B91F8A25MD5=A174E15DD8EBAFA822DDC85C127C3AD4,SHA256=04C7C5A1EEA9D082DF31FC992FAAFA61326B5C683B6A7E8846FCD415004B1F5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060794Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.004{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\SB\LO.plMD5=74A34A7659DA6DBE0E2F62BBD1703E1D,SHA256=47DE58153BD5DF0449AE5F881E313641B60421B7BD9DBE2CDED7AD292364176A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031811Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:38.019{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48B02F9DCEA30158BC8E30B8CFF45E76,SHA256=D376774D73703E30E6C326738E2F8284B89D9C358582826219F80DE4980B48BB,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061332Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.995{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_01.TXT2022-01-20 07:58:55.381 23542300x800000000000000061331Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.995{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_01.txtMD5=E72F32E8CE1981E0B598B1DDB016BAC7,SHA256=4B6469C8BBE107D4302C799E6FF0CABC6606CB50D5FEDEC503916C1A1CF0D8A2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061330Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.995{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\undo.TXT2022-01-20 07:58:55.381 23542300x800000000000000061329Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.995{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\undo.txtMD5=CD5B4708E08C7F34E96DF4FDA1D24285,SHA256=9EA747C33B849328D69A59A0CA85C4FE5AABFD33FF5F6E2CB114AFAC4F9C6E06,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061328Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.979{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\uganda.TXT2022-01-20 07:58:55.381 23542300x800000000000000061327Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.979{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\uganda.txtMD5=A8D87EAAEB761BFA9B33CD57564E871F,SHA256=DB793C305D2AEF8A16F0F475727FDD179DEFF051ED823F8B8DCB859F3B52AD12,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061326Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.979{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\todo.TXT2022-01-20 07:58:55.350 23542300x800000000000000061325Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.979{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\todo.txtMD5=09F94CF8DCF23FE49620A4A708BE2C72,SHA256=07F07907B59589A2F25CB1562F91DD6A6FC97488CCDFF451B9EECB3DCE935B20,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061324Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\tips.TXT2022-01-20 07:58:55.350 23542300x800000000000000061323Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\tips.txtMD5=5E788B4F9343A00EADBD9AA70B099BE4,SHA256=6921D9771FE1D65A355CD7BB8F0FA2E09BC547636BBB8D91A2779F33C7A48228,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061322Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\textprop.TXT2022-01-20 07:58:55.350 23542300x800000000000000061321Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\textprop.txtMD5=E01A46FB2BAB4C23CAE521241BC19ACB,SHA256=A63A561746D51D4CF26F6CAA23FB78904EDEA2C5E2C9B5F1C1BBF66D10C80B72,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061320Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\testing.TXT2022-01-20 07:58:55.350 23542300x800000000000000061319Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\testing.txtMD5=DA0736FBCBA3795BA7399993F4D9EB36,SHA256=3CA7393A667958D6446AB2A247E47D43115F113153E18A4C3B0257C79F141F24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061318Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.964{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{3921BEC2-6984-476A-AF26-1392A85F75D9}MD5=5EE582E54A0A4057FAC10366A4C2F0B5,SHA256=B42FF6E77CB3A3793437F21CF3791FD020B0E70E1F76B23DD28572017546549D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061317Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.964{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{1FC74DDD-5B06-4988-8001-06A18E55FBEB}MD5=09A5C580FECE5D6FEDF549BC68DF837A,SHA256=D4076B63DE80AA2584A3F9934FE67B0FA5F5EBCB9ED2DE3AB38707A5C372DBDC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061316Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.964{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{00DAF446-FFBB-41E6-B3DD-E8D5E3501FD3}MD5=2FA2A190B575699D4D1517E81961587D,SHA256=254B5F8DF675363C74D4AE0F4BA1BA60C845321001D4BCE80F1B3C729CF326C5,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061315Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\terminal.TXT2022-01-20 07:58:55.350 23542300x800000000000000061314Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\terminal.txtMD5=10CAC9E20C949144E08BA821285A352A,SHA256=A2BE4710C269ABCC356BA4142C30282EEC58BAA22D11191432F9B1F1AC5CE5F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061313Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.948{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\19\0MD5=2EBE5612C8CFD24E012D8B806A1C0931,SHA256=BD978BBDA7EA78A7A20B423B590106520A66EFBB8A8C8A429FE804454455C4D6,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061312Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.948{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\term.TXT2022-01-20 07:58:55.350 23542300x800000000000000061311Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.948{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\term.txtMD5=959F98E9B08B7316D1696732153AAF9D,SHA256=698ADBB11613AFA90A417139B044B892B669BD8F6A21416EE117F19457453706,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061310Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.948{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\tagsrch.TXT2022-01-20 07:58:55.350 23542300x800000000000000061309Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.948{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\tagsrch.txtMD5=E38739B043664E84B4C8D7D50771B06D,SHA256=1E9B4D7AEC7353793A8F57214A4D54DA1C5D4F1897302AC3A5BDB6E5153905C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061308Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.948{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\302MD5=90F573623909E39E48BD63FC72CAF669,SHA256=AEC35ABC5E7EFC2F6EB3343F50DFD40F35CE5AF98BF76A81D998F035961AAF59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061307Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.948{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\109006MD5=BC10672245CA9A2F297E6FAB16FC62B2,SHA256=D2B8F5062C8431FD5DBE1753F3103988EDE5497CB7C0CDE6FE60AC247C0EFBA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061306Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.948{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\109003MD5=118873FADB3A029F44F52298201D1F8C,SHA256=A8EED11DD73F3C1363CD18875CDE2F2F8D9BF0F4CD65F8FC057C05E33941E6DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061305Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.948{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\100018MD5=61CE26554E9320B4A651D7CDF7740888,SHA256=A033508F1EC35E3DF0860E4199984B6AF832CD8028AD086FB3FF638732388C62,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061304Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.948{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\tabpage.TXT2022-01-20 07:58:55.334 23542300x800000000000000061303Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.948{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\tabpage.txtMD5=7502868695A265AA86CC3294482606E8,SHA256=3C4AA049C123C15927FC0D326051958787999BB12E85FA6D711EAF44903C30A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061302Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.948{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\344MD5=07B79F845A85BECC430568BD90A162DB,SHA256=3B962290993FE9647F1E0F9B8F88D71ADE23AC63170548FAFE289876D7EB275A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061301Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\100017MD5=672AB2F8A70BE01454A94BAF672AAA00,SHA256=470CA8D591CF59B7C8322A34107DAE9F6CFA55E2356542954149E078BB0EFE4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061300Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\100002MD5=ED2A469E5735352F75B3A541E74C32DB,SHA256=75B66F69DBD55DE68D2EBC90E021907A816116126557F5963DB101E6DA733F53,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061299Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\syntax.TXT2022-01-20 07:58:55.319 23542300x800000000000000061298Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\syntax.txtMD5=63A405F3A570B0402502CB69389641EF,SHA256=E243572F2DC4FD54843B30A37A653CB2F4A33E2E6ED5DB229D1DA97756A2B0DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061297Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\346MD5=F5E527AA2DE972296D29C71997925F2A,SHA256=84A1C46CA8E9A7218E7818D2D82BD4988C465580416F13CEF0813442CC4C3DEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061296Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328MD5=1D38BEC53FA65F59BABAA71B28ADBA1A,SHA256=91D5480931744D4492F591547E28C6827B59B70D08532880933A6A0164A17019,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061295Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\15038MD5=F669E0ACE06BC66A998B1D0DB7A329BA,SHA256=216A5C4D5D5DE0CEE76F2EC7329BF8E4F4D11362C15406175AAD4B61C0B9B25F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061294Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\12284MD5=B4C82B94E721FF8CFCDCDCA7C8CACA25,SHA256=EECED287EC165D01280790CF16C657412C6758D323E1FD799199F209DD3B26BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061293Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\109002MD5=32E8597C4F5E548E2B6A4A63F93E7051,SHA256=9878E68329E6CB5662D964EDD4ADCD6BDFA8DBF0D1079FBF6E4E9032254C77DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061292Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002MD5=D5848F2D0AAFC7E321D617686F80978F,SHA256=F42E30B8A4CDE9468E0653F3D9FFD289B2F962B5381EBFFA420932377ECB182A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061291Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001MD5=D41F8E7B0B984E4B40193B9BD3D8E2CA,SHA256=982D4F437B9B9A4C831973A76C443572F51F84FF7DED6F40FE5CA4705E1F0C7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061290Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\345MD5=E2E73B82DEC60F1781376D30135018AF,SHA256=3AE1B79500D69F7CF5304F98063A2538ED0A7E0A06E592F913D53BD00CED5BB9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061289Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\starting.TXT2022-01-20 07:58:55.319 23542300x800000000000000061288Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300MD5=51AF86ED72E1ED7CD1C070892FA43DCC,SHA256=81C416C0F0D4C66EF29D76CC93A7FE3556721530E610F1CC41D837B7B1DE9772,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061287Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\starting.txtMD5=483940AB330BEF3FCF1A3729A47DE713,SHA256=CCB6306D5D154FB32B7B784A8ECA5E2F8AE25E1354202DD93AA5A217A376F6E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061286Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\109001MD5=10803D5BE5C23DA7F643E97851156F34,SHA256=91F47FDCDE35212F9F223AF25A8054D1384A3514D2096E798CD920EF4E87295E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061285Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\16\15045MD5=4A0DE36E40FB87A6C0FB87A9395AD51F,SHA256=0725BCC3A7AEA82B8EFBC7443EE96BD484C3297F1B38241D82FFD7F9AA048F10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061284Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\16\15037MD5=44C676194CBB78FDE340ED6559A5570B,SHA256=25829D3F6FF56CF1E7838755FD195019E2B5F9EF52868646D4E3D24981BA4CAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061283Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\16\12285MD5=293F2A6D6C3A660BC49CAFA53B8D5275,SHA256=A6ABA3142539630F26232A6305670351F887B9EE3AEB7A4D5DBCB168012D686B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061282Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\sponsor.TXT2022-01-20 07:58:55.319 23542300x800000000000000061281Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\321MD5=39E6A7151A573919D7681604B1BADAAA,SHA256=2D9770E8B229ADD006D35AF894D4FE8B638E97B306A829BD1E4C9CE0521B8768,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061280Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\sponsor.txtMD5=67742DFA7388A5FD22DF9AE9A7BA48B2,SHA256=DBE4B61964457D31A179F66C7BCD4E46E5C32E4D7B02D5D2D0BED92757D4DBBA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061279Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\292MD5=BCDB03073F16F99C69BBC0B66A262BC1,SHA256=274E7ACFE6FB43573C208F9C9103FBE3DEA60FD0305B8BEA0D1BE02F6435D850,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061278Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288MD5=F254D377F48D053B2D081FCF0FD501F8,SHA256=3438FDE9090E9432BE3E663C0D653ABF84E6EFCA2CC7DBDDC5D00B805B8EF0BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061277Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664MD5=2C7BCF428969FD3B9C701BFC9FE82105,SHA256=2BAAA1510A78BDB430DF7AAECEF2469443E778A67FBAF7EB77806D9822ED0F3F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061276Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\spell.TXT2022-01-20 07:58:55.303 23542300x800000000000000061275Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\spell.txtMD5=05D597256F9B706463D860F1DFE67836,SHA256=9A37784D5EFB8D8629FD4B6E4FEE6B54F159398D3B92BF759B59D9A1437019A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061274Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\15039MD5=AC0BE5C3D31DD452CBAEC78C7BB642A9,SHA256=6780A3DB79E390692ADA6D4E213F3F3782E450358D1BEE5FD1B3B2D2008467CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061273Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\12282MD5=F86FD3CC40CC7735BAC118EF3B8C6A6F,SHA256=15FBE292A250870D430824B91C2D5DC6A96B6CC3D73998D6B3DACCBE4F8D069C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061272Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\291MD5=53551488BB63737AEFED80D0C32B2E8D,SHA256=9056C8EAF3FEF4DD384683D70C143F1EEA31701C5E6FF8EF25C8300601939A32,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061271Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\sign.TXT2022-01-20 07:58:55.303 23542300x800000000000000061270Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\sign.txtMD5=B8069681B66B3D9FB2306C6E6639339E,SHA256=24BC05347FA820B7B66522DC1EC6A03181683D363995EAC0924494E33785710C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061269Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200MD5=3717CE1E5090B2FF0CFE0D57E75CD470,SHA256=0579B24D3F454266EC583DA6A182A3D3B91E88CB1AD6DDC78FA6B845891ACECD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061268Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\15040MD5=0746F0DB45C45A93EC7AB35FEDFB263D,SHA256=394343E2562C701DC4A31FD4A5C4033FFF9EFB59C432C1AAA24BDB418672CE8A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061267Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\1252MD5=770D8A5EA5F3ED6C3875C86CA4DB2D2C,SHA256=737E43D2AEB469EB0D12EA12662F7CE2A09A004E6B3C73F40F7DB2724212E564,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061266Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\108033MD5=3FF638E2C8D00939385D6F655A0F32B8,SHA256=86F5DF81840855D5516BAEC79CEAEFD0B20F13EF0B71EFD1436FC5BE59AD7D62,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061265Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\scroll.TXT2022-01-20 07:58:55.303 23542300x800000000000000061264Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\scroll.txtMD5=E9A3144909A7CD3D34FEA5B58A094BA8,SHA256=62E9C5AFE2362FC6FC7C1C88B97A85B809A1EB20821969D45C04DEDC3D5B1231,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061263Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\340MD5=7785DB01F5ABDB557CBDCDB700994965,SHA256=11D8E5067866B488616EE4FF45BEDCBD1D21AD5AE9377CC5BA5EE28A1EA9CF04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061262Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197MD5=BDF15DB819924925B3B87DB549AF0F09,SHA256=169C208C56C0CC9DB0DDA51CFCA71D3C1EB687B481B909DCF6C60B4EB940A6F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061261Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.916{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238MD5=0FF37E516CAE0DDBE09B4CAF45CD48D7,SHA256=E4C5064E8ACF5CC2C2784F62B1D8FE4EB7CA2DB7B723E9A528277188B38C2D81,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061260Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.916{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\russian.TXT2022-01-20 07:58:55.303 23542300x800000000000000061259Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.916{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\russian.txtMD5=E072D4C8D7A8E68D420A9F7C7E83CE22,SHA256=1AAE490E11F6FF0F185C3FA173DFF496989DBE46E1699D10D3D8619E2E134E0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061258Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.914{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\08\322MD5=1EFCF75FEFD2AB47F27C9BED56EC2E42,SHA256=F3F6B602E568F3456EE125DF5092599C5B85E5EB0D7C4A59EF924B2E73DB7554,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061257Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.913{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\08\15004MD5=37232B00AF50013FBACC090B86031B4D,SHA256=F209BBB78933E5AAD76469A8D9450F4C3E72A4B0AE26F1E3A9AD1177ED3A51C2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061256Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.912{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\rileft.TXT2022-01-20 07:58:55.303 23542300x800000000000000061255Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.912{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\rileft.txtMD5=A1E710081A83551953064E2441A555F5,SHA256=F0BD4264746D1CC7B1307302DDF5DBEFF244C28371E5C694A7265FA09FBA9E7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061254Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.911{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\290MD5=64E981EC317D55DE43B17921C9829F0E,SHA256=CE674CC40253F648EA11DE62F4976FFF83B94F0ABD72C16642D15FB1310C2E96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061253Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\15010MD5=5682ED85D2797ED434C56E9B83DD121F,SHA256=80477EF5CD527E09F888A05BB7CF989737F13A222628DC9FCDEE9F0E8328F5B3,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061252Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\repeat.TXT2022-01-20 07:58:55.303 23542300x800000000000000061251Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\repeat.txtMD5=A7D249882FCF67F87241476586FABE4B,SHA256=92D2DBA9B9B2C16FA0978FFFAAE695EBF798503D16C20FB71A7FB13850C345A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061250Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\341MD5=D74E07991A7C763EBBBCBBCECD5CCDC2,SHA256=B59F95BB39AF71BD1820EFFA41671B3925ADB8968DFABDE7ADA79FC69CBC1041,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061249Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\334MD5=91E44A17A0CFC5136A26C6CA8F264C6B,SHA256=F2801081C1CD07C2EA074216323BBD2681145C1E23259BE518F7F1973CC03790,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061248Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317MD5=3480B84B3A51825C6AB4539D03F3C140,SHA256=4F40C8091DB9A146902EB8E6EB2AC3C562AE0A8C7508992BEFA12E8D53477A5B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061247Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\remote.TXT2022-01-20 07:58:55.303 23542300x800000000000000061246Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\remote.txtMD5=F044E2D210C48D2F6B40E08DC68BA2D2,SHA256=38637F5D8D254C8EBEEDB509ECE57911B44750C9ADE6276DBE8957B8F22DE5C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061245Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199MD5=88784E5465584EC0A02E4B4E4ED810E6,SHA256=7193A9901A2A33D9B8E77C9EF9CBCC4E90213A12DF863D682CF8FD62EB5DA377,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061244Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\100013MD5=57E8E054E1C769660E53B799C22EB386,SHA256=4AAE77861A3F9AFDDA49486BDA06D789700B256F065C5AAA4061ADFEE7B92641,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061243Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\recover.TXT2022-01-20 07:58:55.288 23542300x800000000000000061242Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\12283MD5=8D7EEB459DBA21173CA2AA58294190D0,SHA256=BCB8E49FA693401FB5661DB0DD61BBDD37D62147C901E0EF52FD5F1CCFF8B0ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061241Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\recover.txtMD5=7F5898F82E5C07D67F0DE99F80A0CF21,SHA256=EE0F97829B7FCF7BC3746629EF29A46967223CAC124F8C23CCC8685827C50E57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061240Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\109005MD5=348BF11C5F128010B95672BF25F273BC,SHA256=0C5213798D66091F08951B1E177FCC8487DF06384691CE052F05703DF983BA17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061239Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\13687MD5=2B120176A2E0ED2C4FA2AED0EE6A736C,SHA256=BACA86585B54B23AC17C016ECF2E6FA577AFE6A2D65112EBC0A4E1ABBB783F91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061238Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\109004MD5=FB9D99945A27FF0655D2A30BCFE4BBB7,SHA256=03681FD797E20593A9236C6553AF57866E33D00FD9D671A0CDC3F9CD816DA600,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061237Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\quotes.TXT2022-01-20 07:58:55.288 23542300x800000000000000061236Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\quotes.txtMD5=A562C125685D569AA21C1A111E76C2EC,SHA256=B0F72AC929FCC848D410CB1A5E5BEA0D4D08DC6EED43F6982EF836C1433DDBB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061235Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\289MD5=348D7AFF7D21C141C507DF0D0B17F950,SHA256=58EE8A3E0FB5A338F1C063E15EC6BDDDF7A61CE939C8F4B2D9C540C3A0A17AAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061234Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198MD5=6769810EA4D8E982F6012C78C8873DAD,SHA256=AA5DF73065752CA642154E120CA89B8EF41C8356DBCE32EFFA08C71A215311C9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061233Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.880{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\quickref.TXT2022-01-20 07:58:55.288 23542300x800000000000000061232Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.880{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\FFD2CF5B-0000-0000-0000-100000000000-0.binMD5=8BF911C6F9624434F7B10FD278BC76D3,SHA256=DF68EBBEC7591F31152AAC6534536A8C4A467BFBDAC619F9329E2E381F72A8FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061231Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.880{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\quickref.txtMD5=C4465389DF9BA29E44FF466F197D4F58,SHA256=69EECC231B5CF2ACCFA70C68AF03D3F2218AB52DE17E800564E252AD50277AA3,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061230Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.880{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\quickfix.TXT2022-01-20 07:58:55.288 23542300x800000000000000061229Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.880{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\quickfix.txtMD5=87CFBD7ED35275EF2D1F32D25D80EAF6,SHA256=C85C685F8694D729CDAF777F1640410F0D9B68A5B2DD07E24B0F87C98C2F0F2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061228Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.880{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\FB5879AF-0000-0000-0000-100000000000-0.binMD5=FFA707221797469CDC9D3052C6C5F6EE,SHA256=7F0DF77B3E797AEC98D97524C7195532AC097D60791B8B50C3B38AB92AD64281,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061227Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.864{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\print.TXT2022-01-20 07:58:55.288 23542300x800000000000000061226Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.864{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\print.txtMD5=896D1D20A0908FCF79D6126CD2A0C2FE,SHA256=152C7A765023E04996907327E007950AB4E3AF8BC0EA6D8B8AA9C6746C0FD530,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061225Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.864{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\F687CA44-0000-0000-0000-100000000000-0.binMD5=939B68C4B69FB04DA80943DF9DFBF3D6,SHA256=EA24F21DF45F839FF64EA6FA62FC4FBCEB34BD44F554F38F4E0433EAD71F0D3F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061224Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.864{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\popup.TXT2022-01-20 07:58:55.288 23542300x800000000000000061223Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.864{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\popup.txtMD5=AA409C5F87E5FD41CBE951091E88702C,SHA256=FB73AAE2B64EFB21469E08A557B27F7A937882E82BA713DA1DF155EDD7E2757B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061222Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.864{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_zip.TXT2022-01-20 07:58:55.272 23542300x800000000000000061221Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.864{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_zip.txtMD5=09484B799D8897D4CA38ED554E441182,SHA256=2B33DB440C630E899B5E8E12C7FEEFE273068A7E711634866AF788D01E78EC4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061220Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.864{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\E4449258-0000-0000-0000-100000000000-0.binMD5=BE1E3E44A2C3408789AB0D961992A454,SHA256=FA52A17E648F416B821C6C3904A1FD26CB2C2978AF39695BD40D9B1ED90C4E75,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061219Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.848{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_vimball.TXT2022-01-20 07:58:55.272 23542300x800000000000000061218Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.848{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_vimball.txtMD5=AF88B16CF7DE7F4C2CAAAD625820516E,SHA256=04C4D5B2EE8BCE5A079EE6EA211059AC36272995E80C6A46F2FD27778B11028E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061217Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.848{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_tar.TXT2022-01-20 07:58:55.272 23542300x800000000000000061216Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.848{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_tar.txtMD5=D98B48DD879C57EF72F00046FEE3D781,SHA256=AAA88039BD4C3ED5B90F1ACA4BFCD2EA5FE19B49E86E809E28BCD05D968B3725,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061215Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.848{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_spec.TXT2022-01-20 07:58:55.272 23542300x800000000000000061214Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.848{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_spec.txtMD5=EB8AD3817587E4B395291521A0C34C2C,SHA256=2505E738652C76B6EB346EE89EE171767209BFCD07556F0DFA3E4DF0FE49B8E9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061213Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.848{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_paren.TXT2022-01-20 07:58:55.272 23542300x800000000000000061212Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.848{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_paren.txtMD5=0050F6A796CC6FF99FEEC5C7E505B09F,SHA256=68EB516A8285D29842FAFF69A7DEBABD496CD57BD60985C8ECD07D35A2714965,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061211Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.848{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_netrw.TXT2022-01-20 07:58:55.272 23542300x800000000000000061210Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.848{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_netrw.txtMD5=597AF412DF7372D2DB11A73C35855523,SHA256=4B7E0708161228BCF3B4CD81585DFCB03A56BA769898F1D9107593956CA71AE4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061209Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.833{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_logipat.TXT2022-01-20 07:58:55.272 23542300x800000000000000061208Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.833{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_logipat.txtMD5=CAE249B4F963A822F3A8EF891D48B17C,SHA256=1D7162803B56F55988196C26E73222D94EC9C68F37BEA751158EAE770949E6EE,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061207Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.833{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_gzip.TXT2022-01-20 07:58:55.256 23542300x800000000000000061206Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.833{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_gzip.txtMD5=C35C6B94763DDD50B3B490EDF8C9E4F9,SHA256=04A74C6380D77EB9CEB67145A0A2925BE37984A98E94977839492104D18F6C02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061205Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.833{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\E353614F-0000-0000-0000-100000000000-0.binMD5=3B277116853189FAB48A42F97B995573,SHA256=6C371C06068953630603A20013CA1F13B5FAC8C76CCA48F4DE76D89D9B37B6E5,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061204Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.817{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_getscript.TXT2022-01-20 07:58:55.256 23542300x800000000000000061203Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.817{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_getscript.txtMD5=791C1E899F44233EEFC97E5ABFF2E387,SHA256=C530BF8CA7D598B0B8CFF1E45772454B51B6121679457D23930DDBD64B6C9427,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061202Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.817{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pattern.TXT2022-01-20 07:58:55.256 23542300x800000000000000061201Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.817{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pattern.txtMD5=FD24647F7B6225CDDDA1D2DB1D8B0E62,SHA256=792707A276DBB811846824B40C993383B143C4FFAA2859FF45750F9ED5AF6B75,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061200Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.817{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_win32.TXT2022-01-20 07:58:55.256 23542300x800000000000000061199Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.817{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_win32.txtMD5=633BF64C2531307E2D474B904E398F61,SHA256=AB771F819D8B1D5E7BBCD90FA12CC0687933B13E3BFA20994A9BC082ED148C34,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061198Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.817{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_vms.TXT2022-01-20 07:58:55.241 23542300x800000000000000061197Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.817{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_vms.txtMD5=6C1B40A3D3A5B18E5A7D96C0879F3E20,SHA256=8777AB7DB4115962D1E4175EBAA547A0BE96814129A4C6AA78084FEA32A3928A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061196Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.817{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_unix.TXT2022-01-20 07:58:55.241 23542300x800000000000000061195Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.817{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_unix.txtMD5=E29DF88DE7323CDC896EC4C9239B7B54,SHA256=3DCC2540697D0204796EB3BD861F69DC83AE05984E09C6B8387498A82F121C4E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061194Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.814{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_risc.TXT2022-01-20 07:58:55.241 23542300x800000000000000061193Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.813{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_risc.txtMD5=2D447C1661603F15D1A3DC6E03D8EE02,SHA256=9EFFE8622A201D442B762C0601550141E0F79B7C2CD3DB42B784D55AF9816D32,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061192Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_qnx.TXT2022-01-20 07:58:55.241 23542300x800000000000000061191Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_qnx.txtMD5=CE98B178B630368969D62EA969EE6053,SHA256=A1CD74B5D44EAF6E761587712A867EAEEC685DA91C89AD4769A4DF22043C8284,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061190Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.795{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\DFD6B7A8-0000-0000-0000-100000000000-0.binMD5=122920411F5741E544CD8D2F5DD85ACE,SHA256=C5C0BAD7F32226135C547FA39689D9E747CAF8075FE76BFCCB72D80657A221D3,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061189Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_os2.TXT2022-01-20 07:58:55.241 23542300x800000000000000061188Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_os2.txtMD5=DB84E26B3ECD440D79EBD914D2EAE492,SHA256=C5154CBC87D24BC72EA9D58373BAB4F836DC75C6140A036CD5ADEE07BC366998,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061187Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_msdos.TXT2022-01-20 07:58:55.241 23542300x800000000000000061186Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_msdos.txtMD5=9BD6F854C7D07BEE35F08F76B03472DC,SHA256=507113C43D0A98C1EC9A931299F2D87505BF137A4EAC6D5FE3C6A6F066089A06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061185Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.795{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\DD52F587-0000-0000-0000-100000000000-0.binMD5=45FE56E50C4873491C4FE85C8CBCA4AC,SHA256=BC1F50DDE26F72239F1EBFFECF96C26E05AC1C59D04F385E9E05FE76739F6174,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061184Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_mint.TXT2022-01-20 07:58:55.241 23542300x800000000000000061183Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_mint.txtMD5=77E67E46813207214ED601D8D3CA1153,SHA256=6725DC8DDB3C8CF922F0038A0C972E584732EFDBA477A4DBE649E8380CBCADCD,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061182Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_mac.TXT2022-01-20 07:58:55.241 23542300x800000000000000061181Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_mac.txtMD5=FA2BE991EA475430CEBDE78C0B0881BA,SHA256=CD32F2823FD1A4E1E4F23E81F20FF14A17BB072157CCDB9E166BF48D6C353A6C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061180Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_haiku.TXT2022-01-20 07:58:55.225 23542300x800000000000000061179Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_haiku.txtMD5=14B424975340C4A2367AA34BF2ADCDF0,SHA256=C04DB46469DC638671051EE0BF16E9C420624C69F3D984AD236F22F9955DEE56,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061178Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_dos.TXT2022-01-20 07:58:55.225 23542300x800000000000000061177Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_dos.txtMD5=CADBA3369F06C28EAA4E8B8CE6A18E1D,SHA256=69D0A1B75C2FFD1756F2BCFB972AC1DBEC134680EA7FBC70A13AE511D0C52E58,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061176Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_beos.TXT2022-01-20 07:58:55.225 23542300x800000000000000061175Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_beos.txtMD5=89DB4598F2A0BE0697A20BB79B292EC2,SHA256=079B9459A30AFF9AF24BCBB4B0DA1B19A68C3113A85DA3438B7289C6057791B0,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061174Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_amiga.TXT2022-01-20 07:58:55.225 23542300x800000000000000061173Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_amiga.txtMD5=1646AF41BFF31519AC85820B649E0C28,SHA256=7BEB5B685A366814121921CB0B3148DC7103D1FBF0B4E16A7AC5AA4D1CB699E4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061172Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.764{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_390.TXT2022-01-20 07:58:55.225 23542300x800000000000000061171Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.764{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_390.txtMD5=4E956400283C77CF8B5FC835AD4CCEEA,SHA256=79B4878E40C4C44F6FCF8C916CB54866C731DF91F75FBB56C5A412E5CFD3DCE4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061170Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.764{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\options.TXT2022-01-20 07:58:55.209 23542300x800000000000000061169Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.764{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\options.txtMD5=546AA450F1C1971A0928305A665B2AB7,SHA256=607968E404509AE1421F3460B996915FD2228EEBCEE65E9ED0735E8CB16EAEE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061168Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.764{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\DB19BC7D-0000-0000-0000-100000000000-0.binMD5=89D9E269125685BAE4F3D8C8427AA87E,SHA256=A631053F69DA0B2AB3E548B0D16209B63684DCF283329028D3868C4BECA32B8D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061167Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.748{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\netbeans.TXT2022-01-20 07:58:55.194 23542300x800000000000000061166Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.748{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\netbeans.txtMD5=3CFB1E820FD8C39AEDBC5E49EC4EAEC6,SHA256=5CE56C7AC3BD7AB4473471B04DA43CC244CAB01B7B822CE54C8B1A64E9AD1860,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061165Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.748{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\D83DD2BA-0000-0000-0000-100000000000-0.binMD5=C8B2C8A4B1452184993180E1CFDF316B,SHA256=804B4603736006977B64DCD5D59162AF8507970327E6B4B2A8FBC267C2857989,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061164Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.748{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\motion.TXT2022-01-20 07:58:55.194 23542300x800000000000000061163Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.748{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\motion.txtMD5=97F61CB51342961609343447BC636873,SHA256=D207972FA54E7C8CAC7243843E2C65A563737907F30E8A85A3B70275BC8F1647,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061162Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.733{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\mlang.TXT2022-01-20 07:58:55.194 23542300x800000000000000061161Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.733{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\mlang.txtMD5=5106BE1D3FC95899B4A16C69B585C3DE,SHA256=2437F50EFA1C1C3D843B184284E72AE0FCDFDAB8F5C963F9C79B117232FEBA18,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061160Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.733{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\message.TXT2022-01-20 07:58:55.194 23542300x800000000000000061159Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.733{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\message.txtMD5=E211650B339D26B7A2B4CBF0FE062E88,SHA256=4E28DDCD2183D8EA469B8DEDBA03C8E1835846A5A0B8BDDA05CE4B508D2B7687,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061158Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.733{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\mbyte.TXT2022-01-20 07:58:55.194 23542300x800000000000000061157Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.733{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\mbyte.txtMD5=02959DF209CFEA182F7F7CBF54A36534,SHA256=66315702636A5244CAFB666CEEF8461C456C828617D58E2D65BCD5394CAACE05,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061156Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.733{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\map.TXT2022-01-20 07:58:55.178 23542300x800000000000000061155Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.733{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\map.txtMD5=FBD91415B0D9D63231DFCC692DA1F698,SHA256=42371C4F5181D1A59662C425912CDDD235F393146E9CB51166DEDFF19067D407,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061154Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.717{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\intro.TXT2022-01-20 07:58:55.178 23542300x800000000000000061153Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.717{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\intro.txtMD5=1B85973C54F03C511BC5182463B19FF5,SHA256=13843CC1E737ADD1D95085A73C33F476D829EF7CE85E18838417FE55A1474266,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061152Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.717{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\insert.TXT2022-01-20 07:58:55.178 23542300x800000000000000061151Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.717{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\insert.txtMD5=CD41FA289395D738C52D76679D97BC33,SHA256=28C538FBD61495FEF1D3D10937E02A3079E1C9B071A4A382E3FC80B2B7530D68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061150Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.717{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\D370F6FF-0000-0000-0000-100000000000-0.binMD5=326011A3813C232168EF55D131EC204E,SHA256=A1F0641A1F6F1FE9632265E767797D9B98487F8A2BD56E343DC21A04BD02E956,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061149Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.717{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\index.TXT2022-01-20 07:58:55.178 23542300x800000000000000061148Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.717{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\index.txtMD5=8DE1DD932139680B9056AB36469D63E7,SHA256=0816F39B07630CBABAC8101B2543ED0B16A02C7D1318EA8ACE4A5E638422D184,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061147Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.712{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\D2186144-0000-0000-0000-100000000000-0.binMD5=B34173C82B8BD085831EB155455E0817,SHA256=CE7D63B8B352E17E760F6DA8CC3BB7D920B1EEB6188F071E4F7C19743BF4113F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061146Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\indent.TXT2022-01-20 07:58:55.178 23542300x800000000000000061145Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\indent.txtMD5=4AB73362FCF4DD81682D7EC2DE31AC14,SHA256=0D0229F611F1E962A0784749B88C280BE2E6259414A7F867A7641EC9B6B6F5C9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061144Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_tcl.TXT2022-01-20 07:58:55.178 23542300x800000000000000061143Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_tcl.txtMD5=2DB63FA00C0B8DD67DCCDEC95FBA7192,SHA256=7AFB0EB1F8239EBE0DE994696681A107B6E188004CCA33B309DECE58AE11FA2F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061142Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_sniff.TXT2022-01-20 07:58:55.163 23542300x800000000000000061141Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_sniff.txtMD5=9B66279BC6F6BBA4BD409699D902EEBD,SHA256=F1B5D61E160DCC30B5AE6850C8D07C35BB70BA6A27DAD0AEDA0F49D48BA182E8,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061140Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_ruby.TXT2022-01-20 07:58:55.163 23542300x800000000000000061139Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_ruby.txtMD5=61A3965F275EEDB44379C0A5DD4473AA,SHA256=4B69AB05CD833736C61E176E8FC58704BF4EE59CC37F29E30A71CA3BF78701F4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061138Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.680{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_pyth.TXT2022-01-20 07:58:55.163 23542300x800000000000000061137Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.680{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_pyth.txtMD5=2AB44B4B86DB6695C0D090D2484A4E77,SHA256=4C36602F5A2AAE0C9BDA4B6CB144FCBD0FF2E6C5103BD381FBB30953539FFF2C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061136Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.680{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_perl.TXT2022-01-20 07:58:55.163 23542300x800000000000000061135Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.680{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_perl.txtMD5=C6125C64DB5F343F96BBC3B552CA27AC,SHA256=8E511000CDBECBC9DE9826CF35B1DF79E9F7D76425CA4A80D67499514B8D9810,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061134Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.680{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_ole.TXT2022-01-20 07:58:55.163 23542300x800000000000000061133Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.680{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_ole.txtMD5=F299C4A197BE0A06D3D5237FF93B73E6,SHA256=8A7941F6C180CEDFC3E2D48DB76DF0A31F96820F229B4C6011F42D6E3B987E59,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061132Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_mzsch.TXT2022-01-20 07:58:55.163 23542300x800000000000000061131Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_mzsch.txtMD5=5006759F7A0F3E11A58F30F5B8076EC1,SHA256=847F40FE90A21016771369DCEDB7842E30CFD0494A7FA626DE1DF2ABBDD26067,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061130Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_lua.TXT2022-01-20 07:58:55.163 23542300x800000000000000061129Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_lua.txtMD5=1190CD8DE1CCA13DBF1DD91E2FDCD179,SHA256=BB33A77989AE2723F465B2BA1459639D4DF2F26C1122750DBA4321CAD55D8A23,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061128Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_cscop.TXT2022-01-20 07:58:55.163 23542300x800000000000000061127Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_cscop.txtMD5=74744CADAED209D1B9901A967B8668E9,SHA256=A037B54484ECBFF578E290032FD7115AB818AD23E3474DEC4EF41E6E306F659F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061126Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\howto.TXT2022-01-20 07:58:55.163 23542300x800000000000000061125Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\howto.txtMD5=D47AEA020786EE6DDDA2C91ADE7FB6F4,SHA256=7CEF80A5B1E27E272919629FB1632559F67BF68FE61CB5FEDADE101B7E57ACBA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061124Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\helphelp.TXT2022-01-20 07:58:55.147 23542300x800000000000000061123Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\helphelp.txtMD5=ACF03210CB699430B164233940E9AD0A,SHA256=A7638D24162FFA0D82DFC97B8DF4C4473F77D8D4E494C153F4AF77A7FF6235BA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061122Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\help.TXT2022-01-20 07:58:55.147 23542300x800000000000000061121Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\help.txtMD5=CFE01D4C2398E8D388AE9AE6C10E873F,SHA256=DA042812536B26DD4768F2FE0038B0E2AA4529D607EE5AE08B4790D209134C0C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061120Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\hebrew.TXT2022-01-20 07:58:55.147 23542300x800000000000000061119Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\hebrew.txtMD5=4142BDFA6F59621A381D0AF282CB1B16,SHA256=3B7057F607A77ACCA8BBB23F02795C3427CB8A2415D04021B58A6144DE5E1433,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061118Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\hangulin.TXT2022-01-20 07:58:55.147 23542300x800000000000000061117Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\hangulin.txtMD5=C06D6962CC6C733CD773B08AEB5CC8E5,SHA256=34444A343F4B13C260CA7955BA9A692D41FFA651B166231F38E842AA6C899E34,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061116Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\gui_x11.TXT2022-01-20 07:58:55.147 23542300x800000000000000061115Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\gui_x11.txtMD5=98C65DCA3B4EE80AFA3AA83AF7387ABF,SHA256=661A49C7B9B755DAE1AB837A867B662F73690644E0E0F229CDB0285E3DC0179E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061114Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\gui_w32.TXT2022-01-20 07:58:55.147 23542300x800000000000000061113Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\gui_w32.txtMD5=36980651EC29CB255DE35854AA09672F,SHA256=3816D858E1D8AFB0D24AD17267D256C939A7DAB9DB1134E921914A702FA40D83,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061112Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.633{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\gui.TXT2022-01-20 07:58:55.131 23542300x800000000000000061111Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.633{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\gui.txtMD5=B4EB0DBBE231638032A5723B16B0A9BD,SHA256=0DD30659EBF5FF42480445B9296DF255A1B4093B7108FC5643248672F5ABB9DE,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061110Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.633{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\ft_sql.TXT2022-01-20 07:58:55.131 23542300x800000000000000061109Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.633{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\ft_sql.txtMD5=C280301BD8CD7CC53C146F03C078FA4A,SHA256=82CA2312239AC80317B9F1FB53749C0D0748690175B513E9DEC183FDD470024E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061108Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.633{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\ft_rust.TXT2022-01-20 07:58:55.131 23542300x800000000000000061107Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.633{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\ft_rust.txtMD5=35254A80115FDF80D0207770A79D407F,SHA256=BE4D18CD4A6F70C9D8621B2CF2DBDD5E7057D5D69F471936BACA32109CBBA5DF,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061106Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.633{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\ft_raku.TXT2022-01-20 07:58:55.131 23542300x800000000000000061105Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.633{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\CFE4E044-0000-0000-0000-100000000000-0.binMD5=93150EF902EAEBD708BCEDF26B1C98D9,SHA256=C3F5F489EFDB15E1FCA9C4223BDDD6C3E8831FB3B8CC79E4812477FB307A2BBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061104Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.633{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\ft_raku.txtMD5=83A8658482D4E1B2C48F85082AFE7F32,SHA256=EC82D2A07640FB2C756BE02943B1AF5B632EAA78EAD1842B019AFC4B6B28DC87,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061103Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.617{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\ft_ps1.TXT2022-01-20 07:58:55.131 23542300x800000000000000061102Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.617{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\ft_ps1.txtMD5=41BB4DBD64B6F62A9DD54A412885145B,SHA256=2FECDDDA4D0221CBAD6289BD2479D8042BBE0070AD16C1E3477401B9C5F977CD,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061101Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.617{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\ft_ada.TXT2022-01-20 07:58:55.131 23542300x800000000000000061100Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.617{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\ft_ada.txtMD5=0A4E0E67BC77954CE958D93F14A8DE9C,SHA256=4BB44EBD9C4A083BCF2D2AFFAB5D834D7D9C539C8EEFA223FC9ABA4237EBCA46,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061099Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.617{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\CDABB3EB-0000-0000-0000-100000000000-0.binMD5=08F1149E46EBD2BFBE30470B427A1064,SHA256=D86AD6A864F68237201C1D1EA6CA3BAF094A3254DCEDD1921AB5EF616163EDC6,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061098Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.617{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\fold.TXT2022-01-20 07:58:55.131 23542300x800000000000000061097Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.617{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\fold.txtMD5=D854E6F29C3FAF76761D423F821BC2D9,SHA256=FEC95D5EB94B18D7547BF71D14161C5C7828D3A529A0A46A0A54C894BA62B081,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061096Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.617{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\filetype.TXT2022-01-20 07:58:55.131 23542300x800000000000000061095Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.617{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\filetype.txtMD5=E99498FADAB2D893FE44D32ED35CAB70,SHA256=3813B91FA94FDF818AAA0A32AAA75CDB83238FAE4CAAD53CD18C9DD531361E56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061094Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.616{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\C9F7492F-0000-0000-0000-100000000000-0.binMD5=B65F770789BB846D4625AA130677C359,SHA256=4B2527C628540E3B4B7A447072D1F1DED1DA85F9A4C86D3C3F5E7877FC3AB2AB,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061093Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.616{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\farsi.TXT2022-01-20 07:58:55.131 23542300x800000000000000061092Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\farsi.txtMD5=3E66A9D8F23373E12FA97E0B80227988,SHA256=C65FAADA6642A5818AD287B735430E3E20A9621346D2F59840008CB59CDB9040,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061091Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.595{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\eval.TXT2022-01-20 07:58:55.100 23542300x800000000000000061090Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.595{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\eval.txtMD5=449B63CC724560DD3D9AEB63CB874657,SHA256=6EA73317C2B3FF5A4A092B00BE1F5DB5B6BBB1D4C41AD9122A9B1CF720D25036,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061089Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.595{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\C6238F91-0000-0000-0000-100000000000-0.binMD5=B070A639E7355A727D848C9B25E2D5FE,SHA256=0B48D62980CBDF9D84D46B4878514B7EA1595608C33F2B36C5D9839FD6C307AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061088Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.595{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\C2A2DABB-0000-0000-0000-100000000000-0.binMD5=0B4131ABB71B4B0639123E1A88463E97,SHA256=9BE11D6E618E36288ADE917659418D16767350D2F2CBFD6A4B9B3986ABAB2F34,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061087Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.595{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\editing.TXT2022-01-20 07:58:55.100 23542300x800000000000000061086Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.595{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\editing.txtMD5=279F8F4DC29DCB9A5300EF459715FAC7,SHA256=3DC537A2483C04BD9855ABDD4E81F53D766A872D9BD13482BEBE19CD53FCB855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061085Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.580{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\C10D87A2-0000-0000-0000-100000000000-0.binMD5=C4B1FBB7DE1C26CBE9DB1F96A796FCEA,SHA256=5023E5D157A51C17539074265A3A3FF94F4939BC88626F1B6ADA9561888ECB93,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061084Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\digraph.TXT2022-01-20 07:58:55.085 23542300x800000000000000061083Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\digraph.txtMD5=292DDE9A98E1BBDC965A0E769247D2B1,SHA256=1926DD33F95C395C0D5FB4FAAD954227C726EE9C1A531798C7CBC5A629606A89,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061082Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\diff.TXT2022-01-20 07:58:55.085 23542300x800000000000000061081Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\diff.txtMD5=F9B161249C2F37627FBF5489FCE3C771,SHA256=FD84EA9BE656B63E361441AACD9DF75AC281EF10265B26057238431EC318604A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061080Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.580{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\BF69D1DC-0000-0000-0000-100000000000-0.binMD5=3E456613F42B315C6C3E42F17C2DF054,SHA256=0AEED680F8F78E362B9478968182F9773F16D523C46F8FF67AA3E4E97680246C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061079Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\develop.TXT2022-01-20 07:58:55.085 23542300x800000000000000061078Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\develop.txtMD5=0815B275A7B8A0D53A951542481D795B,SHA256=85ABC1BCE451F754AE04CBE48B1C076C2D35CFDD30006081C3CAA7339EA16475,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061077Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.564{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\debugger.TXT2022-01-20 07:58:55.069 23542300x800000000000000061076Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.564{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\debugger.txtMD5=1BF0EFA80C2F87ED9A458E870E6EE8A0,SHA256=56D71EA2F6F002AFB5E562EF36314E67E1486D699DD7AAA82BC8268BA10A5062,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061075Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.564{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\BD98497A-0000-0000-0000-100000000000-0.binMD5=E34F3CFD9FF3B8EA45A52F5D1790ACFA,SHA256=BB91F96A69307C1402C8B0403203F34B793AECA6FEB5F35C305FB6BB04499657,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061074Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.564{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\debug.TXT2022-01-20 07:58:55.069 23542300x800000000000000061073Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.564{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\debug.txtMD5=675EC319112C7F2D4DC3ACC400DEBB53,SHA256=3D326FB1976BB3AFCF3C7B78E9141FF2F58F3FA31895C49993A7E75C1FAA0A7A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061072Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.564{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\cmdline.TXT2022-01-20 07:58:55.069 23542300x800000000000000061071Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.564{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\cmdline.txtMD5=255E689875E84FD86ABE81C5B33F5C2B,SHA256=51D0EF58B8752F65E31C39219810DC095948DFE4021EE0004DCAB53C5E031201,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061070Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.564{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\B8567A25-0000-0000-0000-100000000000-0.binMD5=156DC2717159E8E3D647DDF0972E3AA2,SHA256=432436939963F14A60696143BA837E4833FFA7EABC7AEAFFBA5B9DA7863F5C9A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061069Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.564{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\channel.TXT2022-01-20 07:58:55.069 23542300x800000000000000061068Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.549{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\channel.txtMD5=C9261679BAC6B4BE31DEF86058F2AB80,SHA256=E1F709721C1DD7388911F085DECCFFC697610B268FB5CA5F2094F9927A9C61F8,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061067Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.549{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\change.TXT2022-01-20 07:58:55.053 23542300x800000000000000061066Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.549{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\change.txtMD5=AE7D9C85F333B8918ACE92803D8DD6A5,SHA256=0236855D228A6E4A170C8A2994B75021B971341503D0D3D5EBA72C2E8A4C0D36,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061065Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.549{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\autocmd.TXT2022-01-20 07:58:55.053 23542300x800000000000000061064Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.549{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\autocmd.txtMD5=3FDBA4E375FC4E27669E18D6A3E8030E,SHA256=11F7C5884239CF2D79BBD8B422D794F94A1671E3F3BD016F8B7485B7F8C0C35E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061063Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.549{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\arabic.TXT2022-01-20 07:58:55.053 23542300x800000000000000061062Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.549{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\arabic.txtMD5=9929646E7ED4658CEDCF0D3E8C9652C7,SHA256=4491FAB4A00184CDAC48B9BDF876D53B2545E9828740A8561314BE01FA98FE1C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061061Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.533{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\compiler\README.TXT2022-01-20 07:58:54.991 23542300x800000000000000061060Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.533{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\compiler\README.txtMD5=961F189A6FB803EA0E47A29FD908961C,SHA256=51D5980784304E5C547CBDE207A26AE31DDE955B99A78558FAAEA25C3D957B8F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061059Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.533{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\colors\README.TXT2022-01-20 07:58:54.850 23542300x800000000000000061058Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.533{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\colors\README.txtMD5=F1A23F3A6F809D18D3A17300319C5E47,SHA256=78F550034C6ECFD15F603014C0450D9E029ABF0C276BCFBF0102929D51AE4991,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061057Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.533{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\B650C107-0000-0000-0000-100000000000-0.binMD5=B507C72CD3F8FFEAA6183F22A81B1F7B,SHA256=B5EE7C326068B3AA2B71577F6EC1E51FB48DEBA462EACC4D32BC89F62F3C7B77,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061056Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.533{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\autoload\README.TXT2022-01-20 07:58:54.772 23542300x800000000000000061055Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.533{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\autoload\README.txtMD5=2D99F4EF102E29E6CD36A19975D4968E,SHA256=37AB54C6C5C4C530A855647CF2AC05C3B4C03BF16B21EEC913B5EA1B95CE59F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061054Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.533{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\B33751CA-0000-0000-0000-100000000000-0.binMD5=BD4FE4B3DE2509E3128FA763982247D6,SHA256=2B3D0459345D0BBDF200DA449FC74A4B933692D21BB4F1FD83A52FEBDCAF3B4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061053Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.517{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\terminfo\78\xterm.jsMD5=2C0C93DD7ADB2D7828E8E5579ADF5F94,SHA256=2251E380D6DDD02F330EBF5A99F2AF11FBDEC5646E379951D3BC83711348205B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061052Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.517{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\pki\ca-trust-source\ca-bundle.trust.crtMD5=6DF24035D756B85D81BC7B80917161DD,SHA256=3A30BD8C787BDDCA9A0433D443A4AD97732BF4B075165B53D91366881AC25E39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061051Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.496{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\B212CA87-0000-0000-0000-100000000000-0.binMD5=923E361C2575C76734C37B93760A2D64,SHA256=910EB822E5A0716B28AC885B197BC1D558F5DE44327D894BCF5EDD2A433B877B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061050Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.496{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\pki\ca-trust-legacy\ca-bundle.legacy.disable.crtMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061049Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.496{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\pki\ca-trust-legacy\ca-bundle.legacy.default.crtMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061048Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.480{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\AF0BB9CC-0000-0000-0000-100000000000-0.binMD5=F0B9CE67A0C1808DFEBF4F2B5DE38A64,SHA256=ADA1989EB1078BAEBAA143D5FA8C10D2A1D0097D30E6C2C40BC4F74D038EDEA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061047Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.480{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\A84A9654-0000-0000-0000-100000000000-0.binMD5=2425DF2493657BDF573D07BC31BB562C,SHA256=45CBA450957E67B0A2414643656203BE8B428F3B345000DCEE2D2BAABA8C3969,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061046Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.480{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\uni_keywords.plMD5=2FA1A76CDF11062EC944145F86C64A50,SHA256=BB744BFCF564AE07A48F21FA31A292B4B2C4BED9E431BE68343DF8796E706165,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061045Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.480{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\UCD.plMD5=3BB485B4EB9C2CF857B1A80F2EE41D03,SHA256=031A88D6B32A2D7C90BA7C00F50A3A48AE4132B73199C257622BCE33E030D6E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061044Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.480{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\A73606B1-0000-0000-0000-100000000000-0.binMD5=5D098EEBF6A4C146C16B9F9532C6619E,SHA256=B3910C7A3B9233F34B7CA05898A40A0052C455ED2739978A0EBC530B6B63900F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061043Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.464{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\_PerlSCX.plMD5=107A385A9EC43AE7EEE804C377BCA4A6,SHA256=AD33523DBD9B880567966B4E89B9E0BAA5E8370A5D0090EC4686811D6054616D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061042Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.464{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\_PerlLB.plMD5=E0F62F5C14FF0C3E2086997140784E47,SHA256=E17DFD0C9DAE41F5B3C13B4AC48FFF8C2A2014A8E27878CE30107D6D414E1D53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061041Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.464{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\WB.plMD5=8F77F62D374D6E36F89DBDD4BE3A2600,SHA256=C10DF978F10404C82150A1FEEA0B083117CB9F700247E07569498D9396D5E4D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061040Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.449{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Vo.plMD5=87397086A940FF1BEA42A230FD7281E0,SHA256=3566FD23AA48A628FE8F2AEF1E339B90A01143FF5EA3BAC35E818C9F1314F82E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061039Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.449{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Upper.plMD5=DBD48DB760078B7C15431542A8A4E2DA,SHA256=895F9C7A2A90D1B92CA6FFD8844FA46B745497E387B1C866D78D3FE1D4C4FE10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061038Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.449{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\A25A66B1-0000-0000-0000-100000000000-0.binMD5=C651B40268A35CE1D11D9449EF78B3E5,SHA256=31C1FFF9FDD54C7431772F71919F28C9871C2AEE25B170CCB25641442F23E727,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061037Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.449{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Uc.plMD5=25580AF86D86D945D15A8B2AF24AA72B,SHA256=C82E04235C58298D774F580D1B0DC723C8793F8A9461D8723DCC85F1FDDB54BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061036Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.433{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Title.plMD5=F751492965967F70511BC1D120F9E0F1,SHA256=609AD04A60592B701F3B37DA6FC68971246CD4873CF9D2D971E04BF97F38B2C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061035Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.433{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\A13AD82E-0000-0000-0000-100000000000-0.binMD5=514B197F0C53BD117CCA4B6F04BDB88E,SHA256=2A8BC7681336A857FDC3FA2EB1CAFE64EF0F6D267AAE1ECDC9C737037DBF81C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061034Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.433{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Tc.plMD5=425AC5B0840C18111DCE55CC9ED94222,SHA256=C26D8F98EF3CABB905BEEDB15482CEC0C70A2F0AA9624EA45103E3027BF3FE8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061033Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.433{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Scx.plMD5=7F5C3E8C9013AB5885BA8B51DE297FE7,SHA256=CE3E0987D33F8FBEC647A488550FF52B0696CC31E9A1C001388DBED562418A07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061032Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.433{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Sc.plMD5=B9C6552CD5D0322D00D2E9587F4A6ADF,SHA256=47329C7BA0916AF0BDE47BC6DF00B266E7AFF00F1686BFBE3CE6BDC9DA5BE250,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061031Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.417{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\SB.plMD5=53AC606E69317FEBC337C4661A8B0CF6,SHA256=5A2CC551356F307A182F30BAE13BF16F1F7040C094ADFCF1D9A90796304B3285,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061030Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.417{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\PerlDeci.plMD5=4BA18D48C9772236C1E5577166E2CC2A,SHA256=D2950134E7F21A48B535825A6E24237AB10CBBB3638E7393F7A7B4233CD7F9E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061029Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.417{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Nv.plMD5=4534E82700D26A4FDCEAE5B8F9FBA0A0,SHA256=8551805D7D077EE22373668059CC2BECAAFF6733B0020DA0C77FAE9B3793C4E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061028Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.417{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Nt.plMD5=17308DD48EDCE039CFC009A7D34A3892,SHA256=8012ABD42103D6860A8FF4D69D2C51C34661E62B4BE28C9DE1A28AFC00327C15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061027Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.417{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\NFKDQC.plMD5=E6B54B6056C402865220129EF4B2E958,SHA256=94BCD8E8822B983C49367BED574BB04DA4C40100E16845744B9FC05DACAF7FBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061026Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.416{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\NFKCQC.plMD5=C142F97783B3AC847A8D0DADF5B437BE,SHA256=EAB1CDFBAB2D3D1D52CC119E0F73B26EF949AB6190526AC02713001EC148BB51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061025Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.413{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\9D191D6C-0000-0000-0000-100000000000-0.binMD5=B77E7A17E7EBF57E78E25C26EAA55362,SHA256=78491EC6BBEE247172D757E7030A32D8FE86673313B59ECB55324B5FF3B3857D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061024Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.412{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\NFKCCF.plMD5=139A90341AD0B5770579081E257233C1,SHA256=BA768B29444DDE64E9E7BB70EF9CBFFD4498142B1851E36B6C00CB6DB46D7530,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061023Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.396{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\9CB1988F-0000-0000-0000-100000000000-0.binMD5=517694A746641AB7F2FEA3DCB1002C7A,SHA256=E7FBFBEA6D3174A38F172E1847981C05D2AE5AB6617678864F7E5673F7561D7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061022Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.396{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\NFDQC.plMD5=C6248C963DF8D3D7E6AFBFB0AA3559A4,SHA256=F2BCA8BEB3E2CEE295CFE47A1F32912F4127B3FDD74BD07B76037EC48F461BA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061021Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.396{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\9BBA5FC7-0000-0000-0000-100000000000-0.binMD5=3ABEDDE8C15719E9BAF1C889EE8C335C,SHA256=E0DE0BC715FA6F467A3D2E10220E129456CB8E084F71F1D1C30C29475758E4DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061020Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.396{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\NFCQC.plMD5=5C5EE66E9348BECEC3B8EA28A4D285D2,SHA256=4E637713855CCA12C431F1D21B6B95226A86A8D54F742D6D545E32AAA4497EE6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061019Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.396{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\NameAlia.plMD5=5601B0AE63DC2AC0D2EE67291F258B1E,SHA256=325D2988C0E5ED4EF89CFB4A63DD6601AB572E9D63F5854F5FD651C6AEB6EBE6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061018Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.380{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Na1.plMD5=BFDB22B763638C465228E4705ECB0270,SHA256=92C0B08F0E6E084BFAFCBDA7384F343479E48333586B609B513C3DF7AD2F03AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061017Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.380{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\9A18D85A-0000-0000-0000-100000000000-0.binMD5=83B38D9D177E6E2977E441ECCFABA824,SHA256=64FCA2ADC210523BDA8593C707AEA6DA84B7B7A1E8A66E495ABD283EB42C7298,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061016Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.380{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Lower.plMD5=B03E73889CB562D2CE71D1E3D1AFCAC6,SHA256=F1B128F1D77E391CE70582B05AFBF9EAABC706EEF56BD091139F5878AE853C26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061015Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.380{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Lc.plMD5=9B4FD879FC3CFE908006296D8C175DFE,SHA256=B0258194549D5F3784DED0E7164ADC4170BD2249AC4742B13DF3ECFFDC63F916,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061014Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.380{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Lb.plMD5=B7225819387B58D7F994CE65A4F993A0,SHA256=8AB50B6D5A90C27F621DA5DA5755FAEA1B5C40634387146BA1A1C0E87E62F073,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061013Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.380{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\9752B235-0000-0000-0000-100000000000-0.binMD5=6CEE91472B6E83A428BAB4B79B90EA8D,SHA256=B611A35E7D4A1264833F7502B6DA9D6BA9D2A18AE08A39D9F7B6DC346F10AE09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061012Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.364{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Jt.plMD5=9B2BDE3CF32FB7DE257CEEAA9CCE0E2A,SHA256=F066AAB62AB96478F5BC862034C081ADF40B483CD2AA789FEB87B3EFBE4C207B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061011Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.364{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Jg.plMD5=A14A1E3F56C6BE70BEED05D430D0E4A7,SHA256=0E8583A388F853A841C5A35B049A99BB6AA5C3F897764B4CD7BC1CC08B32B149,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061010Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.364{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\948A36AE-0000-0000-0000-100000000000-0.binMD5=99817F00627EC5C6F829742B2E7C270D,SHA256=6C52701A6627BA85F6908AF87C2353101B7AA1F09F4378A7B2FB246A23B0C9FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061009Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.364{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Isc.plMD5=231434C0F286E558848B2D5764FD4EE0,SHA256=84CF866E49257CF68F7C0270BD4E9075A1632C9896FA8D87B936A312C3B32284,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061008Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.364{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\InSC.plMD5=CF68B4EE4B0D7F12C7158220A5A3F934,SHA256=FAC901167C6638EC9C7FFD682FBAC8483219D5328F709F1E052135232D72E2DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061007Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.349{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\9255B24E-0000-0000-0000-100000000000-0.binMD5=3B7840F724537D572476854B14040B86,SHA256=57CEBCDBDED4AEF5C19AF339F4532013DFDAB1F6C7EA3E3F46FA2E1C62EBF235,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061006Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.349{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\InPC.plMD5=BC58563743723F02AD39BC026D403CB8,SHA256=B8223EF748B726BA751AAC36F18DE21C349A9F8BF7258869ADA36CC495870282,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061005Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.349{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Identifi.plMD5=DE1F2F80155A8CAD49F9CF89ECA30383,SHA256=8E3D42E1CFD5FA6EDFD1E328DE95F1B9CCD5E1A4A751564B05316110DD787BAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061004Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.349{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\91A988D9-0000-0000-0000-100000000000-0.binMD5=916D01DB0A76A2F16C798E83266AFC68,SHA256=ABB9E631BF9B16CA2A62200903A3005BEB957EDE142D11CA4FC7D4DD4F3D2FE8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061003Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.349{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Identif2.plMD5=1DFD1177AE23379BB29A231062BAA523,SHA256=CC99DBDBE64D5918281789FC4309072B697C06A0D8E590BE0799756D91D19586,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061002Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.349{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Hst.plMD5=EF86ECB208211FB84FEEB6434B4F18B6,SHA256=D0453155DDAEA8EA08F995A198652FEFE5F408DC816FFE7B01529B26ACC3EC54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061001Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.349{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\GCB.plMD5=343CAF3698DAB28086EDE1D153FBAFC9,SHA256=1F75B26576D59F6C28CE0944B597D5AF9194FA919DDA809173039C4B949CCB62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061000Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.333{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Gc.plMD5=15CC4BECE648D0839898BCDE9CE8963A,SHA256=B3097B3CD0BFBA55C7965CD233576ACE095032BF75556C904B999C800C2900CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060999Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.333{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Fold.plMD5=CCF63881F38A1E239965EBFDD752B849,SHA256=764B5120CFEBC95904D010AC320A5B0FDA3D682C91FE3A7B41FC51B9D74332AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060998Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.333{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\EqUIdeo.plMD5=E1493204DCC1F0A8E3991C1D8DEC9E08,SHA256=EE312B8B076AD4B53C7EEF8791D63C1B6AFE7ED4970299F378EF50F222ED058B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060997Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.333{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Ea.plMD5=BC721E92ECC43E073277D697EE60F60D,SHA256=2D09B7AB7E4EAB2C4B04A8F25D9ABA022CDB80C3DF3B092BD95CC0907EB8C701,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060996Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.317{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Digit.plMD5=18D8870760D1C9B964D6FEBA741A8849,SHA256=098234594FA6349C5032AC62C60E730E6E48C0EF55E7FFBB6A68FC510905296E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060995Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.317{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Cf.plMD5=916F1C363E5C2FDE3498841A20C4C564,SHA256=29B39966CBB1767057009505DEE8CEF937B6537A2535DA66DC78FCD0988ACCC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060994Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.313{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Bpt.plMD5=6DF877587F13FF963D19A44D92F487B6,SHA256=E34F193578E6C2D04AEA4FF27ABDD96B7B7852C45ADE7EAB5CCDDB0C76B6242A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060993Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.296{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Bpb.plMD5=65371232FB327B089A2DF764965416C2,SHA256=A9F65C8DB262C9641C71FF0A19D49F1851909175D2C5FCFACDB7D8FDE3A1631D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060992Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.296{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Bmg.plMD5=D9D3FC910A68036962A71744ED359239,SHA256=5C3430C29A5359D3740A6475BC32E16CD02BC3F3AA32CF89279474D64D80C271,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060991Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.296{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Bc.plMD5=FB0F0783A2A6CCBBEC7DCC09486D5BD2,SHA256=7A3B6FAA794E76BE87E0A0A368737927CCB79BC5133060FCFFD42DB887D1CC0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060990Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.296{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\90A214E5-0000-0000-0000-100000000000-0.binMD5=D82B3F6F5AF0F9123F62A972C34A1829,SHA256=FC043E4C0ACD17D316D51C7D00055ABB96F42DE93A7AAAA7D7E4E3DDA90352A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060989Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.296{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Age.plMD5=70CE331FD2488A6AD901CF120FE3DA7A,SHA256=BC9E38A839776D271A03EB07B429E6B1C802346A92C00ED4E159EF3472CD05C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060988Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.296{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\8EFF07E0-0000-0000-0000-100000000000-0.binMD5=287F319BB7092CF6330AB5002C992D88,SHA256=31539839841A978A1FEA98817E0B3755FC14B80BE31FA4FD34CAEEC9E420AC76,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060987Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.280{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\SpecialCasing.TXT2022-01-20 07:58:54.022 23542300x800000000000000060986Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.280{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\SpecialCasing.txtMD5=681D4E1EBC39C3362FBD6C293070A8EA,SHA256=6424312F1DC39B22E0FF9C0FFB13DFAD424D9B03E6A6DC6BCA941F6BF5EF1FFD,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060985Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.280{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\NamedSequences.TXT2022-01-20 07:58:54.022 23542300x800000000000000060984Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.280{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\NamedSequences.txtMD5=D12025EC2690D50B7EF1036AD197B9D8,SHA256=27282B8AA01D4D0C44AEF436CB74195AE8639FFA187AEEE4E6247AF76FEBEA76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060983Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.280{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\Name.plMD5=E675B4BE660058EF6819910450A28D83,SHA256=485C7FD9C3486D9E802938239268B688C758F573F7A85863CA1E2D3A8D635898,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060982Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.265{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\XIDS\Y.plMD5=99C3E20DA75832BD07362ABABAC942DE,SHA256=72DE10AA1A8850C10AE08CF51553F2BDAFB2A14B9E6CC1F391B950AB4CC27A0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060981Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.265{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\XIDC\Y.plMD5=707CC9F746B3294B459468CEE65AA41D,SHA256=E4EF6E8516BB64E370551CBB0380AD26156CCB28A83E05D0E847F1CABC33B222,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060980Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.265{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\8DB57C86-0000-0000-0000-100000000000-0.binMD5=A904FC9F2262C5B7E899679BB825F057,SHA256=FB6ACD22186EDADF7235BAD08304BA669DC318AE08D41F3C79FC08317339556D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060979Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.265{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\WB\XX.plMD5=86BDAB459A3500040DA415F1908D5120,SHA256=EB3B820FEFBCE0F3BEDC60F13A7BF959C392251AECD423DB70B0FE9865DA82DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060978Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.249{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\875E27BC-0000-0000-0000-100000000000-0.binMD5=633FA094DF8B916A32292AAF91D01926,SHA256=9B14700FA6490B370ACCBADCE2B2295BCEDC67C6F8B12FFE1E57BD8CBDE96078,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060977Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.249{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\WB\WSegSpac.plMD5=76E9928EC0EEC9C244DD06B48FC5983A,SHA256=848A3BFCB0C2DC9EB7BE36D56168C2B75CB7CDD5F4ACF160380D069EA164D384,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060976Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.249{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\WB\NU.plMD5=198F92659E13530D34B0A569EA406043,SHA256=D374011ED5AE753AC00D994A3F07BF37BCEF3E8E7BBBEB77D3A2B5EFB2E26623,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060975Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.249{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\8247AE0F-0000-0000-0000-100000000000-0.binMD5=5D943950C109EAF534CC5C5FBD148A6A,SHA256=10DFCA1FD19B965B70416D80FB55975F94A1871A82136E9BC26B51CCA02D19A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060974Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.249{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\WB\MN.plMD5=3DE6D26641B7293360355AC83AFE2063,SHA256=B42C7A1A576DAFA31C72D9E28B98C85E4174EE11599E760E982C7B5481E44927,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060973Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.249{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\WB\ML.plMD5=1B0AA32A4EFDA4A00A6B67D01D4F17F4,SHA256=221533CE519EC0648DFEBBD8482C12E7F1F5018842F6CBF66A8DDC884DDB4F2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060972Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.233{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\WB\MB.plMD5=1ACF9E2D841862EA83318217CEFBCA5E,SHA256=1EA55A12E3F2E7504D2FDA38946AABE64DB8E7E4BDDE40DBCB27EE21D4BF85B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060971Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.233{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\WB\LE.plMD5=1E1FED60C2A18C737A33A0D2D81D5E34,SHA256=B7F3C47F0AF2C433CC54B460B07377F772F9D9F580DC1FFC807EECD8D7829F44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060970Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.233{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\80A749DD-0000-0000-0000-100000000000-0.binMD5=24D78BEDF41336884851A80752DF815D,SHA256=633AB9EBC3CF2344CE9726EFF4348C61BEC6BE8F315F387A0A13A0B2FB22E5AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060969Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.233{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\WB\KA.plMD5=3751645087183FBD1F619D5559F978B5,SHA256=99F2A9236351F990B3C1BE059F885E14C3F97755A1CB775F9C0ED8309A61CAE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060968Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.233{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\WB\HL.plMD5=104282863CE87CA11757A844187F375E,SHA256=79F0C9EA74E4E7D2346D527F78FEACD598FE2D7EEFA9DFEE0536900008D90DAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060967Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.218{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\7EEBD808-0000-0000-0000-100000000000-0.binMD5=0E98929FA6F2886DB1A99FD8E4716894,SHA256=EC2F66FB3217A0A9230E49D4C476A01377FE63B0DB1036C438E9EF4B238503F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060966Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.218{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\WB\FO.plMD5=A4B195BE7AB2C8B09B9BB18F413C70C7,SHA256=1740D97066BC2E01FDC4907939A768F2E2C4E20C3D3088A06E15BD0432F34A2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060965Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.218{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\WB\Extend.plMD5=4C3C1EB8F50D963FFB92F9CFB71080AE,SHA256=06144014C3B3F411E64463A31164D709DC421152C4B04AE382BD0157458CC821,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060964Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.218{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\788EFEFD-0000-0000-0000-100000000000-0.binMD5=676E656973DCAF3AAE3A5F03D81267EE,SHA256=D74B2AE543F73A2210167D2F9DDC39EBB7824B2480BFD17090A2CD973A42F75D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060963Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.217{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\WB\EX.plMD5=2C526945FA5939767C24A14F47BD1C8A,SHA256=6BCFE5C8DC8122DC94C19320D13B93CF015127448E686A02DCDCDBFD2D173106,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060962Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.196{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Vo\U.plMD5=EE29CA68CDDE1B80C58E823DD96FBAF3,SHA256=5D47E556E84BD91523D9758E7DDFDF34128A3FEDF5E10C583ECBDDF739B89913,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060961Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.196{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Vo\Tu.plMD5=95D03BFA3BF5E81CEF1FDC9572912A24,SHA256=E79B53999BFD2F92F98C93CBE531A9F2F93C8083BD32E2B23BDED8A095851455,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060960Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.180{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Vo\Tr.plMD5=2C464ACEE1E1C82E5247B32A0835B833,SHA256=1FFCD43B0B8A8C5D192A27BB6E7C98C30B31688CBEC9EB33B3103EE85DAC0417,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060959Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.180{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Vo\R.plMD5=6613B43964C5395900A19F05BD71FDBF,SHA256=87D737F5C804723CCA73C404BB7D92767E6FCA930F3084B94413EBB8F9A96205,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060958Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.165{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Upper\Y.plMD5=1B4D87827AEA6820C8F33F0E9AC59CD0,SHA256=AA2299304D8C924EAD26806E8AAA4C80E6FBF9CBDF68001F7F216BF150DC8440,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060957Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.165{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\76AA80CE-0000-0000-0000-100000000000-0.binMD5=E903C58E8CFA07E4223D459737C57BFA,SHA256=9933EFE99AF9496A0BB4D60BE583AA73CC0263E9D6BDBA027DD5C071E635BF54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060956Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.165{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\UIdeo\Y.plMD5=25ACD3DAD5A3B510BD09E5A843A7BD48,SHA256=79DB9DEAF58C9246F22658A5ECFFE9A46DE22757502264D211227A3E075D3456,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060955Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.165{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Term\Y.plMD5=E767080C69F5E0761E386294C0704677,SHA256=EB200EFB903445C6D0798CD4011211EEC6EB7EFD113F6BA0A3F34C6B89994F87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060954Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.149{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\STerm\Y.plMD5=3F4B6806F71D633BD4B9F09AC9B72F3C,SHA256=15E08E494A0AEBE152D29A75A68AD370675FE3A4598B3230D1370CD8A1B50F4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060953Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.149{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\SD\Y.plMD5=D4373C6F10000B7ABAD8AE2352BD7A31,SHA256=3C8908664BB6BA5DBE87146FC6EBF3E9DF401F10FE1BAF5FB34D6A9D894F1971,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060952Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.149{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\69EBD85F-0000-0000-0000-100000000000-0.binMD5=47BEF9C37DD95E4F30127F4E841AD5B5,SHA256=91C2E8E269D8382DD89819A329FEE9082F165E486CCDF6022F9B42CDBF1D6A4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060951Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.149{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Zzzz.plMD5=BF160FAFA640D2516D91B3A8432FA90A,SHA256=F8CF433095E9D039BB451ECD757C5B00E08804E5A181301EB5D91244DC6E7517,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060950Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.149{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AED974DCE00EE334F46EBA95B4F3ED8,SHA256=005FEFE7004B38C15B1597CF41141555775FF87977E1E55436C49E2B4F513772,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060949Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.149{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Zyyy.plMD5=087D4F4FBF09FCC7B242D1DDF70833C4,SHA256=2FC7AB463DFD014BE80FE4F24B26824F2909F2DEF120DDCF687878734C32D7BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060948Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.149{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\69825A4F-0000-0000-0000-100000000000-0.binMD5=B5EB40DC7A8112C61865978039D337AB,SHA256=CA7BC20922F740065222E1DC740A3C131CC5297D1F32CEEDD8833AE7E8C068A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060947Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.133{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Zinh.plMD5=AA1B3B58A6156F50FE5793A416D8745A,SHA256=3BD98A64D5824D49F9B8E101411D3698C80781870574B846A341B0A6562516FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060946Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.133{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\692D8A75-0000-0000-0000-100000000000-0.binMD5=962CD56312371C56106C2E97DC6345B5,SHA256=9EF8D285CD86F11384467AD3C9560D4043BA4810202C50D286EF6AA34D43459B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060945Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.133{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Yi.plMD5=DB6E4BD1F8EF401163CD0AB7C2B69E41,SHA256=58C14BCC03D5585D573F5A15AFE25412394BA1215EA72557E08EE0F42BA70C3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060944Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.118{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\6445F004-0000-0000-0000-100000000000-0.binMD5=2A1BE30DD51CE25EB42A483B4DA968E7,SHA256=61235E9A6070FEAF0A7161120A014A762BCAE8105B58F7802A057FBF4AEE2A0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060943Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.118{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Yezi.plMD5=D0DFFAA46B4459F290C7584418B12A32,SHA256=65C8A5FAA1BCBEB75BDFAB8F17444287790442F08B1438A926702F200C5B753B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060942Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.118{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\60E60F09-0000-0000-0000-100000000000-0.binMD5=91D98C2FB69C01F10F8D184B1DCAD598,SHA256=D9F23BA8AD423D41A88C84CDAAE766DCA7FA67EAD84BFF4AE732FF137FBD1428,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060941Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.118{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Xsux.plMD5=B42A71682601DC1CAFE690E5F0C81B8F,SHA256=3B5AE62C9A88F067B7D08DAFB06C9E229E2BC78C19229A7A05FFCE97AC2BA5E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060940Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.096{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\583610C9-0000-0000-0000-100000000000-0.binMD5=AD296B980DA22D0ED682A1917C4C1F4F,SHA256=C2FFE760693D38A8410B37B403DCD6A2F89C8C956ACB61B9DBA57E7E3DB77C9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060939Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.096{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Tirh.plMD5=D6819B5D1295A7FA3CC6DDF72F843774,SHA256=9381B5869FEC65AD077B8AF69A63BBEAA9A0CF31CECB08C4768CB6345907DBDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060938Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.096{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Tibt.plMD5=A7F4204EB7BE392FB035F239C40FB095,SHA256=DBECB6B7099097581EB0DAFE6DE440850F73393AD6172260DF4714B57C89A5B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060937Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.080{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Thaa.plMD5=D8F35E62A613C8E6B2928957CDA0CCD4,SHA256=8040E2763AFC1B5E96E1EAD80DE33280823596E8993588C572BEF16DD731F4A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060936Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.065{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Telu.plMD5=187F4EF9636099FBE04C7FDF5085A94E,SHA256=539FD6BC2DF5E4B3743F47E817370FC350D39F4EF58A5B3A729EACAB6FE13F6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060935Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.065{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Tang.plMD5=FFF31FA677CBB785B804FB0661A96CCB,SHA256=47FAC20131B5FFA73B8DC366CB8C3B9DA16BC1CA7748AE97C87D64B9E316E61E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060934Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.049{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Taml.plMD5=F774CB0188AF4DD502D72F9E62553EE6,SHA256=8D6DF18514620E905F7753F2C3937210825E21CD28E5F502BE50CCC5D04617B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060933Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.049{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\547FFF31-0000-0000-0000-100000000000-0.binMD5=07A8E0323E3BF5B4C069F2AC87EA0CEA,SHA256=D7372B6925ABAD7B4E2807804BBC1C81AEFD967B7795133F2FB1B8AA61DF108A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060932Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.034{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Talu.plMD5=98FA690E0E681B55280449A3FAB9B767,SHA256=8CEFA4A20066F9FE68DA8682C1F9F4D1C639EA167E8D4242CC0F68D49233B70A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060931Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.018{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\53975E6F-0000-0000-0000-100000000000-0.binMD5=CE0DCF08805464987B2504FBBB146068,SHA256=4D52CDB0B80128A34956F3A9890133F4E82B59F6BF1520398726EF27649118FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060930Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.018{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Takr.plMD5=E76FAEEDF0CE4DA96B71BAE5F2BAC127,SHA256=D50EF74A31206C7170CF7A05B57AE3B4EC037E069EF8F5CA329B6F9A941724C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060929Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.018{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Tagb.plMD5=542B705AD85F52964E74C24E5D6C6DE2,SHA256=01E42238AA6E5EB7FF072C8418028148DBB38891692D05B0AE20D9CFF1245D78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060928Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.018{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\4D79D64C-0000-0000-0000-100000000000-0.binMD5=EB0642116B9D612F91CF46FA9A0EC811,SHA256=7356924B00826C16215853B975E65194BB9D75449888B74D2508D8CFEA3ACA8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060927Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.017{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Syrc.plMD5=79982F36189840DB3AF6BB65862F36D7,SHA256=A4D7D57E82D834FB4DF58C6A4F77A9FBB2E19809D89B35B2AB5DB20F22758022,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060926Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.013{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\4B8F0408-0000-0000-0000-100000000000-0.binMD5=8BF6F5424F3BD1BD6483822AC1D005DD,SHA256=B74198BEE48EA775D35FAFB952FE6A2CCEFB84ECE1BEDB1F08669D7AE44D4E8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060925Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.012{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Sinh.plMD5=A4B28FA4B5165836719AFB4D4F9559D6,SHA256=6516E135DD369FDA510E001886048DB0ADF280545BF72E0FC6143C36A5910566,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060924Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.996{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Sind.plMD5=596F77BA7CB2D448D87A8B4193543B3A,SHA256=022806549A1639839BF9BD543998E5EE449B3085B81CBA635F41AA5C5C83BC45,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031826Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.753{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3BAF-61E9-0A06-000000002202}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031825Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.753{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031824Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.753{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031823Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.753{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031822Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.753{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031821Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.753{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031820Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.753{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031819Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.753{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031818Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.753{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031817Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.753{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031816Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.753{CE7C8936-1A7C-61E9-0500-000000002202}388504C:\Windows\system32\csrss.exe{CE7C8936-3BAF-61E9-0A06-000000002202}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000031815Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.753{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3BAF-61E9-0A06-000000002202}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000031814Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.754{CE7C8936-3BAF-61E9-0A06-000000002202}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000031813Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:37.798{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51387-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031812Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.128{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2578A6D4277356E8DD3B942F28E55B22,SHA256=0BDA554C473FD0BFB35118F321FCB787D4F3836C4956E1F84B7FF706758594FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061861Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.996{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\users\users.iniMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061860Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.996{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\44E09DC03C072E3E12C73248D40D203CMD5=BD61A041658E33C2C3ED0DEE0076DE80,SHA256=F73DBDB0751C8BA35438D3BC7D5BF16A550B18956A62960A72EEC14B97A8270B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061859Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.996{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\41774F5B6E9AC2628A4112DE02A03DB6MD5=5F6DC00A8642BEB4B03DA55F69ABE8EC,SHA256=4CD46E7BFCABBF85810E129AC79358C1A30ACFB8CF469CD9F8DCC8AB4F8D7C95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061858Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.980{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\38BEAD793168371D7450BBF648FCA3D5MD5=0C1490A122FC49EC6F6C5ECA5397C04A,SHA256=B25F1B5AC2F9749315EEDD2A93C4FBF6C84894A4C8246784EABF9842B237EBCE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061857Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.980{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\29273F82A59CE197CDC79425C9F2390AMD5=C633301E207AA7A2A00E702E24F8358D,SHA256=E4104676CF3D96490BEB849114DA081BD9AFAB56477B2662191C15A02D6E87A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061856Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.980{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\28193F41FCB692374C9FFC7C3BA4921EMD5=900C42FE7F3D6AF56C6258598BE7D43A,SHA256=50A715F22674C450FE9A369C44E8EB0F502F9D5C7AADD29122E323FCB1CAF620,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061855Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.980{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinRegMon.CMD2020-02-07 07:06:30.000 23542300x800000000000000061854Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.980{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinRegMon.cmdMD5=B8A52A1BCAE17281107B2FE9B02C3B9C,SHA256=F1CA185012AE271FFD0AE0DCD07DC6AA45788562894061175F7F43291B133E8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061853Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.980{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\1CC4D80F1A0877D0EC5CE7E7BC8B51AFMD5=86BA21314B2630D2FB4893260C37A401,SHA256=F1DDC4B22850911146C812166B47B2AAF43D4F9B1F7869E46BEB36A05926BF91,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061852Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.980{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinPrintMon.CMD2020-02-07 07:06:30.000 23542300x800000000000000061851Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.980{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinPrintMon.cmdMD5=A8E73AEF98E1DAFD1ED8CB0E1B0B42B6,SHA256=49F5A365C8BD65A86716B676EE074D588D14ABE24643B693C991B2EEF200E4D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061850Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.980{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\19087F00AD4DA631E9F1DF4B9DB3660FMD5=1E72796C0BFBBAC450596F6CD1F4DB88,SHA256=B1419C6717577D68D3D006277076BC8B03A5420315D2BDE6C595108C9A966A27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061849Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.980{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\187C45C4E50F22AF769DE46BB19D86CDMD5=B73B3994EE9550E7826CAD5972592410,SHA256=35B6DCB46B043BCB6D864821E06A8EB23E1317EAE4A933228372689BA162A236,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061848Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.980{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinNetMon.CMD2020-02-07 07:06:30.000 23542300x800000000000000061847Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinNetMon.cmdMD5=D5ED214160D31F70A85C714FB5E7C83B,SHA256=79F434BA38260D6781E9E76E54404AC04447A798DC3A856A8ADCF7A7DC72E1A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061846Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.964{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\1147D9B6434000301E48E7D66143EAD7MD5=7198FC93F4D56F1087951807780B3073,SHA256=7A4D283E1BDB296F0BF2D662F0250EAEF62004E464B16FA285FFF499A834DEF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061845Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.964{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\10E76ADC08650B924384C62B0C2DD411MD5=3D713BEDAD604F2C8B4E8EDBEEF39F4C,SHA256=F7BEF1CDD98D8F0E0514B831AE10904024FAEA75B44A4EB195D5E1EC1D5AB162,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061844Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinHostMon.CMD2020-02-07 07:06:30.000 23542300x800000000000000061843Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.964{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\0ECB1429930139E0C870510F73744BFBMD5=A74AF04F9933217D8D4784C6139DF204,SHA256=BF568AC720CF94B773C001672A6A27068572291731AE791AF6F7557534CD882A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061842Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinHostMon.cmdMD5=6EA0EF6391C4B624B7FBC4C691031708,SHA256=58F89B5649E27CECF6476F9AA49CA26E828E00316C767A09BE37D97B40A88415,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061841Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.964{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\0E87A69F84BFD0F72A99C702B38E127BMD5=C43CF680143A8CC777479977E187D5DF,SHA256=C0CAF365D2131C10B91F398699CF3CA214B2EE70349FCA34866EDE3030045A46,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061840Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\winEventLog.CMD2020-02-07 07:06:30.000 23542300x800000000000000061839Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\winEventLog.cmdMD5=5042DCD0F447EB7877AEE22C1FA5ED71,SHA256=86B1B8AEA014C6490961F336FC63E1BFA512AAAF205CC18F430950FD6068FE34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061838Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.964{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\0A9C1C7BF3A1A69CE92A09E264D1E10EMD5=5510CB4B0607832AEC944A18ECA40435,SHA256=8A163828126ABB50DE166AC412BC19318CCDE03D878CB98402A16E08A27C6F3A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061837Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\powershell2.CMD2020-02-07 07:06:30.000 23542300x800000000000000061836Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.964{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\0A44E5B349E776A65CF24C6E9F8517ABMD5=AFB4618FCF6B7BBDE5CBF79B439641A3,SHA256=3B72471403E3899FCB462578E4BCE2CE413E5155D43C172DAB3F8D174ACC9543,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061835Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\powershell2.cmdMD5=38CD11FA13326E79F1A7370A7028BDFB,SHA256=001C1BD264113090D46657874BAFB0E3F60E148FF920DB105F6FC1C52AA4AA16,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061834Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\powershell.CMD2020-02-07 07:06:30.000 23542300x800000000000000061833Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\powershell.cmdMD5=2D74D5C3E506FA8E88C838DF0870F1F6,SHA256=9096D9B164D22F57B903C8219DD8F94333FAFF464FE28239CB5112576E84BD48,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061832Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\perfmon.CMD2020-02-07 07:06:30.000 23542300x800000000000000061831Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\perfmon.cmdMD5=B1336C5BA5491156E3D7D05B84CCA053,SHA256=68685F15AE748A62C651DED473E0E259F75C09F7906CE1F20D09D3B63311537D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061830Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.949{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.LogMD5=C65D6CC56B6E3122469A0A7E57675BDF,SHA256=2C31EA0E31B2D427716A7A59A5CC64B69B81DBB0496B280CF74E684B62197BC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061829Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.949{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\System\{3D834516-209F-4504-87DD-E4CF85E053E4}MD5=6883F8664C8911B84F614708D48D3151,SHA256=4A61CDFA39445F618940CA5CF5EFB1AA1BE289DCC72663E6771D3865FCFDEE28,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061828Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\MonitorNoHandle.CMD2020-02-07 07:06:30.000 23542300x800000000000000061827Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\MonitorNoHandle.cmdMD5=5C0FD0AA51D0BE93CBCC80B74494BA17,SHA256=FA06D6042ABAE5C9016598B99586799D95C9D0E0FCAE6715AE516D091508E1C5,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061826Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\admon.CMD2020-02-07 07:06:30.000 23542300x800000000000000061825Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\admon.cmdMD5=249D72CE8B393A3B1078D4226442E487,SHA256=7BB75239427AA3F5069F01FD23B634746726E51346F473D06C603C017F666EAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061824Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{FF796F23-815D-4257-B5F1-F7EB324F4F98}MD5=604B5E95A3C7EFD55E16A91676050A13,SHA256=3E2FF391DC5D44E85B651D1916237EBA91F6D31D7C2A37E475CF29967A9DEC98,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061823Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\copyright.TXT2020-02-07 07:06:34.000 23542300x800000000000000061822Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\copyright.txtMD5=25A9FEDC584FC6D5E10F689A1352D947,SHA256=144B3E7979C26A2AB1DB949C052B71675167DFA8F3B711A8714708D0EC29E3D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061821Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{FEF4815B-2450-41EF-B87D-FC0097E07217}MD5=B87563390C33BD887E6E1DFA678F3ED1,SHA256=BF37AE64A519666672E428B858DF8727F470F2FE3702BC2F1892CD974BDDF2F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061820Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{FD97EF81-96EE-4436-A7AF-669A4B5EACF6}MD5=018CE3A354CC305F6FF735270FD9CF6E,SHA256=52884BDD13A9B29BC1EAFF25AF22AA9C94117E6EAAF580FF53AF21D1DA81F7A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061819Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\auth\server.pemMD5=D26E6070B303CE642E06768C9803372D,SHA256=8C2B5B74196235AC475D6E2E4A76CA196D60C9F65E29257E0A1AA848D7290FF2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061818Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{FA57A0C9-C941-4618-AB39-630D20978122}MD5=31CE02F98C431CDB191CFA2FD61CEAC9,SHA256=ACCA83C3A50D3945C79925B43E6CE1FA2E9F59962C34609311E2145A867FD21C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061817Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.916{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\auth\cloudCA.pemMD5=6123784D0E0548ECC0919B6C3FC0BFCF,SHA256=6A4C39AEA9FD1A0ECD670D7B29FE5775B1AE20AC99D466A8C50AFF384A519FC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061816Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.916{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F82D59DD-34F4-428B-9A90-2915C53E5F76}MD5=C5C438723F5229C28FA0305CFBB4C74F,SHA256=DA2F72507A1D18BE555235EFE7F596CA8484102D208E66F2B1AC3C8AC138BD79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061815Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.911{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F7975A06-376C-44C8-9C91-051434AF8A27}MD5=54ABC323CAACAEF7CE2A3C1249222946,SHA256=F263DC57BF3AC276227A39D1132BDD14067C3BFAF35E5E17EE59C728E8DA2DA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061814Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.896{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\auth\cacert.pemMD5=5BEB8C41240919B4A61065F8E721A40D,SHA256=6057072A78C42FD2DDEFE110938EF20A4BE28B89CA6F961F70287BBC73D8EE1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061813Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.896{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F725779D-5D3D-4088-80A5-E992AD321021}MD5=7DCCFC3995BCF6342BE9CC800AD0578F,SHA256=4C0280CD71977001E8F4CC8E1011739C15061E7DF07176AB8FC0FE1EA2894302,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061812Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.896{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\auth\ca.pemMD5=2E1F43E540800A11AAAF401AA69BE0C2,SHA256=58F46952475C6BC1599688DCBB622323F3EDDD55AB1AB37DF3BDF77F426E8584,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061811Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.896{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F6EE5093-29B6-41B7-8CEF-FD8C744866E7}MD5=7493FF027A1BE4D75F9A1A5A4F4FC0A9,SHA256=5CC7D21738BD4A0DD189A4E4F38A3FF8A9F5647D70090C16C2F9175102F21FBF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061810Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.896{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\auth\appsLicenseCA.pemMD5=FB30C5636D0108B2688D7E1ED59749AC,SHA256=7AE2B5B5CB1D0D451D226DD26E62BF5F442A59E7F4EECADD0A9F8CE365E68B92,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061809Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.896{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F50E1E0F-5326-43A6-9BC7-02BC62340906}MD5=4A5FD2B9B60D7D8BF8AE65F7C9BDE8C4,SHA256=C911EA2CCABFE1FB63B2B32BE98B527445E1CC9DB45EB09B9116D20869C3AA9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061808Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.896{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F407B4E0-5B75-48FF-AB87-CDC661E48808}MD5=1FC56A5682624A475B68FAF738AD6B97,SHA256=926AEF4033B4098DC58FD48CDDDEB7AAEF659794E63C7D221C680EBD446D199E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061807Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.896{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\auth\appsCA.pemMD5=0A85E816D4B07CFA1022FEC5043C733B,SHA256=C51FD6490041A4E78FB5A91BB49330197F488332E70954DD877B7C511C4E4F3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061806Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.896{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F32114B2-32F3-42B8-86E3-598985CE231F}MD5=92A1FFE20B0F2C1F869F4E8EC31B6AC2,SHA256=D242E58001E0F4C81AFB0E716116C790647073A872F37D69875DB0B8032C4520,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061805Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.880{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\js\underscore.min.jsMD5=5224D253D572640BD12C2AC6BCBD5811,SHA256=8C17561264389571750AC522C272868D7105CF5E3F8AF4761D09489B631D177C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061804Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.880{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F1ED5B2A-C1B0-41DD-95FF-06EC688BD63F}MD5=5764622580FEFCEB88589542AA293EBD,SHA256=45247893B027859D2EB7809C691D079DA84995E92117A9E72A5F1B67E41E8459,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061803Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.880{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\js\jquery.min.jsMD5=25721CED154B3A99E818431446D7506D,SHA256=FF4E4975EF403004F8FE8E59008DB7AD47F54B10D84C72EB90E728D1EC9157CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061802Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.880{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F19E6FD1-C2D1-4B43-B89F-00D6108A43D5}MD5=D16667C9C073B4782EDAD752A6AA10F2,SHA256=A7533CCD99BD31AD1AA3717562B834A83E19DD8F2F85B6D7768EED92D0549EA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061801Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.880{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F17EE22A-4414-4566-99DC-3DDEE5B1FD09}MD5=79E6C5DB4487A8C7477CB1C477B4C59C,SHA256=ED1D7F3062FA591C9F3CB788CDB0C306B4560800DFFCD8FC17048D7F71F1F51D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061800Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.880{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{EEAEB6E5-9842-4D94-BD33-07EF39E37DAB}MD5=39F0EB4E99577E2D2A63187C4AC354DA,SHA256=C15BE28D39DF7DC2A0061045010DF5BAAFAB1A958E323033B9F2B319690A9F14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061799Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.864{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{ECEB8D24-0962-45A8-BF51-A5E5503F1CBD}MD5=B323A4808B31546562522A691394FC71,SHA256=72847498E5DD085B70DB67C4F39F95FC4D5960D9E5941E0ACF287E5EF0A2478D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061798Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.864{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{ECA8CAD8-0533-4BA4-A51A-2D73F0472968}MD5=EF80BCDFD14ACBE3AA742AC4EAAE828D,SHA256=AAC42DB7202050D10E797E7F51874D439865DBC85DCD2714B4905AC00ED7D046,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061797Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.864{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\js\jquery-ui.min.jsMD5=39C800BAD13F22DBFBAC469A608DCDB4,SHA256=8D5D2C7FD4AEB69AE85FC2E283F47D23C43263B83742BA43C822C94AC5A9F8D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061796Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.850{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E950208E-2E6C-433B-BBC9-CB7B21C7E338}MD5=B0039F09A450CEE7395F44573791A10A,SHA256=9CABCD247C2CB1BB3208DBE8E23D052C678EDCB005FB5411DDBAD0D37CCC930D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061795Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.850{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\index.htmlMD5=0C1496FD5B9E1EE1454309090F09677E,SHA256=00CE866F57F36CA27A2B44E062832360A2DA88647B70920C4A6F85D68749660B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061794Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.850{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E67760FD-8283-411F-B7DB-65571AEA72E4}MD5=C6FB605019DA2D7EE3CE64A25B446760,SHA256=3FCF0DF2128ACFD4ED42D39AF57898C704A1850C736C937EA53DD4D740896C79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061793Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.850{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E55C5A8C-C569-468C-9A51-237542126B7F}MD5=251D2BAF40F17D0614C2DF51A78DF4FE,SHA256=CCDFE1A3A11C7F662869C345BE368B8B8FA334A54453510B5C9C3D698529A846,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061792Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.850{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\images\ajax-loader.gifMD5=2A6692973429D7A74513BFA8BCB5BE20,SHA256=1EB9E7880F723999A4ED63EECE6A6E4D4976833D3C16DC18B4ACE3971728AB0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061791Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.850{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E5416BAD-6C12-4BD3-8B8E-BC84D98EB068}MD5=88EAC9B31A2444A80059C3D8775CE091,SHA256=378EFFB2AFF3F09BD2D2A1B004662663D0483F55332F426847499AF32081162E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061790Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.833{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E4F3AFA1-91C5-4ED3-B3EA-E617701AD98B}MD5=D6C27A9888C08D89D6AE92B04F66DF24,SHA256=6B1918A8AD61C6756A7BDDAE7FCCA8B5BE2CA05406ACF903CBCC904E889261B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061789Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.833{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images\ui-icons_cd0a0a_256x240.pngMD5=3E450C2A2C66328D9498E7001AD7197C,SHA256=53F9F6BE37D5C395C125A53DBF39C697FC3E5FD44A5F09F0D99710910F840DD6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061788Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.833{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E4697C31-1787-4F64-81F1-63A607CC59B2}MD5=431F2A03F8D61C68A13019A6359C072C,SHA256=6D5E3A807AEB8514890A63F773E71BCB5901AC5208CD7B45E496666689C6D7FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061787Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.833{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E3CFE9C5-F08D-484F-85C7-21D614096522}MD5=12F9B71B86ECCD4014C0B4627FA0DA8F,SHA256=FF261F7EF1F9A1DE1CDF2B6C25733D7C4634542C5AE63BEBD393B14BABBF9550,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061786Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.833{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images\ui-icons_888888_256x240.pngMD5=9C46D7CAB43E22A14BAD26D2D4806D80,SHA256=A42B23E21050A0F0F90C1F7A443B8087A409771611EAE402861959A793BE38E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061785Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.833{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E32B2FEC-C1FD-4827-9537-D51FDB63108B}MD5=C9BE66DC85A07CD0F69F5C120036D299,SHA256=833976FCF07C52FEAC07C92C8C6209F2195F568F57D487CABFBB9EBAC45DB728,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061784Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.833{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E0763248-F5A3-4208-B255-F3BC369BAF59}MD5=F0DB916FCB0B68E5093340A1B34DC862,SHA256=C5D52BC91F0C11065378B9C5A50A8248BF6E44ECCA2C5CA3BD9D4DCC97819198,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061783Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.833{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images\ui-icons_454545_256x240.pngMD5=119DD0C2E94AD689DE873EF39FD43E6E,SHA256=CB36E80BEAF2A527D463DA552A5C679A46C4FF8C881318A194BB0CCB61CB2D5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061782Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.833{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E022866B-A96C-4F90-948A-492342CD2C09}MD5=E3E2D5501665201561F7EF9E5583B683,SHA256=85544366631D6D7322AF43E9E713DD9AFA450F54AD7334206DB046ECEAA18858,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061781Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.817{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DFD3CF5D-790B-4971-91E6-5C1230A55EC9}MD5=F3905FA6EB9ABB88826D825EA801A351,SHA256=C4C08D46265EA86B8AC26F5975BACA4E967EC55D5A8A25020677B1C5CD8B569C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061780Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.817{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images\ui-icons_2e83ff_256x240.pngMD5=2B99A5E48D3C3957D03027D36A25E8BB,SHA256=4F907B912E024625D36B8AF307F1043E6EBC97074E31216175D14BB74C370DC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061779Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.817{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DEFCCEA9-170E-487F-9694-C3BF4292970A}MD5=78761C2C047A338210512CB068AA3335,SHA256=3C2F0C40A88E33FA1898CBC95A0430E43A381B4F2520206B9917E9F366583A30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061778Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.817{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DD96C156-C671-4674-8B35-938564EE36F0}MD5=9C51A502EFA26AA27C83A6040C87375F,SHA256=21BFB1230264CB7ACB22EA6CDDD0E154CBABDF4ED19C71C7D3AF3800200E3C0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061777Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.817{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images\ui-icons_222222_256x240.pngMD5=EBE6B6902A408FBF9CAC6379A1477525,SHA256=A2CCFDC001858222885A9DF39200840AC7A3F479BA889727D32A10398DB7918A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061776Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.817{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DD260AC5-5364-4416-8FA4-D4CF0523833C}MD5=5B1F9168082D5E4531D406DD30B92F2B,SHA256=907B6EA5F315CB53677186B92DA743553E2A7CD7547A78EC4FF1AA4BDFB71F4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061775Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.817{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DCB45F8D-D730-440A-9742-5875E9DF9822}MD5=2B2F5013025C3467440ABE2995A14F16,SHA256=AEDB46968EDCDDFEB6A7BA79859B10A9203A3A34B61260672EF87F9226579895,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061774Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.817{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images\ui-bg_highlight-soft_75_cccccc_1x100.pngMD5=72C593D16E998952CD8D798FEE33C6F3,SHA256=54270656DF079C4DA5182629A080FC633B6F84B87985EB016D25A560E2C38D4A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061773Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.813{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DC9A0A70-A54B-41F8-B6D9-2F1A49E4DD43}MD5=C6785AB71F8FF27248BDF68F78E39616,SHA256=32C02869E3C4F07F8741B16B5D20713B7320226F9B571C4A73443CA44DADEE4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061772Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.812{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images\ui-bg_glass_95_fef1ec_1x400.pngMD5=5A3BE2D8FFF8324D59AEC3DF7B0A0C83,SHA256=F6F1C1BEDF1A0F37CFEF81D12F5F012869D1EE7C984775A569827A1784D34F5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061771Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.810{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DC6E0686-1052-49CE-986A-479124FBD8ED}MD5=19181D015D055C16BC665687C626572B,SHA256=6D1576FDF06745CFC27ADFD44205DC037A8D3B2423BD0D0D234B7E8F93BD0DF2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061770Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images\ui-bg_glass_75_e6e6e6_1x400.pngMD5=F4254356C2A8C9A383205EF2C4DE22C4,SHA256=DDF5DD4E0EF2B185E8BB0AF7B6E90EBE74A84384CB4700658E76E754C8BFE550,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061769Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.795{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DC3822E9-F98F-4B4C-BF33-3F4EFFC826A9}MD5=30542096D1B2F242872344129D08F623,SHA256=DA564210140EA30D37E64EC78A2BBBF5F60F731706FE4733FD9214BD757B5D9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061768Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images\ui-bg_glass_75_dadada_1x400.pngMD5=C12C6510DAD3EBFA64C8A30E959A2469,SHA256=C108F5CBF2DD9EC07A26530695DDD95E1664597CE6C056AE44C162CC2E28CEC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061767Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.795{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DB2B4E1D-4FC3-49A6-AFAE-A3AD3AFA089A}MD5=84A1CB4F18280B8DC46AF168F93B0D61,SHA256=1E15C1461C3DDCE70341BB4900CA9C2EBA8FBFBEB4C5BD397D5968A00E8EF8F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061766Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.795{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DB04BF7A-7465-4F1A-BE55-86B8464C4604}MD5=4F27025B4D1C294737CFCA333479858C,SHA256=C00DD1301057EA59B54F5FDBF23F33F5C13DD08FD1F38798D3E3FBA2CFF056C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061765Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.795{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{D6D69344-9391-4E49-98BB-9EC1B4A415CA}MD5=DB059ACBE1C8A91C3D4C513FBA5E2041,SHA256=55E6435276DEE4D3B4B262462418D85BCB92C400790CF18CC5E3F0992B633CA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061764Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.795{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{D69A5B05-36A5-4A82-A86F-7E2D1EE8D624}MD5=D81155498F565A62977EF2FD58BD1167,SHA256=13878A28B5034C97EECBEAB3537C04FE52FD4FE118851E2C70FBB72E354E53CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061763Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images\ui-bg_glass_65_ffffff_1x400.pngMD5=E5A8F32E28FD5C27BF0FED33C8A8B9B5,SHA256=F0E6CD91B837D5C5644D026E5FFECCD907953317CD5C0F689901733AFDA260B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061762Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.779{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{D5995F06-59FB-4DE1-B9E9-EACE6F48AEC8}MD5=0591FC72595F9CFCE5853753BEEC8FD7,SHA256=2951DE515BF7EC6DE168042A0955830CF96DD9721BAB82638A63D998FB9F510F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061761Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.779{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images\ui-bg_glass_55_fbf9ee_1x400.pngMD5=F8F4558E0B92FF2CD6136781533902EC,SHA256=691597E8A40A891EA94D3589976ECFC33E6145C49422443B00AC2B5A0022964C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061760Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.779{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{D4773C01-C4A9-4489-8CA6-0DA7002E4A28}MD5=4C505E47BD7F4F831A1AC83A2A169357,SHA256=ABA879D5397530E7C033B49DD9153156943E951E2E5244D50C14E63CC5678E2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061759Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.779{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{D3B3E705-9610-45EC-9879-C6BEF2CBAF58}MD5=43C7369C28358A1AA5D6C9468796549A,SHA256=33D35E5967DCED3A4694F3455D1CCB5265BA4D098F9B7EEB3CF5090A93FF5B88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061758Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.779{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images\ui-bg_flat_75_ffffff_40x100.pngMD5=8692E6EFDDF882ACBFF144C38EA7DFDF,SHA256=39AB7CCD9F4E82579DA78A9241265DF288D8EB65DBBD7CF48AED2D0129887DF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061757Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.779{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{D1DC327D-5D41-413C-B38A-0D80DE77C28B}MD5=3F70112A925E11F06DB8ED27917E1536,SHA256=07A2D79893A02E29DAB19E834E9B73B841DCA1A3E1BA1617C9D35A3A427B429B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061756Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.779{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images\ui-bg_flat_0_aaaaaa_40x100.pngMD5=2A44FBDB7360C60122BCF6DCEF0387D8,SHA256=9A8492A580BF85D3E98AE8861FBD45567E5A1F83EEAFCF9574DA0399D5F602AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061755Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.779{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{D1B1D608-6EBE-4E9F-BDC1-6426C7EA2AE0}MD5=167F144A31EA885F0BEB589413A3FFF5,SHA256=F55671AEE8137C6F9EAA0327DB7F0E83A3E7ADA70457874594148D7008B390A2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061754Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.763{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\README.TXT2022-01-20 08:07:43.250 23542300x800000000000000061753Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.763{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\README.txtMD5=ECEA768F3FF9BD72BB005EC092E3FEA5,SHA256=2B13F84099FA126A855073949421F2CE023A7700637E1568255CAF5D0AF239A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061752Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.763{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CFD42D05-69A8-4CA9-B185-9C400064963F}MD5=71A56E19F768CDF0624121D7ABA06EC9,SHA256=94DC2DC281347B289D3536FC1DC1E6825109CACD62FA8AF628906BE28533C542,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061751Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.763{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CFAEEC10-BC2F-404E-8C56-DE4F2C87B36C}MD5=65600E4DD9BD34798F9D5E7D9CB092D8,SHA256=46EBE54343341059E987F8FF3CBA308E0CE7815F3D2A199CECFACB317328E1A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061750Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.763{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\lookups\stream_app_lookup.csvMD5=EF8EE84C3B0A330A3156687E98187EC5,SHA256=8168F8C671EDC5171E4887AFF0BB0494E783B3DD99018090F3C0D10DD6A9DD4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061749Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.763{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CF2C59DA-A788-4AD5-8139-CD44ADC9795F}MD5=385D2FC61C0F317A0FC85473C1F354A0,SHA256=79B1ADDD372C670812A759C5B0941A5FE0DC3D5E3883AE690012CA4CDA8B9692,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061748Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.763{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\local\keystore.dbMD5=8E07334037168EC926CD497466DC0526,SHA256=380120A978E630A430A6AFF3846224AF1FAA42610BD129702F16D68160DA888A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061747Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.763{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CEDA107E-F682-43B3-8B4A-7AA54D983D51}MD5=0ADEE77948BA1C5B2121AB654E40FF08,SHA256=A230EFE0BF8D1602FCE47CDA980F22CA5F2A68A2343AC68E33F7B096CB876A00,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061746Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.763{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CE9DD0FF-9CA0-4319-B5F8-6B0C60894597}MD5=A479FE0EE14311EB49C69C5225374296,SHA256=B78BF0C12063867439B8DAAE7663C9B37D81AE9BE31F580FCFC98818B8DFF457,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061745Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.763{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\LICENSE.TXT2022-01-20 08:07:43.236 23542300x800000000000000061744Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.763{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\LICENSE.txtMD5=BC54D7A6CF48AB351ACCB8CDCB9A4FBF,SHA256=EF37C441E50CB6A4B52C81B0AA84B45FE1835446DE2F0CD561F210E4099B5E2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061743Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.763{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A0E68585F797B47A8873B6816AFE41DE,SHA256=F431E3628A906342053ABAF44D575E69254F77E3C4EABA03502C20BB8E3225F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061742Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.763{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CE1F196B-4BF5-424C-BF04-E4F87B0A277E}MD5=B38C08CA9452AA01F80F426C739D4FCB,SHA256=EBA1F905CE6A3F473BD88A169806AA0B65151C5C45D3A17CA8AA7A76ED2B7723,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061741Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.763{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CD6F2DC6-8CF9-452F-B459-E5CB2378A886}MD5=E1D6539471A122F889FECF2B3DD38EDD,SHA256=B6D6FF00710E081083EC6824B49276FF808099A10F9CAE7CA38E1AA7D79926EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061740Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.748{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CCACD518-55E3-48D4-9C3B-4CA4F236221C}MD5=B2FA92EA7DECB65299985C8ED4034E02,SHA256=3113C0EADFF819AAE64A1AC52BE1E0536CB36AA74D63A3D1EF71CA501999F703,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061739Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.748{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CC6DFE89-FF02-41F2-A712-B77ED0A846BB}MD5=AC52981EC8257EEE42AFE65B675DC780,SHA256=FA435BC72F493F65146775F3E07F030CB33E863471E99786CEC49857F01784FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061738Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.748{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CBC7692E-2A41-49F3-BC4B-6457CDAEFB6B}MD5=D0CB985597061D31BEA3A0B56BF2A364,SHA256=5D28DC5D0F92387C4742CF9404BE2823264B3E8D00582325B64EFCB6116915A0,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061737Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.748{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\copyright.TXT2020-02-07 07:06:34.000 23542300x800000000000000061736Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.748{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CBAD8F2E-E058-4CF2-BFD8-8E1AEDC20B97}MD5=B523D1304B2F0D0A2908A38257A6C85C,SHA256=2A42A9C0F45CAA559F599F3356858D8F1E427C34316908E5B9C1AEAE359EE7E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061735Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.748{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\copyright.txtMD5=25A9FEDC584FC6D5E10F689A1352D947,SHA256=144B3E7979C26A2AB1DB949C052B71675167DFA8F3B711A8714708D0EC29E3D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061734Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.748{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CB799160-D395-4305-B173-DCCCAD9DC756}MD5=A07BD87DE0B6C2D55A78A8EC0305CCBC,SHA256=ED359ADBAED9C40BF48B78E8AB50D3311BDCE912CBF5D103EBE9A9EE42FBD3A3,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061733Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.748{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.PS12020-02-07 07:06:48.000 23542300x800000000000000061732Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.748{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C722DF62-F5A8-417C-9792-16DE1A6EA65A}MD5=3D8E9C5433B45FD75DFF69079462CC17,SHA256=D476FA433186B1E03BECD3AB8A34DD802FFA13041246BB295DE533E905334D27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061731Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.748{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.ps1MD5=7F605AFAAAC29A69CCC14C4D7B8B44D9,SHA256=9BAB888501E55055F3A7B1B2796225C42BC9F4BD8BD81450714252A4580F6F6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061730Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.748{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C6D1F4B3-791A-4294-84BC-A5CC30C7B824}MD5=DE89ADE88B0C8C97F3E7A283415A8000,SHA256=2FDC98EDFD3EF76195327D872E24D6F35F81F19AA2E8047A599D47B2495D1A01,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061729Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.748{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell-common.PS12020-02-07 07:06:48.000 23542300x800000000000000061728Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.748{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell-common.ps1MD5=996C91B0B365FDA984A84D5037C44EEB,SHA256=A1E4B415329053EB5604B2E2AE35627B5E0B24203FE63A9BFD438DEAE4686483,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061727Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.732{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C4C075D0-E919-4C24-852D-E13780EE4658}MD5=302DD472BDA406CAC75F53565395D325,SHA256=A5B249028EBF84426C8AE927101F1E87CE942F97B772235DF9188CAC50E66972,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061726Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.732{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C3BDCA3D-DF70-49F3-ADFB-CE5D29FC5979}MD5=0575310F85492A9BF3F31C5F3D8098F5,SHA256=FB31AAF4BD9EAE7CC520B8D2D7F1108A70D07EEA4AC6442B9D5EDCB7FF61EB77,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061725Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.732{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\bin\slim.BAT2020-02-07 07:12:44.000 23542300x800000000000000061724Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.732{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C2AF2911-762F-4EE8-94F8-532CA2D33773}MD5=E492707405350C220E1AEE0926D1C70A,SHA256=91ECD325C69FEE2DC350BBBBD2C46C274D4049CD37D8666C89A272FA3CBD0BF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061723Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.732{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\bin\slim.batMD5=9E587D6252881DB4927DF78FE398F6ED,SHA256=E7061BE3460F881D78242CC808F1B4035ACE3B9165D8BA46A29988733A08AF2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061722Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.732{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C01B19CC-3AA4-4C14-AFA5-8730E0D5AB29}MD5=4C9F0E7BA202DE3EFA0D3FD7EB9CE0BE,SHA256=BEC7B92BC7E2946B667CBC7A51C9551A6BEA4A3950B8D5D15D969EA270A5D040,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061721Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.732{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\bin\scripts\readme.TXT2020-02-07 07:06:30.000 23542300x800000000000000061720Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.732{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BF9852F9-1063-459D-8019-554A967D65DA}MD5=7B333541432925938FDBC59AB014434E,SHA256=ED81D75C4CD564482584B2090BB050469A77AFAE84F9EAE919494DD5036CD2FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061719Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.732{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\bin\scripts\readme.txtMD5=1C3C112A820249AA965335C18DA30C9A,SHA256=3B6BBA73EE8945EE0EF1822A6B4CA0D17BEFD687609FD3D91C29C46CF346B7B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061718Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.732{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BF727C28-7D11-4CD2-8203-F7B1CC260A45}MD5=E8D9D964EFDB1F1625590973F6510A92,SHA256=3176A51E20B6011828F71B1D49FFB99D12A874AF82A9F64B697B24F8C036AA40,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061717Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.732{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\bin\genRootCA.BAT2020-02-07 07:06:30.000 23542300x800000000000000061716Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.732{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\bin\genRootCA.batMD5=C67FFAFEAC4C91EDF25BAEED1431D098,SHA256=BD2FD589F764BF495437360B4BA6C62ADD7AD1DEC59E4E5D2750244D61043E42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061715Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.732{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BC484493-0073-4E21-AB55-4E00A7E58BFD}MD5=BA0E199D50AA8042FE56A96E9B6FE938,SHA256=C39F12FEEFE3C880A26A83544C4633F15FC80911BB5EE3771C3A6FDCE0FB694D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061714Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.716{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BB13C884-5D20-4A0F-A888-92AE1E1165B8}MD5=567AF9675D37357B017B86990B74B7D5,SHA256=4539CA179CBF02DCECBB93F612BDDA54598749865B202C3C21D4949F256809E5,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061713Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.716{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\bin\copyright.TXT2020-02-07 07:06:34.000 23542300x800000000000000061712Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.716{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\bin\copyright.txtMD5=25A9FEDC584FC6D5E10F689A1352D947,SHA256=144B3E7979C26A2AB1DB949C052B71675167DFA8F3B711A8714708D0EC29E3D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061711Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.716{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BB0CB465-FAE4-47EE-A0FC-754CCF576574}MD5=AB68871FBE1CB062CBA92751388337A9,SHA256=F061E63D3FB3EDA7CF0A3F06A536D51D2425E60C36D9E6B827A27A851DDAF7C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061710Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.716{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BA77CBB6-4261-4986-B8EA-BFED3D19F89E}MD5=C1D30D7A001B79D3ECB2250A33576D37,SHA256=3A4C7EB740E16EBC23502D4C211C8A865FC39850E3D18DAA6FD54BF3A6D65359,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061709Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.716{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Notepad++\readme.TXT2020-01-03 09:54:58.000 23542300x800000000000000061708Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.716{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Notepad++\readme.txtMD5=11B0A85DCD7045352F71E46D83DE6D7E,SHA256=BC661498305746C6DEACBEE301522F7C283566A804184E290481D3B57AF675B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061707Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.716{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BA755D44-A919-4B89-90ED-8D83B54F6D61}MD5=3B8C9A960B38B0FEA34CAECEF42389EC,SHA256=87BA71AABC877F67EF8D2CD4E12047807DC3A031BE3D77C9475848466E81FA01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061706Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.716{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B995D253-B1BF-4838-95B8-BCE09262AE18}MD5=A3CC189708E0A820755CD7227B5130D8,SHA256=D1F46320978C7C87CDAA22EEE66D54383CA1519AE9A635766F5C89BDB408CC38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061705Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.716{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B7AE5792-6CD2-4847-8071-8933D032EAC5}MD5=9483BB8D32383550B70CF56794BD1A89,SHA256=8E58041D4D3FAFEDA3B4259FD4C34FA378ED78CCD581C666F5C511AE2FDC4ECA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061704Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.716{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Notepad++\change.logMD5=4B38816894D191AAFAE6B8516E68CCC3,SHA256=615A1C65FEEC13AA5CCF5F2CED3E08D0CB36AED483659F52BF57B08C99C70F71,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061703Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.716{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B7A0760A-4C3E-4050-9871-99FF08025DD3}MD5=293A6DA482D5BBE33481D3862627FC85,SHA256=DB4BC9F4B278E28EA33C8D6EE0C09C1333999457C81FC0E78EB77B084BFA26E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061702Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.715{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B61C4D6D-07BC-4562-BAF1-45B47D25F2FD}MD5=CA431B3877A7F0DA03403BC4775B2A80,SHA256=8E30D9FC8B67174E81D4E7E60CC8CAB5FBA1964A0005DF14ABB79BD54C8114F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061701Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.714{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Mozilla Firefox\updater.iniMD5=7A6CBD521497F6DD382F7B8C6AAA1EB5,SHA256=531B55D2224EFA181B75ED4CEB84E4F854F26C2382DC411945515D57D8DF2243,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061700Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.713{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B5E47FFA-C524-4886-BFDD-E98152617FC3}MD5=4C3C53DB4C12447135EC8D9763CC3390,SHA256=D63D7E402DE1E88DD22AB81A85A8A364C68C4FF3364B40F370B56D756D9A4EFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061699Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.711{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B5A0846F-A5E0-4990-BB66-AAA3A5381044}MD5=39022D3EA92409E7C68C7E9A05F488B3,SHA256=7FA4F547902131403FA87A57504D37A25611781C8F278206E361905B83881F54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061698Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.710{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Mozilla Firefox\update-settings.iniMD5=1413131F8CFAD1E19D299667BF759087,SHA256=C18489344FDC21AE366B4D957A0B9F11BE772483CA46F9FFAB6ED0356F946513,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061697Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.695{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B35B1B14-29DB-4BFD-A3AA-B29F7D7AF938}MD5=5490694B2E1E178A45FFEA99EB0E9D35,SHA256=76943E8C224DDCA6A25A3938103E18582C2223DA118F320EA86D64B9AEF4894D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061696Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Mozilla Firefox\uninstall\uninstall.logMD5=8FD620900230927AAD4CA146086DFD8A,SHA256=D67F51BD360D98F4879820984A7DEE437D07857BEC5813F5F545A7B699650C5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061695Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.695{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B09CA134-4A1B-4A3F-A448-66110086FE87}MD5=69542497FE36617DF9DE409EBB9D8B0B,SHA256=3FA3CB69BFC893448F3DBE1C5CFDE10EFEC2995BB50C1AED5D5A2CB2E63B00FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061694Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.iniMD5=55371DE160F8C6C68A5560C0F416BEE7,SHA256=77CBCEE2F9A1847F760CD24D22A9ABA4476489421275CB35D8BBDA66B3A71070,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061693Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.695{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AE2C18E7-7BEF-4790-A0D3-EC5B8540C42F}MD5=ED25EE991E02296CD5FA61357123796D,SHA256=44162516A91BC1C48EAAFDBC91528967D11B71F37EB79A2C32D899E5E271B36D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061692Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.695{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{ADA4AD01-FBE1-404E-94EF-3496660B4874}MD5=18168D2B1AF08BB75483744095E0789E,SHA256=43E5973C0F89EC0A9E121B7CE5FCE348555F75550FC22DECEA1D146952DB8F03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061691Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Mozilla Firefox\platform.iniMD5=71299248F2BACB76A81949D789D0A7BC,SHA256=3BFD24E1118D59CA5BA5E1927850CCCEC7F69A561376DAC0D9618790353C2DB1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061690Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.695{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AC719959-E638-4ED6-9592-1BD4DBAB2620}MD5=DB37096EC5C6790AB8979C9A773D89E3,SHA256=A18BF16A78366143D1AD3E6EBB48630968CF4F497685E33EA72BDD94409EA222,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061689Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.695{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AC51AC83-7590-437D-9D1F-20A37895C5C6}MD5=775BF4B78753F200A054E6D5A2A41CE7,SHA256=8A5C5E2332F9730D7ED2AD4C8C373C378CE096335B00EC47F892B4797899C306,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061688Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Mozilla Firefox\locale.iniMD5=BAD74B155B8731BFDDB8D54CBD1B0021,SHA256=A4A030B6F430548E5BBA3CFC748515D40B72C522A1345957DF4ED5F88736013C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061687Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.695{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AB2C08FC-68F9-43C7-8F5C-7AC7BC7F33BA}MD5=7EB2F65C234A44AE208F1C655608E379,SHA256=61E8EFC14C18FA3978B08DEEFB753ED576A67581BFBF13FF3647B34A6D3FA5A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061686Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.679{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AA9B0A77-0BE3-44E8-8741-484541C4464F}MD5=4AA14F651E6934D9FC829104693B846B,SHA256=27789A77E490E7BCDDCD6E86F1374E0BF299DAA2B31FE39EB6A4A343904648C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061685Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.679{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Mozilla Firefox\install.logMD5=B563AAA6B6C4CD08F18FF4BCDE36CF14,SHA256=372F96E5E2D845AD64668918383600640F939C884F19DDD0F364DDE3AB050D90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061684Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.679{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AA753CC6-5B64-4AF7-B289-07D5105ED853}MD5=8BDBAAE8EC81AC7AFAB9EDD070391900,SHA256=60D748550DA8497F89A308C165F112D880FE0809B751432F88FD99B061784583,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061683Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.679{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AA629C02-C116-4720-89F0-4312B07A24A7}MD5=DE122897E23689F51417997714AA144E,SHA256=60A21932D07A04551D7E908FAC42D6A707E660F2D230C38FFAE7BCD7FDFF4DD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061682Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.679{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.jsMD5=3D84D108D421F30FB3C5EF2536D2A3EB,SHA256=7D9D37EFF1DC4E59A6437026602F1953EF58EE46FF3D81DBB8E13B0FD0BEC86B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061681Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.679{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AA20419A-E28C-411D-81E5-41B4D11D9B18}MD5=5A72FFF9B71515FDD9B2EAA587735C89,SHA256=1C5AA833E80442979F4E828C69387EAAD3D4913F7E7F82B62FF72C7E0C6E1FF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061680Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.679{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A9F609D4-DE0A-4AC4-8FFD-4ACD03DF3CD4}MD5=AE88DDB0A406E61C7B6C07EDEAB0B336,SHA256=18D18A4AB631D92D79BE6B8C0E29A6BA977221BE0074DA39C6CC1A1CB0B448AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061679Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.679{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Mozilla Firefox\defaultagent_localized.iniMD5=DFA56F0760554FA9708E45248E6C576C,SHA256=8AA7E80ABF76D1E81205A10D92373EF1029778B9AE9C15DD3BA758AA26E84D88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061678Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.679{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A95945DD-EA50-46FE-A809-F521627A7FE9}MD5=C8BA324D0A30DA1032B5366181602E41,SHA256=48950D7CC146E7E3C86FF29D77AE9F2B81BAD6158530B14C002D081D217C2C89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061677Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.679{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A8F48705-06AC-42C9-BDFF-4344C390E561}MD5=71C1FF15F18B99AEE961D20810497646,SHA256=97E94282754EFDD177A5621EA9674B4F93B49ED1833212144F2B45C499178229,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061676Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.679{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Mozilla Firefox\defaultagent.iniMD5=88D7D32AD20BF89BB7785BD07C638E17,SHA256=5CF0660A8F2624433C8C1022F93FF3C94C5611CCBC93118EE053566590EB53F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061675Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.663{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A7B4411F-595D-4C06-8135-E53B1E24AD56}MD5=5CD9AF932884B5D03C26F78A622C9F33,SHA256=9195BD1D29050EBFE8DAC5D285C0CF148BB8D98D4416FE5312A36F087793B261,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061674Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.663{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A7AE22F5-4FD7-4599-8FEA-15B7C65CF9B6}MD5=D33F23FFF1867D70FB08860F1668DEF0,SHA256=384736297B4321669DCB0020065D9E8CD826A6D9C076EAD322C9A6E729322514,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061673Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.663{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Mozilla Firefox\crashreporter.iniMD5=1B0D446F9D17C1374C81ACEC9D8D2406,SHA256=A0CC8CC3287D54D7E23A156256A553792970DF9CA57F6AD85DCEED32B979DA71,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061672Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.663{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A74436E0-35AA-4FBA-976A-36974A2EFC97}MD5=134F0FB58E049AA79AB0FF12F8179B9A,SHA256=9169E58404107583C688BF37024D51469A1EC58928EE06363282ACAAE99D01FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061671Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.663{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A73354A4-DBCB-40A0-9A4E-D318AA3611A4}MD5=0C57E3789B21EE7E43AD57C3C7790D47,SHA256=7F56F56EC0B5A453592A09F0DB43173BD3120670A672D94FA8AE32C8CE9865C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061670Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.663{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.pngMD5=1A340E565E697E63B5A4CE51F7297119,SHA256=C4BB210E61CD35F9A0A54FB941EA2E3BF6ABDE799BEA1C78D24C761C9A3BC429,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061669Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.663{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A7283017-10F7-4FAC-8C3D-914E1BE6CE78}MD5=E58FE3F4E8ECDE31ADB80FDCC80BD84C,SHA256=E2061930D73A406DBEDA30BC891B0ABF5F258EED98FC19892E61AE1DC7D0A658,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061668Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.663{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A6AEFFFC-3AAC-4477-8F54-C80641426978}MD5=B23D8F69E7D10EE49CA80F8283FE71BF,SHA256=3A8FE69083174F3E2EF2C3EE2F6BE203784C90E342BC612F343F13B80F89C944,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061667Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.663{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.pngMD5=8E058139E0576B4AD8D424BB21071063,SHA256=E86EE493E89F5DFCE2CE8817AC5D1C04D8BA2B07A06FF0F967C0167562510DF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061666Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.663{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A53D282B-F52F-4CDE-8CC3-ABED684FD739}MD5=1D0911D2B18912837F7D0639D5336A29,SHA256=840F45C954CF32B38B75F9F28727D144F6215757F7D856EF01B775B51EDD50B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061665Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.648{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A4170FC2-6080-43E0-A679-DD84B69E11CD}MD5=4FB25D17FF31D499335791C1417C296C,SHA256=D59E6997A916366203BF226B14B524DB2D95E1D56D6152712F4EAE07459BEB09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061664Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Mozilla Firefox\browser\crashreporter-override.iniMD5=9524DF130A8E1AB4EFDFB32B4E68A7B2,SHA256=699CB7896B205018DB7248A2954D0432022C63957AD3A83AE53711755AD47C8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061663Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.648{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A0AD5F53-3E45-4F19-B06F-B53E5A7F4E6E}MD5=1462EFFFB5DCB4F6811DB8D27B4D9364,SHA256=091D61C7CAF06FDAC77F14A59FC3466FEF62DF2753C7D92FC2D94F1E9873A9FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061662Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.648{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A097D8AF-0499-4E1D-877B-241E12887577}MD5=257CD634623E0373F7125611618A69A5,SHA256=97A231A7F0C4B3FCEBA76958AE41B749664ED08784DC6D6FC4D3543506909DE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061661Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Mozilla Firefox\application.iniMD5=232F84509A2BF3A3B4844B612C269382,SHA256=702E82D9D2A07D2EE090C16B4292107DA2E821559FF474BB60AF273653DFE181,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061660Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.648{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9E0D8204-5AC8-4A48-A844-20F04F9028EB}MD5=55745770E7E168D0E5EF45859BEB4A0F,SHA256=C1F2E6275F8240C6C09ADED08CFB6C6FA90D80EC892E2B4634E9C574522318A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061659Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.648{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9D437035-4DEE-4BE7-A5E0-4BA7C7C89D98}MD5=EED538E3DCB1ECE61E286053DE696AB4,SHA256=3602B4DC9C523206C5150BEA830C52569DD3DC3B289EAB6F24BE4B71B19AD168,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061658Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\IDA Freeware 7.6\themes\dark\icons\spacer.pngMD5=FA8EC07DB9E8BD0A335AB244ED005724,SHA256=627A73DEC6BA1569B2BBD1EF41ECC3DAB437AFD470BBAFC45609B3FB019F5525,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061657Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.648{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9CDDEA09-677E-4FD1-8F83-16170385ABBE}MD5=29DF9B72E136385B25627533865D5CD6,SHA256=18E2FD623C0A1DEF57E5C87B6B944A9106F7D89AA43194BDA30C7A2B00589588,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061656Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.648{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9AF12D16-D64C-45DD-86CF-5EC8C75EEBEE}MD5=31854E739801A34E56A2A6FC595502AB,SHA256=1BCE04A29F03CD75C7FD0B49A66217BE0C8E7917FC13B5F9DEC3A31A97D0FA38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061655Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.632{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\IDA Freeware 7.6\themes\dark\icons\expand.pngMD5=88D318482B3DE1A8ADA927E659956549,SHA256=98F79CE976EB484581CA168FA01679A40CDFC513F19479E6AAAD9B078FC1D456,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061654Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.632{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{98370BF1-A27F-4BC3-BD6F-44E016776C3E}MD5=D266B5E78D87C7BF0D92C7B891BF058B,SHA256=4AE16150AE3C78BC882D7097941033D0364B53F1FA65244E1179E88B3394D46C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061653Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.632{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\IDA Freeware 7.6\license.TXT2022-01-20 08:24:47.793 23542300x800000000000000061652Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.632{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\IDA Freeware 7.6\license.txtMD5=84BA227D105076867EB5E8141D88F410,SHA256=722BEC74488B3896FEBAE74A193DDB77AACC9D3EFDD7D5E3B187EDFF3331D977,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061651Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.617{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\IDA Freeware 7.6\ids\win7.zipMD5=60B0F90FD1540AB2568F1AC1B355BDA8,SHA256=E71BE3A7D035AC19C9DF085822F54DF29A50C0C786F62D25227ED6AC89C96E6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061650Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.617{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{95851F61-29E5-48D5-B498-8E2FCED8182C}MD5=0B0EB8B52A57D84662EBE4272A270BFB,SHA256=6A4738D732608A42C4FA88A93AAAEBCB4DE32BB4F4BC4A459AB4CAE49463FCFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061649Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.613{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{94D18D07-F669-40BE-B819-F045117DD9EC}MD5=44D2F0C0DBEAF4B95B526698A2C3DDE9,SHA256=A1FBBA1405A1D220C125D87BEAE6ECE994B64A85D0653819CED1825727AB6C55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061648Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.595{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{93E4B6E1-0B34-4652-8D32-4D18EE97E2EC}MD5=56ED5A1A5F01E7C8FC2CDA71CC714B57,SHA256=56E8872E0A0B463A32439387683529933AF3D381BD45BB8CE300516002ABC862,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061647Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.595{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Greenshot\unins000.msgMD5=79173DA528082489A43F39CF200A7647,SHA256=4F36E6BE09CD12E825C2A12AB33544744E7256C9094D7149258EA926705E8FFD,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061646Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.595{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Greenshot\readme.TXT2022-01-20 08:40:02.404 23542300x800000000000000061645Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.595{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Greenshot\readme.txtMD5=A983C4D47302CE7D8CDA499B86D81A9C,SHA256=6CF08315598F09B3C6418B18E8CB205B58BC5334D12CAB535A8B12EF7618CA58,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061644Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.595{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{939A3E2B-3490-4950-93DC-6ACCC116DC4B}MD5=C098FC33D05702AFBECC4E0E2945C319,SHA256=075B17CBB8F1C5945357B6CD068631B071952939D505058D21CAA5524DB6B3A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061643Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.595{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRCommand.exe.configMD5=1A3EAB4B5B208B3A957F9E3A82019C4F,SHA256=B76E9C25EB2BBDED1B97EFCBF91150E97F44C525FDCFA3838CEC51AEB5687441,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061642Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.595{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9077E6E9-6D89-4EE9-82E7-3F951E93A330}MD5=4BE3F30525730471C73E0C62346BEABA,SHA256=891E0B148B6EC0BAB718825590EBC33F63C032F9B409D8B66B5C2711BAC131D1,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061641Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.579{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Greenshot\license.TXT2022-01-20 08:40:02.388 23542300x800000000000000061640Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.579{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Greenshot\license.txtMD5=4E9137B92ABD5E5BA212CF667D833B2C,SHA256=B5CD774C1D086CEBB073999A7A93D17CB81525540D5F6096C044A949D0BD91B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061639Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.579{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{904A6D82-303F-4FBF-8908-5311ADC9535A}MD5=E54650A89B94D2AE7D2B66AFEEF90220,SHA256=0CCBC9AABEAF44A0A04F93822B0AA7708C133A4172BE0BE44F4083A8D4A04A73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061638Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.579{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Greenshot\Languages\help-nl-NL.htmlMD5=2D13BB002DAF7A5C5D95EFC7E3366A07,SHA256=A1BFDA7F6685D90FE22D21AD60E1A4EE1847FEE70597C2C2EC970DDCC5845681,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061637Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.579{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{89CF6117-DED0-4E6B-A079-F0A7871A084E}MD5=F04D4B26FF82C75436E4DE162097188E,SHA256=CEAAB4DF24349120BF2386105E02A06C382B77BB76C141FC2EF24F3704837F1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061636Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.579{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Greenshot\Languages\help-en-US.htmlMD5=CCB4694B8FE5AD73F84C7D35F0B4A10D,SHA256=DE46AB0152998ED105BA81A548AB7308704A8FD395ABDDBDC13D81F52C134C62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061635Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.579{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{8970180E-3A45-4A16-A093-730C141B3D7E}MD5=AD3660129EB0E5FA5291EA8CADACB54F,SHA256=A918F1AA261BAB3AEFB7B04402308C07C7EDF4B2022F412F410F79F08A6752BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061634Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.579{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Greenshot\Languages\help-de-DE.htmlMD5=9821F6C2EA671345C430D4E9C074D808,SHA256=B34FC7B4A3103487C9D6F78C03FED29BB06452623706666696A2AC8ADA2A4945,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061633Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.563{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Greenshot\installer.TXT2022-01-20 08:40:02.372 23542300x800000000000000061632Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.563{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{89602519-1773-4279-97B4-FD0A682C8ED1}MD5=79627B51A85D22CDB61C822E846F0D1A,SHA256=FF11CB0CBED704D974819248A743ECA5319458128DD1E99585BF4799E2D3BAC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061631Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.563{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Greenshot\installer.txtMD5=723113BBF1776A637D1E36C8817D4B00,SHA256=486D65759113E52BC9D9A20C8A2B8DD9EFBC3574C2720916E23C443FD47D89A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061630Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.563{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{8956A25C-83AB-48E9-8B34-6BBDB950089F}MD5=D7FC6778C8D67C56BE8BF64132D972DB,SHA256=2778CAE3AB1E456516B73F20685FAB839493712A56727C4BC066D9B09E332D1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061629Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.563{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Greenshot\Greenshot.exe.configMD5=607CF0CB207FE62914AFB1D252002DE5,SHA256=E1F91B7391B071117B03BE8E8A21FB644E83A624BFA9EA76A4389E8F2EA7027C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061628Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.563{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\ssl\misc\tsget.plMD5=752CA711424382379B6AD584F2605978,SHA256=23E35449D18E085D82ED576D754C2DEE7CF0580B7F73ED70FBB944278E4C3FA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061627Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.548{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{891A5510-1EA5-4098-8E83-C601BCAF4171}MD5=805FB392ECA13143589A8D40FF9FD4B9,SHA256=2A9C7BE018E5BAEF715D80705BDEA5B2DE2AAD292DD388B6BF4014DD2A32E372,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061626Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.548{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\ssl\misc\CA.plMD5=4DEE21EE4FEF4BB1D8480605AA389E09,SHA256=C4F8681D06D216202C061B5D7823D577F31D8399DF1880DDD5719D1F439C271B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000061625Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.548{6F5BEE90-1B15-61E9-FA00-000000002102}46325324C:\Windows\Explorer.EXE{6F5BEE90-1CB8-61E9-7203-000000002102}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+55a20|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9824|UNKNOWN(FFFFF803E7C6BFF8)|UNKNOWN(FFFFFF171F0A5B48)|UNKNOWN(FFFFFF171F0A5CC7)|UNKNOWN(FFFFFF171F0A0351)|UNKNOWN(FFFFFF171F0A1D1A)|UNKNOWN(FFFFFF171F09FFD6)|UNKNOWN(FFFFF803E7983503)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5928b|C:\Windows\System32\SHELL32.dll+dac4a|C:\Windows\System32\SHCORE.dll+33fad 10341000x800000000000000061624Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.548{6F5BEE90-1B15-61E9-FA00-000000002102}46325324C:\Windows\Explorer.EXE{6F5BEE90-1CB8-61E9-7203-000000002102}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+55501|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9824|UNKNOWN(FFFFF803E7C6BFF8)|UNKNOWN(FFFFFF171F0A5B48)|UNKNOWN(FFFFFF171F0A5CC7)|UNKNOWN(FFFFFF171F0A0351)|UNKNOWN(FFFFFF171F0A1D1A)|UNKNOWN(FFFFFF171F09FFD6)|UNKNOWN(FFFFF803E7983503)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5928b|C:\Windows\System32\SHELL32.dll+dac4a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000061623Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.548{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{8915F940-D22C-4058-A549-9629DBABBF83}MD5=8EFDC0B98C963D727EA805EC8F563F1D,SHA256=189A24374550768638C9151FFC17800E33437ADCC87690F70145338A550615E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061622Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.548{6F5BEE90-1CB8-61E9-7203-000000002102}6636ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RF88ecfa.TMPMD5=77DF5A3D3840801C167691D5737AA37F,SHA256=4F1DBBD5995CF702343F9199DE4649D8D3430D79B77D698CBCAB2F2C4DB602EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061621Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.548{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{88E15164-57E9-4F39-813C-9E13705B0EC4}MD5=6F1CAA9E498846BE5C2E771F8D59C703,SHA256=10A696D30A896FAE9AF7B5602FB022F949AEAD2C38F30ABE758D66CFCE7EBC6B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061620Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.548{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\ssl\certs\ca-bundle.trust.crtMD5=9C7D35DE9807C2BFE86C18AE1013B2F2,SHA256=9B72D3B397D25707950987F4C780EE04347F387A8936656E00CA05DA39C98803,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061619Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.512{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{87FB0FB8-4943-4395-A82C-86823903F441}MD5=FF2936A88B71A2ED92A821C97E3BCA07,SHA256=FC79A6AC286E9E9E42170531CDC218C0F8709A2DDEB08AC40920F54D7D0AF578,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061618Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.495{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{87831482-0083-4F9B-B85E-8BD419DC0698}MD5=62011E59E916DF41A93E8EDDC501C2DB,SHA256=18327A4D327AF3B00B84D8FAD1602A1973E338B11934F2AC835857BFDCFFC7E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061617Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.495{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{862E99AD-6513-4036-91B2-97583B960891}MD5=1D30863606DD82C97D1D727162C77F43,SHA256=EC8077AC654698092C8B9AE26DA4728BFEF77412CC0DB6554764EC6A4C8144F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061616Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.495{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{846971AD-FE32-44FC-A380-F032094575FE}MD5=D4505AA1E7DA3385912442EE9EB69C86,SHA256=3A08BD25EB245254F54D61F7F38CBC95B013BDE95948B791931AF2EC1C8AC27D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061615Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.495{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\ssl\certs\ca-bundle.crtMD5=DAD3BF974463F0084D3BFE93B5D1819C,SHA256=E3E8744818327496A1990E273235CDA1A36E0FA13A57D96AA17C1C8C33C04023,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061614Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.495{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{83EEDF5A-EB56-4948-BCCE-DDF1674C2740}MD5=AD8A1B3E6404F2A9000A254BC2FEFE74,SHA256=8BEB4B8E594ED322371F1B6D235E4C4D221F48BF4598B6196E7ED3E6F369A25B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061613Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.479{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{83EE4BAD-F55E-43C8-A4CE-926B50B024CE}MD5=0ED4C3C43532E5475BC61C2099D07854,SHA256=7905B9D3871D3DB057E8B2DCD83DD21DFBBF1BC6EF6888986CB4873BFEF25D3B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061612Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.479{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{839E30EA-CC4B-4248-A859-FCCB9F3E3EF0}MD5=DDE1FEC23A720A59466238DD87AB58D0,SHA256=98B7FB26B9EC848091ACE8D941A367114E92630D4DED2DC95DA70D32003956A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061611Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.479{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{82E051ED-4A4C-4942-8C03-00256AB2F603}MD5=BA1D31227755BFE6A07C0679F94596B7,SHA256=AFD3FF970F6D026A47F53BE69F0426E4D01ABF4F3484C265C63ED4AB0524BF5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061610Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.479{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\ssl\cert.pemMD5=DAD3BF974463F0084D3BFE93B5D1819C,SHA256=E3E8744818327496A1990E273235CDA1A36E0FA13A57D96AA17C1C8C33C04023,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061609Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.479{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{829D44DB-7EEA-4B3D-AF27-C37EA2B3BCB5}MD5=C917848F6C5A5D35C4D13EDF5010C315,SHA256=DE97E51767E23FBA7874661572EB4446BE78335F52802ED9EC7A15B7C53C6373,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061608Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.479{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{8232BCE6-71D9-49D1-AC58-34E2F450E13E}MD5=BF91B1721B81EB6583AAC89CD642729C,SHA256=72CFE716D42693DDCF30CF17034A38414FA2625741322BD97EBF2EBF9B641A09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061607Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.464{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{806718CD-0873-4DDD-A2BE-4980840AEE29}MD5=CCEE847F17A47A68577952A77BE400DA,SHA256=CB974D2EB5DCE0E17FC18DF6B11BCA7D83969AF4DB6DC152A0DAED4C18A6FF56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061606Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.464{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\tutor\tutor.plMD5=85FAF869D3A8F6F862FB124DDFC97287,SHA256=80938DE4ADA62C3B157A0C0F5A52F2B9F05EF936B2840F6C1B30E76ADC4C9462,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061605Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.464{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{7F720D6E-B5B9-44C5-9F32-34CDF5C2B5D6}MD5=D2F4BE026EE174625B0DFE539BB33B54,SHA256=211221BE2B039D687981089CD012BCCB1CC1C8BAE66C41AC5C881C671AB3D57A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061604Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.464{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{7F3596E0-46EC-4DA5-8C8A-FF25335FF782}MD5=F64C524922FA139C7BCAAD4C37F33FA9,SHA256=ECF089D710A73FBD3F2EF0429B7988BBDDE6B3CD2F1A55C6BA13003088CDE3CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061603Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.448{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{7DC1B5C7-EED9-44CA-947B-0828A197634E}MD5=A49B88B378877D07FFEF0D0E5A91E014,SHA256=AC141267BE74B23BC0CB070AA488E2B54E3703EECE4E5B10105A2104FA3319B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061602Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.448{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\tutor\tutor.csMD5=F93BC3C879C647D578A2447A185B97B0,SHA256=CB0D060DE36B2DDDAE31355BFD8B2EC3AE1402272FE5BCACD151B827EEA61584,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061601Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.448{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{7DBC5501-3010-4B4E-9F02-A97B06FCB135}MD5=1A08227DAE57341B513BC499CB199ABB,SHA256=E8E4B428500B22B211AECD2154CCAE35DA96759C55DC71C3864214174DC68A30,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061600Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.448{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\tutor\README.TXT2022-01-20 07:58:58.147 23542300x800000000000000061599Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.448{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\tutor\README.txtMD5=D5E83460FDD94DF73ED76A92D196EEEE,SHA256=780B1C3CEA8273FC422347A35808B09D9E4D3D75984D572D34835C5744D6E0C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061598Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.448{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{7D0BC201-4961-4596-A076-FAE07EA883F9}MD5=358A923FC11F4D1399353038BC0090D5,SHA256=32FCE53E0E14159E0BCCB84AD8EFFAF808EE36DDC1441C71E674AD8DBC5D66DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061597Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.448{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{7C9DDDFF-DC6C-428E-B5D0-9F8ECC6927C9}MD5=689B593046874B60FFA60F125971CABD,SHA256=2923345E7F0D41A51BA66BCC65FAAED3725B291B17E5DAC7FC7B38992B1776A3,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061596Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.448{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\tutor\README.el.TXT2022-01-20 07:58:58.147 23542300x800000000000000061595Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.448{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\tutor\README.el.txtMD5=5320DB3545B0EF8917B954815B729751,SHA256=6B5F01CB92AA6878566F28404B80A97CA9F40E55D3D93F13483D61FC0F0702B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061594Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.448{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{7B1DED6F-0FA5-4590-8BDE-B33025966FC2}MD5=9FBE7BD6336E22E4CE028C388AB95564,SHA256=1F403DDB62B1A2E23BE9287134485E2C92B41C9A553AE8D8CFBDD35086AF9092,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061593Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.432{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\tutor\README.el.cp737.TXT2022-01-20 07:58:58.147 23542300x800000000000000061592Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.432{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{7AC92D30-B423-44D2-B87D-3FAC1B712273}MD5=2EE3D3AFA3B2E809D40F46F50E2D19AF,SHA256=FAA393F3C060561D258D591C489192A961CA3A18A75495F9E0D6238736193E8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061591Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.432{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\tutor\README.el.cp737.txtMD5=E6BD05E1D5A88261F33509DC6AC0F547,SHA256=B86191DCF5A630CB1472CB25EFDA5C6C2EB030F2C9DE2658A581B43E944C859B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061590Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.432{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{7A8EDB31-5CD6-4F65-9550-DB173F56CBDB}MD5=9C60ACA6EB1822088300C98C4BF4F4D1,SHA256=74B66C4BB1CC45D3393D48ED46DDC056B3F037F5D63E994C7758C10E9E282776,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061589Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.432{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\tools\vim_vs_net.CMD2022-01-20 07:58:58.147 23542300x800000000000000061588Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.432{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\tools\vim_vs_net.cmdMD5=86ED83FD37A2B7FFA41B7899598B059D,SHA256=99D6AE1668D380892A33577A3D7B79D99202799D37B8AE0E2D429275E60BEED2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061587Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.432{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{7A7D3DCA-09B8-4D22-8B1B-CE5602B027C0}MD5=893E07252797E7C30ADBCF1BD40F2C21,SHA256=1D7F5E4D75EB5E9AAB5973EB3B811C0A981CA2286379F240FCAD2D69321C94B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061586Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.432{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{79946185-5B01-4706-8CA6-AD8B61B32C3A}MD5=6AEF6D76FF3FE0421117312222310582,SHA256=7823F0EF57CB91280F1DA1BA9BE50C098FFC6D9DF003227CFBC4126C903C30E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061585Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.432{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{78E2F072-9AD9-4470-8E87-24E0C9CA410A}MD5=1C5F8F901F920019444F59874C1A61AD,SHA256=9AD29C5E2667D19CB116BB25A803A343468814CB0678A6C5FC7F3FC6DE30EFF3,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061584Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.432{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\tools\vimspell.TXT2022-01-20 07:58:58.147 23542300x800000000000000061583Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.432{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\tools\vimspell.txtMD5=DE927B7BC390F47063D23D0D9D4E144F,SHA256=0CF2AE64F5CD61E5279940A9A7AC4AB9B12B69583985ACFDE6A03EC1CF92E271,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061582Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.417{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{78CF1BEF-5DCE-431F-B2EF-390770683001}MD5=7B5BE0ED84F2DE4DEF03DB7E17CBE2B9,SHA256=EC04B39DFE57DFF87758EA1191001E729D1E2E77243B7EC214F50A84F12BE06E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061581Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.417{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{78A5ADA2-F487-4165-8EB9-A1D89C34C578}MD5=F78630F5452515C4FB1CEA8C05960958,SHA256=6BC3FDFB8E68DC3322DE5F4B499A1A0114074EFD2D8818EF2807DC7A2496DB2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061580Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.417{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\tools\shtags.plMD5=0273DEAD4B46B2A9ACED68DE67518259,SHA256=034693F175E882ECF152FEDEB90A4CA308832C038101A9C4D1FBE2C1B4D1F430,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061579Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.417{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{773F6613-6575-44B9-ACB8-9131C61FBBE6}MD5=90480C174BF59A2905F60FEB79FAD129,SHA256=2265093452E7E7FB54B711DFA14337981D24AB9741042B4C13B5ACE5526AF91F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061578Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.417{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\tools\README.TXT2022-01-20 07:58:58.131 23542300x800000000000000061577Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.417{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\tools\README.txtMD5=C357BFE88EE44C193591AC8ABC5D88E2,SHA256=9E6448D04D119D45D17A374CAAD9E18A661E1D85BDAE0D5EEF4B979B71239869,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061576Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.417{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{76FC657E-0856-4FEF-9D70-000C3F1FFB09}MD5=DAD680E388BB1606C2686DFAF861CB50,SHA256=2F3D52393498F40EC33EAD7B5CAD0D1526BCAF88F83CFA47672E3DF80B6B007F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061575Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.417{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\tools\pltags.plMD5=572A8BC4305DA16B37F6466E56462A31,SHA256=8D369D7149CD615249BCA135F3B16CE5667612F38E23E9F5ABAF1B99E0C67FDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061574Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.417{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{7680F03D-24D3-4747-AEC7-F1FF61E94C52}MD5=174BA3ECF3746650F1165F5B80E68D6D,SHA256=1C025418C5810192E91E2F76E8FAB9DAA9FD3261EA10CF8FF3894F3405A3C85A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061573Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.416{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\tools\mve.TXT2022-01-20 07:58:58.131 23542300x800000000000000061572Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.416{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\tools\mve.txtMD5=B2BD3CFA9CAE3AB698562A2F285AD1EF,SHA256=2B7DA21A04B7D6015FDD11CDCBD70E13B2CE9781411510FF8D0BA082E13EE532,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061571Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.395{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{7668962A-4F9E-4CC3-BA80-094D42F39403}MD5=911D5A874434A6F69DD49CA1B5FD6C3A,SHA256=0DE6B7F9A91F793EC8DB91921C256231AA4961F1860629D9E3B94F28EE37A6A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061570Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.379{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\tools\efm_perl.plMD5=1FE989CE60EC470700F2DF737B47F234,SHA256=B5384152322DA7946943F4315BCE77F482EAF1CEBC75E7B763C7BC7A783E36E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061569Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.379{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{74F5BFFF-6121-4B44-A549-E70A3D823007}MD5=AA9BE030E9DFEC9AF6EBA55D999AF64B,SHA256=9197C6CAB58D2A0F6C9D274E3993DE3D254629E34EA16821E5E54432C419F04C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061568Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.379{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{7439CC4C-8848-4DFE-9208-14A825CB4C94}MD5=651DAB0F0E9C8BACDC75A77EA4FFA583,SHA256=4667D895D4D6ED9749950B767A44CB559A323726A811C7DF9A77DB0F07F763AF,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061567Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.379{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\tools\efm_filter.TXT2022-01-20 07:58:58.116 23542300x800000000000000061566Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.379{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\tools\efm_filter.txtMD5=18C3E6A2CEEB082F0B373F9C5DF36CF3,SHA256=1AC57DE7E32DCD0E1EB7EF4D767D0B9179FC9309C82DCDAAC9B25E4A0FEC36B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061565Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.379{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{73F2C0E4-27C0-40EB-9DB8-530AFF4194A9}MD5=7A500C0B90D7709EE9FE65A2FD4413A6,SHA256=5DDB0E2BA7A53DCE83309ECD208064E25F1336BBD78AF08D437B2CFEDDBC8D2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061564Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.379{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{73D75E53-6E6E-4B15-89BD-DDCBF7FA17D7}MD5=3CA9F6B8AF5819DBE02F071EE7FF5FCA,SHA256=5FBA753EBA7629C1D99823547569470FD8BE0F4DC024D88476A17D959C389B44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061563Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.379{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\tools\efm_filter.plMD5=CCCDEC5091B75C8857EBDE4B275B1651,SHA256=EECF4173BA20A82DA9DE512E5D100D7929BDF870428AFC524DA2234474E2BC9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061562Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.379{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{73A5591F-580F-483F-B712-968A4C8BE3CD}MD5=3361F5A178129D13A5FC3F06E98D29AB,SHA256=713B60E1CB1B0C4DC8CC7C6731152F25F491F0610DBD64F6AAC2A83190835683,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061561Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.379{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{72B7F0ED-CF6C-4051-B401-7EC060A3EBE0}MD5=E2E0EB4FFDAB5952BB36517C5F322D3C,SHA256=BA28269F70AE5BDCFAAA7BAAF7968C7EAE3E46C391791830B999E0D9E4DD675C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061560Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.379{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\tools\demoserver.pyMD5=A7B5CA4528C5F3B450E5F0B4D328DAD2,SHA256=C35B19F8EEC61A8C1F07D9A6770615DE1AB73C8C5D03CEC72A65DED53D02C02C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061559Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.379{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{728BEFAB-08B0-44A3-9A28-B833845A39AB}MD5=AF52BC1D710B202DC158EF4CFD407354,SHA256=1E171D4508663CEBF4C1D8BC6D1F847976A26C76F4EF141943514C8B29DDD078,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061558Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.363{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{72660ABF-484D-49BD-AFBB-6787A1904E27}MD5=4B527C0031029DF66224300147E9D52B,SHA256=5FE22A6C8C0C9F6B5C6B0CC09C312CBDE92DC773360CBAA7D3D3F4F79F17D850,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061557Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.363{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\tools\ccfilter_README.TXT2022-01-20 07:58:58.116 23542300x800000000000000061556Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.363{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\tools\ccfilter_README.txtMD5=83417369957102FB6505C0FA15D4FDB1,SHA256=F2CF544BAC2F57950F7428D9BB8F72DC60954301CE6260EC5CA4FEC381AAEA45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061555Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.363{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{71F2FBED-F2E9-4B84-960A-F75C04BDA2DA}MD5=83483FA8F2A159BDFFACEBF8E05E9495,SHA256=0B2A6D7B4FD4691885A7A2AA2E01325DFC39CA57C51E2F94B36F5FD5E8924649,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061554Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.363{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6FC52DDC-6079-4A59-907C-C69A9B634586}MD5=A2C94C2C3349382B41B17BA3090641ED,SHA256=EFDE3840ECD404AE190FFC68ED54ED3D122B3FFF6F499E0019AAEFBAEE4F0EDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061553Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.363{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6FAD1D9A-D9CC-4EB5-80C5-CEFE5055DBAB}MD5=776B3D867A47343D08BB2C90B45E9872,SHA256=EF0CFDDB249894EB4181C723EBBD197DD7DFC842BC4176F3D01E324141247701,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061552Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.363{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6EE0A671-8607-4826-AC3C-8127CADBFD5B}MD5=A73BE9A6B14DDD7F53FBE32D13FC8E4E,SHA256=88AF977E4434EFCD13115F9755AC374114C1E4C71ED67621C525AC257B64493D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061551Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.363{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\syntax\README.TXT2022-01-20 07:58:57.788 23542300x800000000000000061550Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.363{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\syntax\README.txtMD5=4299D25A1F615CA9F3F269916DD0E911,SHA256=6F8C47BA946FEBEF82D95D1132E31A7F4F8921986B7A26D51B7DBB877A6B08D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061549Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.348{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6E863C1E-E206-4C53-83B3-8E028ECF4AA0}MD5=B1B375BF3BA6E3D5030E803B8E90AD90,SHA256=8238F577145721C1E6B7AB98E67BA1EAC2B2E9BACE99CBC1100DAA2515B0F0B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061548Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.348{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6A432162-67BE-4BD6-980E-4B136F33623C}MD5=F2679CE6A7E41834563DF94C3C315D88,SHA256=F71780FB2D563752370434E122AFBB05C366952EE195ABEC4CBEBCFFF5246C9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061547Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.348{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6980E310-B4CE-4C37-BFF0-7FEA2674905C}MD5=6A3ACD0306323418796284E609D01B88,SHA256=05B55143A384145E20B0CF3AAA3C245F5A4281D4EF1F0A6489CB689282AAC0E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061546Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.348{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{68D5F14A-FB36-4A53-9C1B-2CE72C8FC25B}MD5=60FBFF1305156930F33996B6306BF62C,SHA256=F8CFE1DA281BA96D11DB80F3FDD23ADFDB8B9BAF5EE466F3D9CAEBFC1AEBDE1F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061545Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.348{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\rgb.TXT2022-01-20 07:58:56.944 23542300x800000000000000061544Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.332{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\rgb.txtMD5=1AA6DDEBC5E49B37B1C49B1C34277725,SHA256=B250C63805C6749FFEA96D4F64F6C75C026864A52870CB6264E3F2DDF3DA7C01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061543Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.332{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6894B5F0-2AF4-4E9E-82AB-573FF221AB8E}MD5=6ACE422AC6C82982F59F23541D8BA699,SHA256=FD3CC5B802F96DA3D108950ADE188361B6382D82CFD5194859884CD1BA92FE00,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061542Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.332{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{68653467-D30E-4262-99F4-DFC02934D0CA}MD5=E6F4820C63A3EEF281D5F8768B4B94CE,SHA256=51F09AF4EA9D6C6B6312F03148E317B8DD58CBBDA278255FC386E237A5E6D43C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061541Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.332{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\plugin\README.TXT2022-01-20 07:58:56.866 23542300x800000000000000061540Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.332{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\plugin\README.txtMD5=BE4A589DDFF2D23614980E4767254E4C,SHA256=AD37E84B4AE98F276FCC1D1993F630138BBA16F2411D576E0CB1E4B4F7C128A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061539Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.332{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6792EDB2-7F74-475F-AD5F-850035C7A115}MD5=BCA90525CA3CCB6E169D441ED1A822F4,SHA256=A47BC0E134F5F419C4BA9BB09BD3EF0A31B30F593A58ACF9333C275DDDA39D75,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061538Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.332{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\pack\dist\opt\matchit\doc\matchit.TXT2022-01-20 07:58:56.850 23542300x800000000000000061537Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.332{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{66118513-4F73-44DF-875F-BAF3408729B7}MD5=47914B8C12655DE9216E01B6A406D03F,SHA256=4BF71FBF08FACEDBDD64F7C3BF16E296A58C2A5F6AEB361AAE09FC91EDBC6A75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061536Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.332{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\pack\dist\opt\matchit\doc\matchit.txtMD5=907E81DB3978981CCAB5F007B4FAB895,SHA256=39BCE30108FDA2F10A8DC056E4BBB3824843CA1DF8B47BBBADBCEC650DEF7BCB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061535Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.316{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{65DF5279-6ED9-479C-AF92-031DD65A2D8D}MD5=1DFBE92FE56ED0D7C6888F2246E80916,SHA256=6AD7C9A0E2ADC3B3A5AB7800901613932CE6581D97F99323B011F000D15B0FA4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061534Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.316{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\macros\urm\README.TXT2022-01-20 07:58:56.819 23542300x800000000000000061533Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.316{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\macros\urm\README.txtMD5=6E209D9B3A38BA38AE681E0E9BEA3CE6,SHA256=27762C148C0388040B68028FBFAFC89A16E08233F5C310FF98C4BC4AB4812D74,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061532Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.316{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{65BDF549-B103-4F6D-BC43-FF854D399009}MD5=37E3F7F9CF55F3E80DD9BF9FEB0C37CA,SHA256=57FFD944DBD536C3D728E846DF331EC562083B63F39913C9B40BBB1662A24EAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061531Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.316{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6282B6D4-7521-4C97-8AD6-FE04C3124990}MD5=8D9EF5EE69E4CC4ED82FD5AA3F72C82B,SHA256=41DB127DEDA9E45F1A16452A7FE575E5863B902595314A8D7F6DFEF98C367C90,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061530Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.316{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\macros\README.TXT2022-01-20 07:58:56.819 23542300x800000000000000061529Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.316{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\macros\README.txtMD5=965970302223A8A10830DFB4B0C84685,SHA256=67F5185C8A319314D1CFBB768B778BE0A91A188AC0B85FF78779ACE8279941E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061528Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.316{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6246654F-D63C-444A-B45A-DD0305941FCE}MD5=9F2D0607979B929D1726ACC26C44B52C,SHA256=FA1007C13E8D7FF7BB46AD979AE03F6483E18649F5B35D484BC5DB7E7F2B6353,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061527Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.316{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6084D5A6-B696-4755-B09A-BCA62C333823}MD5=9B9E44369D4FE0B9548F89FFB839814D,SHA256=9A3CE8CD3DB8268289EF07934F0ADB2A4746ECDDEAB78C3C8C4D352F2C54D318,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061526Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.316{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\macros\maze\README.TXT2022-01-20 07:58:56.819 23542300x800000000000000061525Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.316{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\macros\maze\README.txtMD5=DBE46843BEFACBC5BE9512ACB2305089,SHA256=6A1CD431BAF3121C0EDE2BE71DE7B1991AF874AA2B4E46910631EABF58C8DF42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061524Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.315{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5FE58F16-FA4E-4CE5-A66C-0A770DF46B13}MD5=E2F81D1CB5A7EB00EC4A2175E041A6F1,SHA256=A9086AE4D09594EE7CF5DEC2A24F2F25DD4438F02B500D801CD42795DEAC8A71,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061523Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.313{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5DF13B47-6BFF-41D1-BF19-CF13FD965FA4}MD5=D17F9B9BA7682DE9618195B3BF75DAFB,SHA256=B413BBDEB48743598F9DE696D429F9B6C16727CBADA0727364A9AFDD1B8F3B7B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061522Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.312{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\macros\less.BAT2022-01-20 07:58:56.805 23542300x800000000000000061521Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.311{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\macros\less.batMD5=15206CC43CD53936D6F974576825D30A,SHA256=273FDC21F0FEE4EB443FCF6606CC7729D37CBD5B02E77668C6DC6D60BA9274E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061520Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.310{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5B7191A6-1679-42A9-B7F4-6302427195CA}MD5=52DB499A78516BDE99807C75491379DD,SHA256=654C76672C5E8D149054BAFB7388ABD0EBD9C1B9472E53E7B4ADED827C1235DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061519Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.295{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5AFC6D4C-A1B8-4E26-A1DD-8C4FC6F7A27F}MD5=E00B0C83E6915A9B991811385DE651EA,SHA256=C43888A38EA1A4AD430F7EF2C54CE790F36EB191992F29075199F8EB3837EF2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061518Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.295{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5958A17D-E829-479D-B654-826C44A56A6E}MD5=87E2B2474093D16FD3F87519782897F7,SHA256=E1031DA1EDFCD8442037339C90EA75CD60B08F53C6C36119D0D1D2E482E2D28F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061517Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.295{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\lang\README.TXT2022-01-20 07:58:56.678 23542300x800000000000000061516Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.279{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\lang\README.txtMD5=A0536B6A4F9D6F5B2BAFBB21A3ED2A41,SHA256=A7B619DC51C40852EF2F7310FD3CF0FBC7B88E2E6EEAA632770092B0C8BB1D43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061515Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.279{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{59471E96-41F4-4AB0-A88F-866E27B166BB}MD5=29C57B1D787DD10908083378B797C8AA,SHA256=8957FADF2FF2184AEEF74244C536E8E108192D64C86F1CF6F6A1D24197DCE02E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061514Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.279{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{580123EC-6B88-4A84-9765-05CCBB87E6B6}MD5=DCA20E3CFD4FC2E40747E5F101A77B76,SHA256=B7EFE4351824F3EA32701895538443B95F702435D3BA8363A618FD92F4AEE029,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061513Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.279{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{578CCB3B-6508-46C6-9607-250DFC5F3230}MD5=337E35A87505ABA19A03D8936580A2A9,SHA256=9A7C7F4D75D4533AD69314557C30E52AE912F3FFF7634C8A131BA3F615A3E860,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061512Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.279{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{577DAFBC-170E-48D0-9A02-B03F03B9F319}MD5=249560777AA86991DACA136F3A25F631,SHA256=AF43F54758090E41ABDB3BCE10E9590F6152EF3B524F2A56A372D5722223906A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061511Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.279{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{567982A3-DA0A-4910-992E-482AB112DB7F}MD5=C19A419AB27C459EC207713F7C10B390,SHA256=42668E7EE60321549EC42EE90E3B14D5CCC8FAE58765009823E767BCEE432AF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061510Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.279{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{56363A95-A258-4FDA-9A90-E6EAD1E551BF}MD5=F2D0CF098AD5A4A0FE3D5ACDBB26A2C2,SHA256=1C223E1AB4282E97273C6EF96FB437E3A8C861997E3CEC86A74C7A2780537321,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061509Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.279{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\keymap\README.TXT2022-01-20 07:58:56.194 23542300x800000000000000061508Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.264{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\keymap\README.txtMD5=DF5BCAE444E527EACE9EEB308EF83DE1,SHA256=28D65D84E9679EB4808FBEE00840110232AC6FE36496A6B74D928EB04F3AD4E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061507Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.264{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{560E16A5-2654-48F7-9C62-5CC5542816FF}MD5=CF2660D258284D045FA0E775AA52584A,SHA256=2C6F7848965D38E417820E4C0739287D20986ECD2DF7B49908D8EE782EF148B9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061506Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.264{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\indent\README.TXT2022-01-20 07:58:56.006 23542300x800000000000000061505Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.264{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\indent\README.txtMD5=6A8930BFA89E8C41391982BF4A1F9A87,SHA256=FB3B78C1681836B3923C3F7D62BCFB2F7B070ADBAF6211C2291CA6FAC5E191EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061504Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.264{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5530430E-80BF-411D-90AD-2C06046FCAEA}MD5=17913C743F4E09539C8F8D5640B9CB84,SHA256=0DA88E49AE12407FEECF224E044C6BAA1992D648C2508EBAE918A7C61D36E4BA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061503Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.248{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\ftplugin\README.TXT2022-01-20 07:58:55.788 23542300x800000000000000061502Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.248{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\ftplugin\README.txtMD5=6FC526040D33514956850E8F314427D1,SHA256=DC6C6B8A23BCA4E6F3A7A33A919314FCC4CDB207753DC1E844CE4C42F29A6785,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061501Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.248{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\workshop.TXT2022-01-20 07:58:55.553 23542300x800000000000000061500Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.248{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{54193EF4-BAD1-44B4-A0D9-7E339338D08A}MD5=F8A6B9E22ED416D325BB3BCBF343C2A7,SHA256=3678934543DEE293CF2007E6BA4BD07CE12E7E0988927DD0BA364791FCD3D5C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061499Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.248{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\workshop.txtMD5=4F46E89895FA1D5D228FE6839D9A0C65,SHA256=BB13C5B0EF20AA7A3DDD3C6AC9CA9F942CB9EE568BF5AC1C29534449C0DAACC7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061498Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.248{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\windows.TXT2022-01-20 07:58:55.553 23542300x800000000000000061497Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.248{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\windows.txtMD5=858B6E2EBD1190B6E1DD43AE5A3BD09A,SHA256=4F6989108918F7E4C9F7B9D4ADC95BA05225AE6252DECBB394ACDD74D427D7FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061496Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.232{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{540ABF91-A467-418A-89E7-468452EA711B}MD5=438E90FBBC525E2BA4C222D4FF21954C,SHA256=E7F34440BA00927F6A38D840473647D7F6DF65E895F143D747EA543523D2875E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061495Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.232{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{53836217-8878-41D8-85DF-F4B7D6242749}MD5=880E6034B25C9430B51377143D208884,SHA256=821694AB3C9DDCFFBCDFA9C66552729D145A097EA4EC5CC3AF6B06FBD81E25EF,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061494Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.232{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\vi_diff.TXT2022-01-20 07:58:55.538 23542300x800000000000000061493Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.232{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\vi_diff.txtMD5=124871A8CB4051F1BFEE02FE93B8A679,SHA256=7E6465C5417BE3DA633B304856942A6EB49E05BA8F5DB247F38814AEA99274CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061492Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.232{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{50C2DE09-3D3E-42E5-BC8F-8448A0B2946B}MD5=A7A8BCC0F90D842755F281E3D181D621,SHA256=3C65E92166D1CA3FC47CBFB05E63F984E57079FC9D82F579361E9D0FDE2BCD81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061491Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.232{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{50864DDB-E831-4184-8DFF-41153B5F16B0}MD5=68A2D79E943EDA632F9A621A5CF079E8,SHA256=92035FBFEA92802D7E5CE690733EED726276E7E2B611CDD83D74A4302E31FDFD,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061490Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.232{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\visual.TXT2022-01-20 07:58:55.538 23542300x800000000000000061489Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.232{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\visual.txtMD5=0E3764EA0E2E807FD7D4156B4295D25D,SHA256=877313ADBCB917F8F4E627A3709A1D1CEB27BFA8BBE0A24B71E5AF931A86FE48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061488Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.232{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5024BD84-0463-4B40-BFC5-9CFDCCCD794E}MD5=125EAECE6CA0DFA2E3EFAC35D40C2DAF,SHA256=312BD1B9ECF6B91D407F493F3AA08616A878F5477312AFDDF60E76B94032EF53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061487Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.232{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{4FF9C188-9EBB-4B7E-8CB4-347FCABF5753}MD5=FD63353218FA95E9D2CA07D635F562C1,SHA256=ACB0CC5008FAED1A7A4185E8AAA0EA6F88D691192535DEFF681C77C4577449BC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061486Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.232{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\vim9.TXT2022-01-20 07:58:55.538 23542300x800000000000000061485Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.232{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{4FB29FA0-4B77-46AD-A9C0-84386CFCE06D}MD5=34E39460AC475A70F150F8882C4AB556,SHA256=F71FC54ACB9C3F811986245D93E821E8FD461284C34356543E289DB77BD98399,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061484Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.232{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\vim9.txtMD5=26BDAA7F817EA90F12CBDF69821D32B8,SHA256=3891B579F6C403AFC2DE530B806166F715653115765F1FA34A0D798B54B24974,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061483Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.217{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{4A1D7468-8DAD-4E51-B5D5-9E83B6BCAC20}MD5=28989893677DFACA866974F9F86CFF55,SHA256=0C49F946BE793B8A4980685CAB217D02D23B269D76C5AC499395B8335400B160,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061482Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.217{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{4859A28E-B2C4-4CE8-BAC1-386118D9E053}MD5=524503D009AABA07F0496E2E9B69AAD8,SHA256=675E69EF2F63030884BB3AB835D5F6C5338BE7691718552A73D6AFEF0C789845,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061481Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.217{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\vim2html.plMD5=CCA7D8C58C313FB1E4B719D632AEC347,SHA256=96AFC9AAEBE96187FF1F6A2029A17EE132E7271B2863729EB3A7AB1700A29B32,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061480Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.217{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\version8.TXT2022-01-20 07:58:55.491 23542300x800000000000000061479Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.217{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\version8.txtMD5=060A0D71DA0313D8AD868254A88ED22C,SHA256=6836AC678FA7F720ABFDFD4FD421B3AED8235A16994885FF3AEAE769EE22700C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061478Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.215{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{451DECE3-77DD-4B58-BF30-9DF42B7E3066}MD5=7DAFC07718FBDF192E533EF30145578B,SHA256=C96870639A0BEB3FE1CFA2C24745E99019B91EC9918882F067B3556775F9A3D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061477Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.211{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{451ACBBF-B0FF-47AD-AC91-07BEEFEC562E}MD5=8AC355728F73C573BC23B5D89EDD454D,SHA256=7B23DB20D987E35DD86A0749CF09B3E0DAA1BCA81DA4CDAD3CCFAF0F15743B7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061476Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.195{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{438CC584-CF34-418D-8C47-19A87C5FB8C2}MD5=EB64FC8E06EAFFD203FE45F94B06ED5C,SHA256=B299EEC9586B6450BD01134512798C786E064720FBB4E021AB2F7B562DDD436F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061475Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.195{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{40A6CAB2-E544-4530-A15E-FD5013708DBD}MD5=EB2BB7F48EF282A212D3CC6436DCBF84,SHA256=C77592085D2DCA696D573FE51CF97B11E34154DAC1A95BFBDCCC8FF8432482DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061474Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.179{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3F0A8955-46EC-4861-84B4-C31B897C73CA}MD5=469AABE969A05BB63E498433C254A91E,SHA256=A6AE9B42B8881049158CE55CBA249A18BA27EE43E57B4D38FF913BBF9F3DF8E3,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061473Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.179{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\version7.TXT2022-01-20 07:58:55.475 23542300x800000000000000061472Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.179{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\version7.txtMD5=B3A9D589E4091E58544811A037DC635E,SHA256=B5D4637C97E1C30A773DF43B7BDE4BAE3207F6D4AF1FCAE40C44950413101D94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061471Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.179{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3D33AE91-87A1-4F64-A38D-87002083286D}MD5=0CC17345E44EEA42BF1A44B3540FE35F,SHA256=36D0D58C5154F8EF482206031599BA4BDEC45CEA8E5E274304739DB157054455,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061470Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.179{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3CA9BB51-BEAA-4713-A400-7B5C01B73DE6}MD5=74C43D6DA0E9BE80C09F306F49CA02C0,SHA256=F530616773269F30BFF8E6CD92274E5695AD617CF3C36179D3CA02216818DB3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061469Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.179{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3BFE2FC9-984F-4C6D-8379-136ED9ED6555}MD5=2A5BBC8A0ED63A2281A540826B8FCB1F,SHA256=B0AAA29D92F04D0746E0A18A9090FB819028534CDAD1DF3A6F8D7E3B0D41304D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061468Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.179{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3914A9A9-CDCF-4CFA-AC23-D31B676375BA}MD5=C80D213AAD991E314BB646BB2BB7A880,SHA256=F2C5A40245BB3DDB33D88EB13D42987AEC21251442D38EF866A1AF58B12B719C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061467Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.179{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{38A06A18-5198-4320-8E30-586A2B548A3B}MD5=9B869AFBAA54E3A711BCA531476B0C66,SHA256=E60AFDD80F6A24F5FE4EBDDC93E85A73F1DBC8CA2772C7EE98CEBA02B8BF3624,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061466Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.179{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{38935CD8-1983-4910-BBCE-BBEA4FD64ECE}MD5=9D22A847A96883AB97704E331783AD45,SHA256=3F39D29A6AD880BB5BA6738939D4326AC4C71D1B6ADCBB63122D1263ACF41165,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061465Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.164{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\version6.TXT2022-01-20 07:58:55.459 23542300x800000000000000061464Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.164{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\version6.txtMD5=1E552D5B39103C08DF9D3EC1B4D5AEAC,SHA256=2D63AD3E661A9DB0F0B271C6F695FD27B1901F41FF49230D1190FC3FD3035236,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061463Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.164{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{374A8BFB-E653-46AF-A146-25659E2BC976}MD5=C016CC5235B14F84EBD982CF282B5908,SHA256=278B65B1182C3A78685B7D9ADD53C98BD87274175189F8272ECC83BCA8BDE26F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061462Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.164{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{35E35ACE-CD69-4CFC-8195-B9BD19A9A959}MD5=8D46254238805B07C4E1799BED292435,SHA256=944E0E9AB2A5F25A03867C98C8FB9AD768F3340B026BD02A481B708FCA7410E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061461Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.164{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{34703349-3D18-4B7D-9250-BBD7CD489602}MD5=F5EEE7DF9FE4595ED8A54EC917C89355,SHA256=B9308DB1C71B4FAABA783EF5E25FE7BE2E8C0AF09429CAFB44A58B4F27714DF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061460Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.164{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{34244A6A-AA36-4031-9677-503454D09D18}MD5=1A021B08AE072D79D5E00493B1D8E6AD,SHA256=A4AD3B117579815CF904381436220CDFF8B00455BA86382970D10CEB74D54409,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061459Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.164{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{34029B81-9C37-4C23-A97F-40EEF62C18F5}MD5=4BB9F72D15C5EB44CAD733F1D88B0E5F,SHA256=BECCD710659820797907C537C2D281ECDF57C1740DF52728A2593100BF581778,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061458Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.164{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{313B6F77-F5C6-4130-8B4C-0A311E0569C6}MD5=052874638C29355D20D110A4461ABE07,SHA256=CA2D4FB9A0953F92AC58E5317415287CA62E791A98CF781F29C4546DFD4018D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061457Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.164{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{313661CF-AF54-48F5-864E-B54F9FF802F6}MD5=98B12B565424514DBEDAE91CAFD6B5F6,SHA256=D81ADC75DCDFAE409AC65AC1CB02DF28525FFB517F9610AB7A7C04FCAD0A37B8,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061456Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.148{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\version5.TXT2022-01-20 07:58:55.459 23542300x800000000000000061455Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.148{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\version5.txtMD5=01D3F388B2CB3B6D8F244CE4FD05A7FA,SHA256=2E70594A37F6EE092B62CC13096E4F4BC99800D772CCBFEA5FF5341E2C9DE20C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061454Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.148{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2F026C94-5C3B-4538-B2A4-F77065933C16}MD5=BDC34AB490A20EE678214E686AF90D54,SHA256=3D5EB4A9766485C81C4F9B8DC5248D5BC91A9EF805BF3B26383C776FDDBC77F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061453Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.148{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2C580E84-5F02-48A3-9297-CBEBED4E611B}MD5=200CDF852FED6ABC724706E8F205C2BE,SHA256=CE8319B9C1B6DA7BF8E38ECDE5594C6079BB307246B6F7DDEFA241BC60BF603A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061452Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.148{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2B38FEAF-A2CF-4D38-8F58-E2D7E65C3B19}MD5=7E8D6B7E87B026B7E02D0CBDD33A460E,SHA256=965A9E4D16C66CB5F36108FD6D02347B791AF153AFCC08DEEF553DB63161BB8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061451Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.148{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2AEA38EF-A87B-4AAB-820D-611C4BD873F1}MD5=AD44284A5972DBFAE1E3A88F8FCF3ACC,SHA256=DFF75638C07B9A2F87161CB6FEA3BEA352B438390A8469AA94C2BB5690D6097A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061450Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.148{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2ADFE927-2DEB-44EC-91A5-88825C010CCC}MD5=2654AA1E175ABC19D448287B7701DCAE,SHA256=1062F124618D46366A65F22A35E160588D2D160871AD28F49C01150CD7B2D7F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061449Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.148{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2AD9B558-C6F3-4AC0-BB3B-416C7EFA3021}MD5=0641904856E45D90967302C5C0793E9F,SHA256=0395FF5DA6F047B14B1B596855A802D21EEC910E4BFA0C3659A290718DBC1879,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061448Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.148{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\version4.TXT2022-01-20 07:58:55.459 23542300x800000000000000061447Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.148{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\version4.txtMD5=9DDB2A861F6CEB38AD59DBB4144C483C,SHA256=91AE76807658742F90C2E1E2F2BB37C59E7D71C72DF038266E0F7CC646307C33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061446Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.148{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2A9DC761-6CC9-43BE-97FA-A8A34AFDF634}MD5=6D995C3ED8663DBED6881A5D7FB26BDC,SHA256=C88F1836D172718726FCF6A75818F0F011F938B4E0FFFD3CACB830B71EB31501,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061445Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.148{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2A0E503C-B839-4179-A169-CE9D2D80A82E}MD5=9DE716B8D384BEE314DC7CFE5706A390,SHA256=328206CB776571062A29E7A0F6D0393C22653E97852498547A252214A7B0E37E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061444Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.148{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\various.TXT2022-01-20 07:58:55.444 23542300x800000000000000061443Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.132{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\various.txtMD5=91979891335D228F4A11665B02BB8347,SHA256=C5D82D5B994F9B29AA63B61A2A66992904856303507C6DC1869DCEEF281A7556,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061442Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.132{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{29692971-8600-4D53-B13A-2A96F909F557}MD5=6580B99CF520B4E632BE6FB32E126CC9,SHA256=025672341423C00B005410C414D92C42BEB5CD7A170C15A2B97B8913BA7DC6B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061441Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.132{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{28C590D4-C046-449C-8A1F-992109D7F030}MD5=353FCCDC5C0FB395400D735D37EE27C0,SHA256=8FA0EA99AFDCBBEBA8FD3EBC59ED422EE269F88AD4C61C9D48DE9A298247A07F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061440Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.132{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2895E58D-3666-454D-BEB7-3092D29328DB}MD5=CC7E97296A95F034A437932BAA4ADB3C,SHA256=29596C924E42EC202C32326C0990E63A8A7CA7CF7FA858D3577F5FC95D265C6E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061439Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.132{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_toc.TXT2022-01-20 07:58:55.444 23542300x800000000000000061438Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.132{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_toc.txtMD5=2D3213D83A4B0922416DA5749D24A762,SHA256=86BEB18A766A5C3C323B4101C4DECD22B9874C7C109EC0E5F6FA7BF87E94F250,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061437Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.132{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{26AA1545-05BD-4150-8180-B0E44F8D7132}MD5=15DE958928038515F40B6B3C32D1BA3F,SHA256=55D507D2C9F236CA6CC1D5B401FE84A536ACA80486A3047125BF61701782CD45,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061436Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.132{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_90.TXT2022-01-20 07:58:55.444 23542300x800000000000000061435Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.132{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_90.txtMD5=1B79161E2A019C7BBA60D2A2C4894978,SHA256=980B9CC6D9495E12DA3C73F34B828382885B6A1DF3318213EF18BE42FB18F359,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061434Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.132{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{260D8936-E3A8-4790-92E0-16AF6565B619}MD5=49593166588EB27E5A32BE1BF521DE6D,SHA256=4DBC52782E7770FEFF54DF9A5BCF0EC9C5E5D9FEBDC3E0785CF23A1A85AC7CA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061433Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.132{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{228CF143-0857-4E46-871D-561AE471E220}MD5=A34BDCD70662A5F35FFFAD37C1B75383,SHA256=8E42AA4A73A1D359341A589C7B67FD06DD8E203F4D847942CF8A8F33A7B80246,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061432Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.132{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_46.TXT2022-01-20 07:58:55.444 23542300x800000000000000061431Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.132{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_46.txtMD5=38D6C02124D3954A2F85D711B5F30FE1,SHA256=5B46C35E770E9B106C68A6F108E19C041A7BDEC7BA1E081D3AA9F859F151BAD6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061430Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.132{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{22235E1F-C965-47E9-B552-166FAF32B59F}MD5=E98FC3239F4F18FFB7FFB6A3284B0F0C,SHA256=C8977AEECD9F966F7B0354871CD05422EB7B57F9B91CAB419E3E29E25F96D58E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061429Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.132{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2218CB4B-E6E9-4B27-8FF4-A5E2331DA655}MD5=A65C338A11DBDB6DFBECE46D2EF9432D,SHA256=7929A62792E122A54A03F4EFAE66C69D044BAEA7B5DB3B894A6EE37E7BE19A3D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061428Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.117{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_45.TXT2022-01-20 07:58:55.444 23542300x800000000000000061427Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.117{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_45.txtMD5=BCB7BB17A0A36F09290AF25DD2CE2313,SHA256=9B5E3A3A48A1448DF75BBE04FD872F9D6D87821A816C46574C313C7356778FD1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061426Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.117{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{218AF51F-0CBC-4CC6-A4CC-1E4D32BDD769}MD5=E227C8C8C079B93E7854873CD0E123AA,SHA256=B0318FB5DF72ABEB549B9EDB476938A3A134BE229CA56C947C4EBCA4345DC4D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061425Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.117{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{21725B6C-EE94-4609-966B-9D3AA1B558D7}MD5=26004A86C33DA68305223C2F69839619,SHA256=F298B25893EFB845DAE5B1ECA925F9CB449B02E74C9274933E1ABF7ECB3A652B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061424Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.117{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_44.TXT2022-01-20 07:58:55.444 23542300x800000000000000061423Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.117{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_44.txtMD5=14FC0FDC850DDC26E62540CC539A98A9,SHA256=FBCB2A881826277201EBC22BAE89C0BE92D9DDE860E0DDF48EB02D184995791C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061422Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.117{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2087970D-2AED-4ABC-A418-77BE094FF3FB}MD5=B38F23F0F2D8F70D585E9BE1EA4B5132,SHA256=BBF207840AE5F10E9F39195FD72C4ACC6BFDF6B109BE04195D2B4119A0C6203E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061421Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.117{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1F890268-C458-466C-9F37-84B5F11932E3}MD5=079429658C9F48C4898F0E8AFED8C1E8,SHA256=016E2BFCD255BBCA0F26F87D362FB899EDE03886F8E309F61DDE659F4CAAE841,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061420Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.117{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1D2BB581-7495-4B70-93E0-7E73FC5B73AC}MD5=039C1FFC891A427BF7F56340F31399DE,SHA256=6A541A36F18955882CB2A8C5BC1153D45D37CA08C50D17DC65E587E5A91BD48E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061419Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.117{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_43.TXT2022-01-20 07:58:55.444 23542300x800000000000000061418Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.117{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_43.txtMD5=75EA6489ABB6C17588F3D69161221B71,SHA256=8DC1BE8CD05E53959FC99834760424F61C69DD85B31CDEB7F8023994B93298C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061417Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.117{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1CECB46F-FE81-48FD-A1B7-9AD0BF1C57EB}MD5=412F6A902A84DC778FF65F314944E6EB,SHA256=D1EB7F108BAFF69C06934AD6DFBA373BDC71C134135BB8B756D557EFF0160516,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061416Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.117{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1ADEBFA4-A62E-4B5A-BD36-90CB772A5975}MD5=027C22B80D79171D6C150B47426697E3,SHA256=B1DC2EF034B7026B5613418C660EFF9DA2466A14EEB48CDC493DFAF136D7B6AF,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061415Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.117{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_42.TXT2022-01-20 07:58:55.444 23542300x800000000000000061414Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.117{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1A68D71C-3577-48AA-9690-C13A989F4AA3}MD5=15738A9EAC3062020CD17824A94D2A0F,SHA256=E49E493C4D7C5B8A0FAB53B9478B08C87924EBD9195FB1D34CE1B17549E29757,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061413Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.117{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_42.txtMD5=250B1F2C4E7EACB79343D8094EFA226C,SHA256=D7D7938578BE7B0517B9915674AD25AFDD3CC93E595B744C9F13E72E31F55323,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061412Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.116{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1A322D47-F746-432D-806C-0F23D681FB8F}MD5=3F667727536E31E3054530276B48CDAE,SHA256=566B9663A6B1E8D877CB45530EE0ABD3283638357A2EFE95A54B6B2A6EC526D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061411Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.114{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{19BF8991-7DD9-4025-ADDA-0DCCE13AF31B}MD5=E9DB69B599132FB7DE6CBF5A2534A9BA,SHA256=7A60570536206C4E444DEF66310B69CE6FA91CD9CEA040C4E15A5CF8CB9595F8,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061410Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.113{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_41.TXT2022-01-20 07:58:55.428 23542300x800000000000000061409Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.113{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_41.txtMD5=8328C014354EF51D9A5E8B0DC7987776,SHA256=B24A40944B3BB5F3A5093B52C341207396ED73A2F208D1D5D0D30B912E8137F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061408Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.112{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{175F8CCA-3A88-4E30-8628-2773B8F44564}MD5=910176F667CD91AB51E664A65259B729,SHA256=F7239ED17B267462ED8C3E06B6A0594EADB0142FCC75729F9A38EF577DB1C22D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061407Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.111{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{15FA1FD9-473B-4DA3-9C47-854130855CA7}MD5=2B6402A08451BACA1A92ABF9AA88F156,SHA256=C9CD622520526DC5B5E7D7360F893D63420E9F7EC0046AD1FF316E125767074F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061406Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.095{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{15247265-70ED-4D45-B82C-64911418E5D5}MD5=381EDBEB0D5C015BA1A4C9D97888F966,SHA256=19E625B7F8B94D49BE28DCBC1CFE0B631248B57A600B2DCAEEEC3EEDD1F70BDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061405Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.095{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1387510B-F675-44BB-86B7-1377705CBDBF}MD5=C1797C3A294A476E4120676EDCC4919A,SHA256=F1AF7B2451775353F61494D559B4DFF2C227510490393CE65928F9E4EEC1B896,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061404Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.095{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_40.TXT2022-01-20 07:58:55.428 23542300x800000000000000061403Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.095{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_40.txtMD5=D1CBB1B2CE0F28978EE8D89AD1D762D5,SHA256=ED59A9A4A897CE86DDA6B67D35909BEE32BE6DDAF18C8E896C2D5948B076CD1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061402Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.095{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{13539613-8898-46C6-B167-7CEB71AC9813}MD5=0949A6BBFC6215166CABA493ADA534CD,SHA256=76DE7BE8DBEB5AD8C4A33B8A68DE1CFC5CF45126DF70ECF8CA278EF755DA8192,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061401Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.095{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{12C9C6E9-8AD9-4771-8ED1-BCE98C7DF2F8}MD5=5B9D8A73C12E0D67B0FA213C11B142AF,SHA256=23AD09A8F580FD78F504178B472C382BDFA5B14250016D923E31A10C85773EEA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061400Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.095{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_32.TXT2022-01-20 07:58:55.428 23542300x800000000000000061399Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.095{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_32.txtMD5=B49DE01CD61FE429A67FB744EDA680DB,SHA256=FFDE40AEBC9F8EA4B3ACE5FABE4658FB2135FE32C3090E6E3D5F08D19ACBFC5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061398Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.095{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1249F384-AB21-44D8-BF50-3471227823FD}MD5=D694221C4D8CB35567142741CE4B18EC,SHA256=DAB12BC8875C7331354F023519EF80C61B721E85C8575796C408623D96B8474C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061397Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.095{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_31.TXT2022-01-20 07:58:55.428 23542300x800000000000000061396Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.095{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{100E11DE-FE93-45D2-9CDB-7A528C50AB6C}MD5=136F7D67F15414A1C8507B084EA7658D,SHA256=0D73074FCC52A7AD24041BEC63BEB5E3ED876177C8E4D1300CF6CB5917DF61EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061395Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.095{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_31.txtMD5=42A079C66EB5650C41F8FF0D13194ECC,SHA256=7A008EC477E2CC65CA107A50EE030CA6B7462451D19E86EBD4C8BB288EF481CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061394Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.095{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{0FC3A28D-9385-4C37-8423-54317E53624C}MD5=FDFE5984D2F8978A2ED32787EC9341FC,SHA256=23ED661137A5884336CF2E63CA26FBD99B9E9CB2966F4E2902507718D6B253E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061393Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.095{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{0E06D4AE-278B-49D8-BB1F-402AD458EA8B}MD5=B13CEAE73DCA882F4836B608C3400A57,SHA256=085F4B482319F15D98F2788E12AA98900D73E5C0933AC3EA52E08AEC5D969C2D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061392Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.095{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_30.TXT2022-01-20 07:58:55.428 23542300x800000000000000061391Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.095{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_30.txtMD5=819A7A9A79821ECBFAE64057DF6C3710,SHA256=4361621E57E897E2DEF012342386E2E751F486626AF9299FE513E55763C2DB28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061390Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.095{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{0D6F72C1-D255-4553-B9FA-065ECF3AB735}MD5=EC05580C84799449A7609F3DF4D139A3,SHA256=D55901501835C4CE154097E9554EC0BA2F1ED563D94751C6424D79ADD4D4B809,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061389Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.081{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{0C33894B-62E6-4E2D-94E2-F5A47DE995B4}MD5=440CB75ED44D79EA0EDD519EE0091623,SHA256=9F965AFEB2152D70D5A494726F1912C217FDD38A455DA31A10060B5E999F76C9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061388Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.081{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_29.TXT2022-01-20 07:58:55.428 23542300x800000000000000061387Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.081{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_29.txtMD5=AE72E3D19982DA8C2AFA973F50D9FAAF,SHA256=D266AEA582AB4DD76916DEE22FEAC3023B7EE28DA5A8078A3B4FEAF9FFFB8B18,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061386Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.081{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{0B35FA11-445E-4639-9FE8-20793C4E9FF7}MD5=5F723D24E50F5594E100E8986F7DCE93,SHA256=0540605CAA71D9F903914007E2F76E3C0BF09A5B8BC6BE52AD31BCDA0F063D31,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061385Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.081{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{09A4D4BB-AD5A-43BD-92CB-F0EEBAA82E5C}MD5=7123919CCD054370903A96F3E6762476,SHA256=A33BC36A7789E6CFD7AFE729FF15262E581619A4EC35B67E77F7B4F3D1D5DDBE,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061384Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.081{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_28.TXT2022-01-20 07:58:55.428 23542300x800000000000000061383Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.081{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_28.txtMD5=9B78BAD96C08CDF3ED9358238459CFFE,SHA256=CDF9EFD781DD2654D1A1A2F9B9558434AF842C58F19A8F8A4EF46A82708FB1DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061382Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.081{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{08D6BBE7-5BED-4397-8E06-7958DAD1648D}MD5=B0D0DFAF6A76DB6C67F21B1312B4DB77,SHA256=EE3CCFA097428F94DD96BB20A582B43A1562602EC41E4A7CFBA09859E9511E98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061381Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.081{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{067C6098-B494-4B74-97D0-91ED1C497D75}MD5=91D90D00445C7D9E0C2433141A389759,SHA256=776CD64C8E5D911DD9EA80C4F0160245A876E78E27CA185CD9D684B22E441838,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061380Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.081{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_27.TXT2022-01-20 07:58:55.428 23542300x800000000000000061379Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.081{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_27.txtMD5=90312320243CAD5ED9F64D27E5637388,SHA256=47A739E3D0BD1F208792BA29F6D2BCBE18D38E62C64711CD9911F10F15B4543B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061378Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.081{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{05F33FD5-916A-4F78-BE2E-A8F7D43A3C68}MD5=9777DE1F83F2B86B8DE1B9E8A6D089F7,SHA256=CC1114D8506445C8E5024D7CD7F2BF5079AB5FAFF94E47E41B15919B8001D0B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061377Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.064{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{05A6204B-509F-4083-8FF9-B31DF5129E91}MD5=DC1EB6E2CBE58C2EEE1DAD0F20A6A3CC,SHA256=2D17A1853235DA69F5C9CD3F241434E28B7C002EAE75EF6E5435FF43D96CEE51,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061376Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.064{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_26.TXT2022-01-20 07:58:55.413 23542300x800000000000000061375Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.064{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_26.txtMD5=9E97730685519C7DF9D09C60D8D88025,SHA256=79A50D7EE41782D6E6AB3DF5EA991866938C5A76859F1CFD1238924BC58097DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061374Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.064{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{05268049-CB28-4494-AAFF-00850F253B5B}MD5=5AF8A6F121CD68ADDC1E1E3481A16450,SHA256=337C9074CF35F8375A993D652A70D3A87D9E663B069FCD02EFDAC15AE875DEF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061373Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.064{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{046EE937-69B5-443A-83DC-27645D79E539}MD5=2029B9D42F7820DB116ED137BD305676,SHA256=1B48D2FC8982B65ABDF5130E7FDC0B0AE602DC6ABECD43D3A000FC0C7AD92699,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061372Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.064{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_25.TXT2022-01-20 07:58:55.413 23542300x800000000000000061371Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.064{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{042C24EC-3A4C-467F-A69D-1F51B82E2C15}MD5=FAAFDE188282B63B51491F0013A28B2B,SHA256=0E5E7CC6F36626AD315E23274682E1B27B3485F96DB7704BE33FB0DDBC52C0A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061370Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.064{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_25.txtMD5=65C8D1260380253B02EF206DF9C5B216,SHA256=7BCB86DDBA211C8D35151166AFD082D61AD8AE99BC9317FEF5C562B1EECF7B0D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061369Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.064{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_24.TXT2022-01-20 07:58:55.413 23542300x800000000000000061368Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.064{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{0393FCD2-7021-4044-8DCA-1D9D4A180E83}MD5=61F66ADBF66843336B7A4887B685A0A4,SHA256=6B39BF17B39C7308D3A618AA495F062266B8028C627EA2A4060359267473CD0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061367Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.064{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_24.txtMD5=6B1F0DBDE6F1B75677D097721571D313,SHA256=6555C34CBEB0FB80B19E31DACD4A2A89977339A5903B01C16408F1BC460A3039,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061366Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.064{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{02A10CA0-A3C4-41A9-B163-4430E0A6E8EA}MD5=D28A5D2A781B353BB41124848FA06BDB,SHA256=FE7720957506F7B40433C01E87990F5C1417F1C4F383B495E309F86F85C46260,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061365Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.048{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_23.TXT2022-01-20 07:58:55.413 23542300x800000000000000061364Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.048{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{00E71259-1491-444D-A09B-60B390ED15DB}MD5=F7E4F28C3085F8545253D8927F247E35,SHA256=845D0759D10A022E6D315EE2F1149585428E50EC1009974A6892295274326D10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061363Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.048{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_23.txtMD5=C68655809EF947616B2A721DC8D69BBC,SHA256=EB79A4426B2949A5371867EB65D1712FB4C62E88EFA0244FA7AB64833B7407B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061362Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.048{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{0076D2D3-82AE-4E1F-8E80-3F5AD028F623}MD5=6A6E4E7D7FD2B299068102E98F59EB2D,SHA256=D6FE240AC74A58D04A95A7687837D1229E7133C653DD80E31091507CCE420340,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061361Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.048{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_22.TXT2022-01-20 07:58:55.413 23542300x800000000000000061360Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.048{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_22.txtMD5=533FE4DD576031CD5B78549C893A4C8C,SHA256=B3ABBB074441657A6E3C6D4B3623EBE645593D991ACA522152AABBD579F3E171,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061359Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.048{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_21.TXT2022-01-20 07:58:55.413 23542300x800000000000000061358Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.048{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_21.txtMD5=07040A0422482A244DB1876197375D51,SHA256=909941905458207842BA6337E0692D581B90CFCD22A5A3DCCD2ACB28D058D767,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061357Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.048{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_20.TXT2022-01-20 07:58:55.397 23542300x800000000000000061356Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.048{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_20.txtMD5=EA18E9099168225259A77DC4EC552AFE,SHA256=44805951E110DA5FFEDCC2690E3B05E3640975A8C2ECD081886C0E405717FD72,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061355Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.048{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_12.TXT2022-01-20 07:58:55.397 23542300x800000000000000061354Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.032{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_12.txtMD5=E43070858411C024A17738B66A8BAADB,SHA256=E43966FBB890F73F42FAD7727232EB011BD54CA86886F7E9D0548531DD401FAA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061353Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.032{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_11.TXT2022-01-20 07:58:55.397 23542300x800000000000000061352Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.032{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_11.txtMD5=696D74A1281FD2285E66040A5352CD8B,SHA256=47A874ED5DDCA58F84BE11443945C2697797E30D58F57AA5CF34F42C34E0D3F9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061351Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.032{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_10.TXT2022-01-20 07:58:55.397 23542300x800000000000000061350Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.032{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_10.txtMD5=59B67EF111A70ACFCE6E1955F8D59591,SHA256=B759F98D7BFDEC4E591E8B15E9B5122C3F71B25F701EEFAB45C61A30F8C0ABF1,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061349Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.032{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_09.TXT2022-01-20 07:58:55.381 23542300x800000000000000061348Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.032{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_09.txtMD5=00CA47E5B9A9E518A132A9F025A8EB38,SHA256=914A831FCA919624958A6D063DEAEB792D5F7D5A62975EED5598DE78906D3F5E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061347Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.017{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_08.TXT2022-01-20 07:58:55.381 23542300x800000000000000061346Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.017{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_08.txtMD5=2FC09EF12E1A255812777B6315034B7D,SHA256=8738B252EA9953D8623162DBA33FE6939FA5BA4C6EB586EF17BED8EEC8CA95A4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061345Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.017{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_07.TXT2022-01-20 07:58:55.381 23542300x800000000000000061344Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.017{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_07.txtMD5=7C968546D004931B71047675E59E5234,SHA256=0FF28B6D7F6574936BAAE41CB6AC96ADAD664A5040DE6F4BBE9FC2C055187402,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061343Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.017{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_06.TXT2022-01-20 07:58:55.381 23542300x800000000000000061342Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.017{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_06.txtMD5=0AA19CD4AB0A1FFB14DAD6312B317FE4,SHA256=77191F8490F376B16714861716C08C1B635B12214A939898D5FB7F6FD2DD3F9E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061341Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.017{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_05.TXT2022-01-20 07:58:55.381 23542300x800000000000000061340Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.017{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_05.txtMD5=44011953C594DC3B1AB6913B5811ED95,SHA256=018CB9ADCE5F2A27A496B547FD3EEC8D819880F06156C03FFCEAEEA185440437,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061339Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.011{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_04.TXT2022-01-20 07:58:55.381 23542300x800000000000000061338Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.011{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_04.txtMD5=91AABAC0A337FEF0D40DD3D89C963FC9,SHA256=F6E85DD836C3F2C5921CA533B0F73BFF91A634825C66B438244AF7A668976C40,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061337Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.995{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_03.TXT2022-01-20 07:58:55.381 23542300x800000000000000061336Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.995{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{6F51F5EC-BCD0-4BDE-B8EB-3246293FB28A}MD5=D012E3481893371D33B4033913819F0F,SHA256=2D1D4EEC35A1C2C291381864D60B608E1906CA64EDC12E09B6C65211E0D0B440,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061335Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.995{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_03.txtMD5=0F5942D28F148DAB0374D7E0ACE22D0C,SHA256=123E9B5B6FBD1DD03206FF5E6DEF7CF285A96D3BE1DA2C43741CBF899850B40B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061334Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.995{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_02.TXT2022-01-20 07:58:55.381 23542300x800000000000000061333Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.995{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_02.txtMD5=ECD8E3F8B4A8F1E1CD2AF3D07580091F,SHA256=F2D32843222D8843BD2EC063873F8D296C63C409A13B6A8F87FFE603106C667F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031843Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:40.816{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2340B5231572397F3FB521EEDFD4FF98,SHA256=480FF73CD54739356FAE87F29224C6D63EC44C49B98333B1EF80DD2271005333,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031842Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:40.816{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=84816C1DA8848412032F328794D0C63C,SHA256=87941B7C5A8A2A8496F56C30709CEA024B3FED38619A03C294A84592CFCA1A77,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031841Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:40.581{CE7C8936-3BB0-61E9-0B06-000000002202}8483860C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031840Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:40.425{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3BB0-61E9-0B06-000000002202}848C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031839Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:40.425{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031838Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:40.425{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031837Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:40.425{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031836Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:40.425{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031835Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:40.425{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031834Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:40.425{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031833Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:40.425{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031832Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:40.425{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031831Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:40.425{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031830Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:40.425{CE7C8936-1A7C-61E9-0500-000000002202}388504C:\Windows\system32\csrss.exe{CE7C8936-3BB0-61E9-0B06-000000002202}848C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000031829Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:40.425{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3BB0-61E9-0B06-000000002202}848C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000031828Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:40.426{CE7C8936-3BB0-61E9-0B06-000000002202}848C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031827Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:40.159{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B89792F8245721A6683AED649BCCEA69,SHA256=351DFD65F9967A9023727C84A3FE2275F3F79DE10A56CEB8B921259359A9E92B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062188Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.780{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-89EAB195F9AEB9F070AB21174B5F01A9C52B8481.bin.01MD5=369A570C5D1B91ABF343D3645CFFBD2D,SHA256=8D26D004DC1AF5603CDF27DD22274906BA2B0DC2AF1EA989C478CC379456F30E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062187Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.749{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-89EAB195F9AEB9F070AB21174B5F01A9C52B8481.binMD5=4F47F9F0A854447939D5E206BF3130F5,SHA256=CAF1AFB48740511A4E48F3537CC548A72D430271EEE1B50DD69B5E654245B120,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062186Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.733{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS SDK for .NET\bin\License.TXT2021-10-01 16:41:40.000 23542300x800000000000000062185Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.733{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS SDK for .NET\bin\License.txtMD5=93F708E6347C6289C2A8D5BDD17F11E6,SHA256=37B18F0BD04B587DA968D780B35E166D2E0B2B8B40C2D5B2DDEB79D8B48037A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062184Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.733{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS SDK for .NET\bin\aws-sdk-for-net-readme.htmlMD5=52E8D64A5979B77082EF664C705A9172,SHA256=17706F079E3BC9B92D580D2CEA595A2E696508B7896B145C9353C2B4368E5285,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062183Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.449{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\Scans\History\CacheManager\7A012CB2-69ED-4AFD-BEF6-F12032FAA46EMD5=5DFDED768AACEB394B5DBD7FA665B45C,SHA256=8DBC21201AEE976D965521959BDF362C74F1C36208FF77EDEB9203AF2C43B00E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062182Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.449{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\feaaeb8e4c4b2619e52e7f5c00fd79ee542887b4MD5=502424B7683C505923BAE40574790E7F,SHA256=B705F3D62D5CFAD461B7900EF98A66A3EFF10D0F21F2A55F87FAB2234F1BF35A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062181Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.474{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52447-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000062180Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.433{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\fe411d12a874452bc00e2b9293eb73db2ca96231MD5=310B1DFB0488E14B6D55116F728AC513,SHA256=2B296415A4A40C957E5E2BB8A58CCF748E5DD9E40EA4C2DFA3CE63BD15D49340,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062179Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.433{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\fd59ff44bfcbf04558d19c175e1b7d6fa8709243MD5=2B0D85B7A7369953B2E24C78E7B477B4,SHA256=5F625B473AE48A138BF3FB7B13BA01E257AF41395F1159229EAD4C71E5C057AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062178Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.433{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\f9813ce4f7194c1139f391fd5d9c378be33ba364MD5=77139BE822359D17308FCFA996417907,SHA256=1C64E63931D999B559BB4E0F8BF81B257739BEE1993214FC3A0B0663A864EC64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062177Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.433{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\f70e9af004b60962540071bb9537071faa4d248cMD5=1B3945602E8410B08F224ABD15EF7257,SHA256=2F593C5419AADD6B92F1A9029D53F3302D829D3E265D0F0D77F77463F6C3D785,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062176Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.433{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\f60fe8f2055886a53a2c05644ba1601dfdcfca7fMD5=04517D11D5085157843B1250FA177E8E,SHA256=7DEF659E9F2250DC8EA4C73404CF8FCF133E27522DEA68A3238647CC0FA265CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062175Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.433{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\efa0174acaf0ef39dbafad8ee6aba17228dfc224MD5=CF8D423D98E9069AE6FE667FC5F60218,SHA256=DB1FBCAE5C11146232965E287599EC3897695AEAC373A5BB9A12A9F7C685187C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062174Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.433{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\eea8bacb2bc41c42ba680aed503206db8729ca54MD5=6E27781F4C18B773178560927111A44C,SHA256=8E4D6DE31A558489BA57193DB7ECF6AE567CFB8F707B448789EA1391E2B0E8E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062173Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.433{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\ec91737c570b76abd62af6bb1da989a52313a68bMD5=C2F752E1E981508630FD7703C8D3ACE4,SHA256=EFCE89F264B6BB55640E9FE21EB822A4D004C7751CD17BF971F64E4A40E1B88A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062172Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.433{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\eaa110039702644bf30579ce27273411ad3ad964MD5=86AE1D8E592017E430AAED2BEFD997C0,SHA256=E602BE577C7CBBA80B1D0161206A446B6916B5A545D26DB8514396730381D2D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062171Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.433{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\e8cda0500227dcf550f113fca11d87a9f1ef9644MD5=A22F9349D7A8E409753C43F1B11C8F0E,SHA256=2E3D387C72BB9DB9BD3768F1EF3F9127F0F1597440931389927C893E68816716,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062170Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.433{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\e7f3cc29cc5c0cd68dbf2b8cc96980b333792325MD5=0C7BD95653AE034A4CEBC549AA083319,SHA256=A95A66E10C2D8314B198EC927671FCAFDF094CF40DC29D3BAA2DECA7D1D69A06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062169Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.417{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\e60d18f241f46688a2b2bf82c4e39e413b31a6cfMD5=F605D5E681FD1963A6838CE281683AAE,SHA256=CD5EC7339B6617DC257251DDDE308E4C374DEF9A9C16B6699A8D55A193890274,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062168Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.417{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\e433058081b54b27222e8c7a9ba4f478c0217218MD5=DA4A03A73E06244750968816F566BCA5,SHA256=09A8EC2975F5C5B0983C73E8BF0222A85C8794B124A0108E601B33B273CFC5FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062167Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.417{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\e399150c48d303756a75665d1e45673829f65cc0MD5=9DC96A0D2EDA2F9806E2F85BFE9B030D,SHA256=FD08A38BCF54F383A91C5DC09EBFD7B1CD5C406E7B071B73026C20C5FE5BCC6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062166Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.417{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\e3042e0a8b93d0b7a58ad0b332f859c9cbd42906MD5=293EEB6FE0621457DA9CEA753F1797B6,SHA256=0C83295DA849AFF0B0334C26B468871F86686BB0EBFB2174154E080EBBB7C7B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062165Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.417{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\e2bd5dab8322bcc867acb0e837efd24bcd46244cMD5=BDD64ECED734293C07565553814E5B0A,SHA256=5E4F23782443C08276ADA6FFEE285CDBB2F9529BCCAB45DD2DE68EEB4DA2CE3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062164Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.417{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\e180b430636434e0ac8dfbf55140928194d2d9deMD5=580D5C723DFEEFB7DEE9716B38328F5D,SHA256=9B16CA79095EAC13A7043A87779CE5E928DA6FC3E8CCA78CEADA58D5EE8F25EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062163Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.417{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\dfd41fcd89301264e260a8eaf831ae07f8e431e5MD5=E6E965095AE34248584737A4D3F6DC1D,SHA256=F4C2AC3876C5878BA593D4CEFA0BBF533D378A2E2941A584761979B647326572,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062162Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.417{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\ded1b10b31f0818ed8bc5c7e75ae3d61aafaa932MD5=E686D5F21013DCE1FF898FC15FCA127D,SHA256=F46553EAE62E0D9CF77E12961E1833DE3FE32C58C3F0A045FEBEB3C2D1366621,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062161Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.417{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\db2ae8bdcfb39e3d4ba1bb22ba43c4cdc1e6be4fMD5=8E21E72155C2AC315F16B85C6AA5A208,SHA256=5051CD9A8475E2D925A98950DC345F3A0612E7C095741A12CF154E5FB3217458,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062160Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.417{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\daae03cfdc51e3c9e0aac40762ad09d0e3979d85MD5=D0FEDCB2E9009F815CB7FDB6001E6A70,SHA256=1430909BB4DEFBDB00B0A58BAF194E216E7EB2DF6D00B549096D3850FB36FDB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062159Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.417{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\d85081fffc51017707a997e1ca8b41e105dfc0b4MD5=808679E6FB4B45820B4D445C23A2926C,SHA256=556DA1A7A1639B355E5FB79D14227210C1052306C1A0787FDA866D4405616F72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062158Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.417{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\d6e8dc7edf6da32973747faefcb8597fc7f94800MD5=C42DE44DCCEDD56C6717A986D7EB31B3,SHA256=A6B7C302561AEA6E0D4C179F356E0D3EFB10E02F23CF818454F84DFD3D62F7F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062157Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.417{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\d6c5b326df0193e6ba5f056b7018de09f34af355MD5=61150E0844FF4E2D69D2BC0E16EDAAA5,SHA256=4FB8059974EEBFB5F58F70510C2CBBC7531C426C806218A79B0EFCAA2A128B88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062156Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.415{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\d6a669b3333dae7cbac7223e4d2fcf9208c8a74cMD5=A617820304BBB0315C4422B05A169509,SHA256=5F4317F918CF1A019D49A792A750F3674B79E7C7F3B120B2B50DAE94EDB799A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062155Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.415{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\d60559b3310f0e7ffce87212589cd819a3f4e64aMD5=9349E4D4506B6692C55AA96B53F79AB3,SHA256=4835442E00AF01070BFB2EF6F26B904B2A5CFD53139744ECB334BB9F40B2FC65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062154Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.414{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\d51d91c684291eb6519b8e4505b318cf20b6b7a5MD5=14C0C6C6BCD376337A23DB13D94A3268,SHA256=0F6CB36A5C0800BFFC54094AD05293AE5E1963358FFBABE63306F23DCCC47D5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062153Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.412{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\d3099aec7081590c53f0ff64c6594f197e179fbdMD5=8110F6D9A5C7DB6A9F11C6FE65743531,SHA256=A10928FBA66261338DD999DE328DED96EBE96B8F3B48A7CD553E09F008BA739B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062152Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.411{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\d07319e8fda09706c865abfc988d5ac04eb5479dMD5=27EC660FD29E3531AA7B3B37CC025F46,SHA256=CEC6BD16BA0BD316E687AA9C6BE3009AC1F0908A72EF82183D6C012F19C8AC7D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062151Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.396{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\ce5bf601c52eef01420188f39c6314192e562ff6MD5=E9051C788A42444AA54C6B9A08AC4AA1,SHA256=C9B0F201E62E1C980488C3CDE991C04FF0EBEFCC0ADF3299E6929FD136E5A4E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062150Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.396{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\cdfccb20f5e45f8612719f16a0f655b9a7d9e42eMD5=B6D5A82C930481B365455EFDCBB264EE,SHA256=34DDA191833C4211CB9AF2E84990430A18FCDE3CDA1D21E15FB10D57EA9132DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062149Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.396{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\cb39b8ef01792457ded1ee049df45dfd2c137c27MD5=6B432526C774840CF25F343439D15A40,SHA256=352D8163CF79A00AB7204F85BB087C910755B8423AD7B09DA20C4C1166B54AFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062148Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.396{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\cb39b3cc5220da0398baf78be6de7ce430e87f48MD5=ACE005656ECD331E40FC25D17388E374,SHA256=49C946DA504F9DEBEA96CC54BB1A8990A31A5F61094006DA2D19130A1C37D248,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062147Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.396{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\c99b6a6eacc065df5263ed8cced2af892b4965ffMD5=35DE4017E74FFE78EE3F32A217798323,SHA256=DEEA5B50705B4D8F7F9F73BD258EE0F2B31584E6DCA40A84FCE61B861FB7771D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062146Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.396{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\c810e9b5bade265b9f7a779ccc936202a699cee4MD5=BD6F3D95371775CCB5CEC9D9ECFC6E6A,SHA256=35B8A2E7240BAF68967930509B573A6FFB847FD49B062FEE338B8A022908B392,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062145Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.396{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\c76d0ffcfe6ce1277e511fcf812267db80cb2d28MD5=D4325E680A2751D6BD37AC86E8151327,SHA256=1B3C7CC284FF15659A2C348426610ABA96C769A2A0446735F1C77D80C770CD1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062144Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.380{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\c72d459de671a215b9c7d9b0522c2071cc814354MD5=C11FCEED3F50C9076E7C7C3790EFF998,SHA256=9C8AD7922F5B00E09D8DABBD1DDC709F81EE08D34EFFB183CE210623D5F4BA23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062143Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.380{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\c6e73ab5f57f4192b086b1c9a59364acd9bed7d3MD5=4AB9DF982D42A751CB8D01D3F4D2978B,SHA256=219141174E88EDAE02DDFED63536128F147138CB59492EEE47325E4E4042A54C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062142Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.380{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\c5638bd37bcae8d31facb3b021145ca3a19b3679MD5=3BD6D367222F21285A3862FAAAC2DCA2,SHA256=553A5DE9485023A9BDFCCC48CB26A393A3135F0A245E3DC14003E0E9218260AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062141Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.380{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\c2fd682d30f3c90756d6d60cca1440b99bd084b2MD5=2BF4EB8A5B6508FB09EEB28601940417,SHA256=80C9216D48707D381BD40093D32AE441ECF6D0EDCD1BEAF2D854F986EF675F00,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062140Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.380{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\c269a6763bf9282f71cf6b2ecb3314ee910f9d60MD5=BB16D6F126A37173D1C15617F247111E,SHA256=D9670A8E82265BC86BEE51C9D108ED0504836253A930911108D9A03575939F30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062139Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.380{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\bf18b21e1f8deb6c944cb9f73c4b3f04b3dd3f36MD5=509F15A982255AF9857FE499265D3CFC,SHA256=BBE12D442172B1D1354BF8D393EB75E9557C6CFEF544097918FC580839B30787,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062138Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.380{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\be4567ddabc2b223e385ee6ea3afad7e4a45e1caMD5=0B02917BA1AECB00EDF03A26666BE7DD,SHA256=116A36F459C03094C062017120EC265CD9FB54D97C9E613FB113345A742644FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062137Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.364{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\be20f9484669f31c1865d4902805dc939587b8e7MD5=8A2AFDBA421356F7F09791BAF8DB5B21,SHA256=35C3EF4183AFAAC12FD4B6EFF592398544AC69903887045D92C2C3C28C02BCF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062136Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.364{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\be1b54c2ccbab114587f28e175629b960fcfb481MD5=272E68A4B9A56718B44EA7BC5D182352,SHA256=10AB9E2A48249114CF55B57452D89C2E608DEEEDC72A06FD5765D2DCAA064783,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062135Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.364{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\bddad42ef70f7279c7e2b8ff4765684d436a19d4MD5=E3F0D8F8C70CAAC54D8D23174CCB3A0D,SHA256=7FDFC884D11D722004A617E82273AFD3CBD16D0EB3F9288BF5A2AFDC75C6D990,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062134Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.364{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\bc8922c62531cd496ac0fb33832429d11e3b0afcMD5=55B36A1DCF1A1ED7C0D114CEEAB29BC3,SHA256=6B86E827304FB4AEAE21DB4CEB66335D30256A7DCD0CD17C826C0A16F887A574,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062133Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.364{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\bc3f22b9a998604f3abec1b47dcb331240f51d13MD5=C8216BD408E66D783F637AC84DCF2553,SHA256=923CD70098CEA959F03DF23C4B87BAF78A680327F82EA1A399187AEE782B5F0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062132Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.364{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\bb96995d2f45442a0604ae9d30f2ea3ec12c5e9eMD5=A9CA55469DBDB5AE1CB8980A6C21AB3A,SHA256=AC8356348A2B578A960F1DD75220F350DC2EADB3FCF30B7A4176AD11D3CE14D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062131Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.364{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\b8d04d7b87f5ccbeb18d0fd103fcdda2a696d048MD5=9F69E8CAC6D56EA30A65EDA87B1C4325,SHA256=2C1E0F3B4645EDB24F15F06F5A124661A4986729D3B2EC85B648BE92E8C14666,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062130Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.364{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\b5adcb84f9bec8a46157a0dbaa9bb2ada05aacf3MD5=63530B3C4A66A47A6A628B9279474265,SHA256=7EB968240D568F2D39980C2A20DA25CE7606F848FC3153E23D4600C36CBEF70B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062129Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.364{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\b4f0beed7c8cf21e2ba5b42cc2fe03d8c7c685fbMD5=6277C217FD5E05F045CE7013310EF1ED,SHA256=68E24B7BA000A70E398E4FA35E35E4C6AE2B84A9751C63B73118DBF2D630C92A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062128Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.349{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\var\log\splunk\splunk_instrumentation_cloud.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062127Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.349{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\b16650e8f00d10ff1eaeb756e08670a9a2fb94b2MD5=1316334727D011EEA884BB55A3C2BA65,SHA256=C01C521595A754FC6F52C5674D37DB9C72D7DC8663A6FD0F400BE9818823524F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062126Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.349{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\var\log\splunk\splunkd_ui_access.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062125Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.349{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\ac44f2bc7df1957f4ce862e2a0430e29946f7895MD5=2D7BD10C6CBCD1C37B4B085352896BE2,SHA256=78D0DD4D6C09DD1F9A6CEE438BE3D0D08B8DAA9DAA72B22304E61B771E967ED3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062124Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.349{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\ac29fe00bce19ec8929296f9c4cd4f7406e0ce73MD5=125253B6800D1106DA147544FD62AE57,SHA256=AFF07D0D1F9D6ADBD17C943CE7919C55B627EF9197A90953CC74DB0783688EA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062123Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.349{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\var\log\splunk\splunkd_access.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062122Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.349{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\abec3f08a1437341998bc40aed516d0c73ec3ee6MD5=9DF489DE5004E168B867FEC88113C5A5,SHA256=9F3A8CFEC222E7F2D402CDD3D8CB9884DD0F731028A4889B553E9FB33873CCBD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062121Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.335{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\aadc954ae9020c523fdd31d9cc02e00ad374d826MD5=769C0FE41E99169CA429FEFE1589526A,SHA256=184B2190E08AFEEEFA3C413EEB25B4702E26560B810324D1AADBDE218E255EF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062120Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.335{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\aac7e921323cb41c4cf82a1a215e9e5c8e171f6dMD5=1B7FBB3FECEBDEC27D405320CF49747A,SHA256=B12922CB6522206A420AA8B33A1D99ABDC36B3A923FDB27ACD958E31616E4634,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062119Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.335{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\aa4f5c8703433c1595fa3bc84484197fe2233bc2MD5=ACE2CB924812274A6D70A9C475D6AF60,SHA256=EB2A81BC7321E43035A8B3C038B61B9530444BEC0BB158A55A9A66B18F878427,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062118Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.335{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\a8b34799a5d762d1f9ac0015b99638b3e851cbd8MD5=B23EA80B9DDB6DF67D02496949EBAE81,SHA256=C3A113C77B849BFF5E8A3E606AD77404BF0DC6A5312BF629AC3B7C018DAED63C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062117Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.335{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\a63916a7cc26471a1788192f87cb4e89b5a46b75MD5=9D3841A3BE66601435A4B8DB4F25EF93,SHA256=8B9A9DD0F6445AD2A2BCB496B2C777881DE0F37C8A5ACECBC596FD7AB540CA6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062116Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\var\log\splunk\splunkd-utility.logMD5=B0D993D90C0187D3DB91754C2EC07208,SHA256=E44A0B856A69DDC27876185A76DAB6D6DB5828ECB623A067D3BC58FD5232718F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062115Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.335{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\a29c9c19925af51181d172cf0e4056b033a808d5MD5=17525708C2E5B69DB1A1A967C7ECD15C,SHA256=291F0AC0D93607782C0FB172903D64C3359614A95A80D4C29B6DDE660F9A00C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062114Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.335{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\a1e4fdd55f5d44ac7b84a4ea0b82d6767b359d6bMD5=782AC438B09DB679C8CCEAA74E690EEB,SHA256=16C3F8D5A6240AA8FAD1B60BBB4D2FF3EA997AE673B7C02E8A59391093DF66BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062113Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.335{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\a16aa44c06d2ab15a5ab0fe2f6d64e8e0ae06867MD5=3CDED76345B7432C3D8ACE3701FFB7D3,SHA256=015918B4F758E9667F5D023B691A64E5F0BE92C1362B2B9EED709548B3B83670,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062112Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.317{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\a0ef494f7c912415f8e8721a02d12cdbc50e928dMD5=E85464F8F708F92B55E6E925ECE897D3,SHA256=418B1C3834F5C70EE901FC35D3CC7FD7B75C670678FA69A1C81280934EA8B9D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062111Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.317{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\a0c277a354ed69cd47f1394af9537ee2e7464475MD5=7CCE22D521EE6C804895911BCF9D2BF4,SHA256=D8E0EFC6B7CEA86E6FE6AB773EB5826960BDA60FD5A6D42BAADABF4BA5F03850,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062110Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.317{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\var\log\splunk\search_messages.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062109Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.317{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\9f1f190c3d6d02cc1e2f295c282a0eb36005efb7MD5=9ED68F886559E853DF0CC255FEFD26DB,SHA256=57981C8B833C5044DF7458DC74607CABD30957EC53744ECF9D39369C6CC63B64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062108Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.317{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\var\log\splunk\searchhistory.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062107Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.317{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\9ca3c0e8df27ba884a6d7512697004ff3c241c38MD5=ADA6BB38666CAFD032A09E559E7F3D4D,SHA256=536916B71231A60F8135D7D8A83F862CE9E2C3FE78CFF2B846378C28A7E4DAFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062106Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.317{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\99a59c1db34ea398c9114ea5aea5051927870824MD5=436938F3DCE7CA16F170CF32675D504F,SHA256=047CFDE07002BD5D97242889EF48DDC457FE25624523ECDF6F53633628AC2E2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062105Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.317{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\var\log\splunk\scheduler.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062104Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.316{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\99887a0914320fcb54b835fc6e23656c401d9573MD5=6F0AFE7794AC2D9590E05DDB9C7EB9B8,SHA256=BF79FC55821A57BEF4FBEF0D05ADDDE01AF4A97A19C2AD4E9C042BE4756BE518,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062103Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.315{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\9785bcef0b9d1e277e2a17fca35f24ecb7ea2dbbMD5=4D6F50D60CB2CBBAC391DAF46704E2C3,SHA256=D48874330F56BFA0B6C9C724FADD75594BF2D499617F4BFB9A9237BFE0D88963,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062102Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.314{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\947e38a8c199b9d4fe99fdb0a599ef76b8d00caeMD5=14CB6B0AEE5E10AE15E503144BBC832E,SHA256=EDA17FDDC803090B61B25EB25590E8F4B7E8B26C319F272C11E8195642479ED5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062101Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.313{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\924a65801058876f66dc233a8226e906faeb1becMD5=06888EA4D8EC25949A5CB5C35270A492,SHA256=514C0C19F68D88D03FDAEF746776BCD0883773D1ADD48B61379632FB1B69ED72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062100Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.312{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\var\log\splunk\remote_searches.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062099Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.312{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\8dc0f509670676d2a050735d9635f6033aef1507MD5=7755BD2B3C7F765C2B68C51F4273B48F,SHA256=4EC6B59248FDE8013587C55D06FD0CFEC9D08DA0BA212E5E92B2E0492B3A4280,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062098Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.296{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\8c6ce91fd1040cea221b6a0231a0c3551f539180MD5=C83247CFDB73858196B3D93A2BC0ACC4,SHA256=24F2077D87ABBE1FF8969056A9281847D5463ECA452F17D51B21D869A4A9546A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062097Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.296{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\8a2903175c25fc34b0323502493f988222f4141bMD5=27A1146D11DB7998487C647D3DC2F893,SHA256=C9A7682E87A62BB2A16BD56CD14988C51C678E1BA728DC7B83AABD59E53D248A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062096Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.296{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\88db5cc372f8651df24c17c63db64b52157ffb2aMD5=F21180DBC1DAFC06CEA042DE901E368C,SHA256=D8A8867556CA80E9796DD63CDAF00824A3A586FE804F0EE4CE8B45F6F8637A3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062095Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.296{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\8693d7e3ef29891848329386b62c92a7cf3ae746MD5=D1D16F7F80C96FC1DB4C999B8DD12F41,SHA256=56612769E3596DC8E03DEFA86CD2DB9A3F62ADAB47D3ACCCA5862C25D7310FD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062094Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.296{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\var\log\splunk\mongod.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062093Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.296{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\84f10b1a490992505726a11762f6b727a4f05092MD5=4819539930C18F5CE7571A52DD26F073,SHA256=4BBA89C9619361B47BBEF823C71D1FE30F2F9E6960356CB1BA796C725851F571,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062092Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.296{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\84d49cea2da43b859fd6d3c2aa6441468e49179bMD5=C576743B6EA8A837FD682535834E5001,SHA256=F39932046154F418AC2CA340F4622FD24999F18AD6F576FD197DEA45DAC5EEB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062091Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.296{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\829d0753166bc8ddd265c4dfff39358836d44afeMD5=BDF085BF9F960CDAFFE1287568DB4746,SHA256=C009D6A7720D480140E339F5B71DDC7D68BF6E4322C7B89F91388952DDEF7CDC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062090Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.296{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\7c96fb61c543ae85c8b9ae63eee7f2b637a707baMD5=E500C65C925CD864C76C5B154CA8F9D4,SHA256=FC32E72DC183D6595B8561ADC2BAB4B8D5F7481D122ECCDEFB136D79090F7F8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062089Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.296{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\7b5ec008f25a7e32e8b5a9883e5d2fb3f0441756MD5=31B4393CB53E236F4644F0874AA9A45B,SHA256=C05D000F37BDF7082226F01D13AB8EF17BFFC50F6ABBD3741E99605301A81292,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062088Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.296{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\79d957d1ba38919a1353e91162125088a29a8360MD5=76BBFECD01DFC79AEE5B0E1A0B1541C5,SHA256=FF4ED6D22DC700DE505E38EE627EAF513C89C491C483630FE1679F4D8B18BCCB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062087Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.296{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\var\log\splunk\license_usage_summary.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062086Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.296{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\7901d488c3a11db89ae8d7e108fc5cba17787c64MD5=A5B90CA33E82B2C628CD998BE71CB036,SHA256=43F9279700E0A725DDF5BBDEEACC34DC5D87F9159D9F8F39A7AE4691244445EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062085Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.296{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\var\log\splunk\license_usage.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062084Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.280{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\77ba2cd1c23678381fd85a4feb915085db5a3cddMD5=6E59CC373A6E57D3777C39BEACC7908A,SHA256=48872064A0397FD5BB149AC8DDB9C2523039895C3D339CCA8F7DD06622BC2B76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062083Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.280{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\766aaab57c4b27243cdb4b46afd18d3b9bbc92bcMD5=2B60EBFB6F258BAAFAC6D76EA9E3E02D,SHA256=5799F2BAA83BC96FFBF4B438BCF9F0731CF7AF8821FD13E787F58E08E1EA2CB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062082Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.280{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\7260073106f223a435f0f4a81df264cec08a8c0fMD5=24F0EBDF252954E841F1731315D38068,SHA256=6B4E481DA6D7EFB907346D2157219070FEC27B41483818FEEDEA30E36A4CC5B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062081Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.280{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\var\log\splunk\first_install.logMD5=01A4E75FBC9B6FDA81EB58835E95FC37,SHA256=14F8254794085FA88185F4A19EACE3923CE3F71828CD9B313479FC5D0551100D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062080Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.280{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\6fbc9585e2cc3bca7c6c5eb5413e6c20c1c87b13MD5=B4480FD440621AA7006A6BCCE05117BE,SHA256=47F1197086292AA8ED8FE18F3D066E662069D5BF424DB68F5468013381FDBE4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062079Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.280{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\6e09bfda1a5533f5efba28067f000186fbaa9503MD5=29CD79768A7EB023F6B547F5A6C7A31E,SHA256=8BD6FA241788118F2C19EEF236D14E9E23D62D144CA1880ADB22952BE16D1F5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062078Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.280{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\6cfd6eaa1d56a30d474640331b9aab7c9af222f5MD5=92A2007DACEC74C8729CA626B0C22B8E,SHA256=A6BCECE5241F12292099D80B8991C2A5C5B368D6A73AD05698912C60ADF0575E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062077Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.280{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\6c3ad2d15d9bcf598f865092bb73220e621179f4MD5=FA71D7E0FBAA2787F1031DB03ABE2E9C,SHA256=E8AD3B2C9717DBCEF8DC23EF1134AB2E2D5636FBB9EBBC86CBCF0DC3CF1271EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062076Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.280{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\var\log\splunk\dfm_stdout.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062075Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.280{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\69180e11090e0f915d0e3b719069813a64ed4150MD5=898B2535868CB1BFD62BCB9509EF95D0,SHA256=EC5C980F1A16F621D6A23F6B4BD7333B6368DF7DF3169D5491E895052C243913,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062074Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.280{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\66dfca6d2442b0a9170a24ecebdeafce4d78b88dMD5=4A5FD19ABE16388FB805084D6E62BA9D,SHA256=5B36171DCF72138EEDAA1AFD257255C76881367FEE1E75C763C5C7AFB405993A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062073Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.280{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\65a242421a9db4b0a91f841f415baf4ca873361fMD5=D89917A50114DBD3096A86B5D04B1084,SHA256=61AEA0B7D81F1C6A4DFFF31A8943B3C3B6C6187D2AEE53C0D66BFCC6AC533442,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062072Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.280{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\64e7cfb0cda737b87209a9b02ae0634eb884b500MD5=790FCAC773958F7D291F9EB6C178F7A8,SHA256=B0C53C079577CFFF28769C25BAF3B2A53BA1A40E78513B463644DF356B2DA2BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062071Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.280{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\var\log\splunk\dfm_stderr.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062070Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.280{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\636c16810d7f79c4977f95da6a40fb9551779384MD5=252B243BA807C1A831134FEF5E1088DA,SHA256=2FFA9971E1024646C312E249B1FA38B27B3AFA237EECB65ED11F2A9940D4E0B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062069Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.280{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\62c9b52b0dc434dfcc4c7f2e51f15051d5ad434fMD5=151A53654A78DDB1D539741721437AE6,SHA256=BB970220E1A928D7EDD8CF22E56354C6C78AC3DB78D1861BE7DACC7429457CD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062068Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.280{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\627e9fd5e3894395feed974579f0b84939390e04MD5=C2EA7032B6983EB361DB49022E1B8514,SHA256=80E12766DE0D96D8A6531E2B2F33ECA386DABD5437387B37755FA3AA41735CDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062067Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.264{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\61e3a4057422102d4607dea07ad9b029b96c5757MD5=1CF67C9381B2B547834DF6036298211F,SHA256=9F8148C5E57B7DBA4C80CF66DB957FF279B5AE194660F48C0E01F67520DEA26E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062066Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.264{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\6059fd06be38c5635195a473694b9f50c94e7209MD5=D2C99368E14AD6E566FD643D65568446,SHA256=18AA9D73F4721427494C71793D4FCD3656A22DA07658D1376E6B24CD7DB6DB60,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062065Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.264{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\var\log\splunk\btool.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062064Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.264{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\5dc97e775c535812b5920d203f1eb2bbcedfa789MD5=EDE898742D5969830E2ECB3902574A54,SHA256=E59B32B935A5FD2DCAFFCF9EEE0E906B69A750B5EAB5AFDC8EFC20E5F6BC28B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062063Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.264{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\5c85ac0444b519ff540c816ae63ce9b596bf0056MD5=6588C6E70239ACD562970BA1D8B0DF57,SHA256=A8A76B5E2B0549F493B63EED6D9E763C82FEF2D90F9ED56D6B9804DF4D436A27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062062Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.264{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\5c767e140d2866fb3fd95c0488dddbb6f0b343b9MD5=082BC569C028E166E4B41D91A538E3E8,SHA256=704EDA28CCAF9D416A862B61C5C108B9C800AA91F1D9C7FCBDFEA2469ED6932F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062061Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.264{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\5b169ffc0b98c571deb3e592bc43a7e5bdf5e663MD5=9187C189B80601F2E53207EC5D0F2EF4,SHA256=84F4BA45687832B344B9B79D286154D9A439461CEA965ADA2F309A1C02C4E9C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062060Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.264{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\5aab7a5c9b9c66151250a381ac6a8d15384caf7dMD5=4CC6E10C8C33A1BE2C68AF644F0F6EAF,SHA256=12D6E7006B7C3452E06AB2CE55CAE6E13D642CF4319837ADB8BF26C1CFF91D3B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062059Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.264{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\5a58025989f7ab3d8ea7dd492ba242d3894a3bdcMD5=702841A2C8275D07C9EDB6CD342327DD,SHA256=41C74F63E23A56F87DA942BDCCCFD7F8929B6AC0BBAC21BE6F3E09394A3D969B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062058Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.264{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\var\log\introspection\resource_usage.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062057Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.264{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\598579f498bd87326a826e580fa47c483c973801MD5=011936798852A8A6249E894928ADCCE9,SHA256=9A463091B5C776C77DD3FC4FBC2005FC092F357C7624EE7AFFBEBFF489C628D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062056Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.264{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\594fdd356320bd35f73a3d820c40a28bffca4a6cMD5=C465646468F5C50C3C52A319633507CF,SHA256=2BB0B14075F6156DB07A7B41C827136C4C93A24281B4E76AE0915EAD7D9DC8FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062055Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.264{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\5708fa1c112627bbe67c23931df75f91b1fd719dMD5=6ADA4817740F69E3FBC835610860FEF2,SHA256=E4D5FD32D34083FD9509F078F59F32C505B218B486A7FA5368F45227E7EA9F0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062054Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.264{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\5672a381a3152605a66ea805f66aa430399147f1MD5=00A9676E8B26674B7490EED841CD289C,SHA256=A756C870C1ED27ABAEF6BB9ED114E3088683A3A225E44FF215E7E6406561B883,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062053Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.264{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\var\log\introspection\kvstore.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062052Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.264{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\52200bd6255f4af1e3896588397fb1ee5e5895bdMD5=FDE7E753F2AE25D2CD0DA58F4F27A4E0,SHA256=200311C8D4CA47C6CFFEBABF0395D1B984ACE290FAEA576B9CAE74228702A235,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062051Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.249{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\46737f8846e9962af8e442125a1b063b0c7d0a45MD5=D90B2DD2A74AC93D65EC007DC51489D6,SHA256=C5F682632C909B0D2D77DDBE9B23192BA269AF465DCA84BACDD6974BC359E2CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062050Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.249{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\var\log\introspection\http_event_collector_metrics.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062049Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.249{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\44e2895c8f7988ae92e384f6da9b553c89bd04fcMD5=5A34CCCD0A9C7D83DA8C5439DAD84613,SHA256=DC5E5938720B5DEF3C89B7A7D0BE7E82F116209DA83E05FB1B40A62707A488AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062048Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.249{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\442afc347b2951074a833f8a240f554ca55da18dMD5=25D02D996CDB19088D1AB768D61FB7B1,SHA256=6208EAECCB7DE410D4120AA3D69FBB507CBE149A7C279D1AF5FADDBD4F52B1C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062047Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.249{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\43c0189d5f097f178cbcbb5b503e0fc227889787MD5=35F3F6651E95DE9A579C3966A82381A9,SHA256=79F27986C9FB6AF38BABDD6C5CCB6EC707BD8D8F6C0B3FC7CB933E076F29412F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062046Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.249{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\4288406d086b5ff89ab74343097ee23daab50e81MD5=694D586F562A4ADBB462EE0BF15536E2,SHA256=5BE0BCDD71055E99760380626E258F640B75895F84EA900EA43DA64F5CB7E1FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062045Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.249{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\420696514742b00ce643ac0627e024a08b2d4b5bMD5=F75F6BB489E0E8F19A5B09805AA1D165,SHA256=381A2AA32179E746D28B3FF01AA85DD0B13D738966A58DEFC2EF2298280871FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062044Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.249{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\40da001aabac869a9ab983adc2b6f2c9adb2cf13MD5=0478490CE4181B4EE5A4CBC0B00DFF4F,SHA256=8F8F318C5A80604F7CCE4823C25816DCDF6886EE096A76B8E56B06FC18E1FEB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062043Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.249{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\40d5f02d1b14bf7ec2d3dc33a27e78b7be38ebd0MD5=D629F8B168C440229345B08F9A3FBD65,SHA256=FA59CC550E17D516BC8D27C8AACC42EF1CD8A0BE7B4815524BF30100E535AF86,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062042Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.249{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-zstd-1.3.4.TXT2020-02-07 07:08:08.000 23542300x800000000000000062041Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.249{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\3c2e3c27f31f7b84086701701d6104a78cb1f40fMD5=8CF84307FD6F962064CCB2DCA01A3FD7,SHA256=C45AB8E1897C696A757BBC01A3A75E6B75109E278697C32CAD34B77C5DF110AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062040Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.249{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-zstd-1.3.4.txtMD5=C7F0B161EDBE52F5F345A3D1311D0B32,SHA256=2C1A7FA704DF8F3A606F6FC010B8B5AAEBF403F3AEEC339A12048F1BA7331A0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062039Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.249{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\3b945fd63d3ce77c2eca0f145c79a8db9659f5dbMD5=086C6DF815BFBE630E3CA5DF0969276D,SHA256=9E8F22FD6BAF2DF68883D939D5453A92B48DD491DFC4AF9923D456B668FD941B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062038Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.249{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-zc.lockfile-2.0.TXT2020-02-07 07:08:08.000 23542300x800000000000000062037Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.249{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-zc.lockfile-2.0.txtMD5=78CCB3640DC841E1BAECB3E27A6966B2,SHA256=3E671DB11DF687516CC1DB5B3D65E4AA383EACA3C20CEA3FAF53A0F7335D0A3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062036Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.233{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\39adefcc6f6eda8e0d12e940fa38d6d9b7b9db5bMD5=F5A645D48E960DB62AD365033D23F280,SHA256=4319ADF95F6F2CA13E275E2A638C9CD159414F1696A505CBBEE3CBEA59E823F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062035Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.233{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\38f87481cd1b665129e44907f88db058653b754eMD5=2109F385224C2712F2D5D33D37FE1C63,SHA256=1B59D11DA13C84783962C2BF421EF2C95AAF5EAF661CA5026E6E1F66A08CB97C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062034Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\375576f88820ccdb6dd0b715ad9079d2109ed7b3MD5=779BB6257A4AF85DA1E8C14D06533643,SHA256=994B29C26CA4E02D5F2F2AE1D496AF08688CBF8D54FE1577A3D9F891475E40BC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062033Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-xxHash-0.6.5.TXT2020-02-07 07:08:08.000 23542300x800000000000000062032Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-xxHash-0.6.5.txtMD5=CB91C07001F1CA6FD50B6BD4F042946A,SHA256=86EC6953794503942B70FCD4F35B565D44F63F703B7037CE44DAD965C4AAAE91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062031Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\372a27209e25e56aa9b1c39549c20c069aac159cMD5=0D299983762701732E2BAA06560A621F,SHA256=BE7BB576AD25B460944B069FD8AEA19E746287CD6C096ABCBC0D019C54E7727C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062030Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\35cc8200c5ff48ee7441ba4242e27191d4039b62MD5=CC9DAA91D4BBCA1876E2838C474F98FE,SHA256=C7F430BCD47F4B5F1274F3939F3698EE2BED687DA639FD2AFC18B230A978D76D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062029Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\33b95326092868870eb51cca294f410bfc13542eMD5=E75875B6DD79AC581364342FE4D25017,SHA256=615ABD99C02DD820EE74A47715B297E5CC7D12771EE8002DA96301DBF553B6F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062028Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\32857cd3d44178ce0eda6ea3db30c1da0292abbdMD5=49B4DE6AE800D43D1EDDF185366F12C2,SHA256=94D16DE9D9615A07FE9418A794FBC27A7A3D18125D66F74FF07C8271D452ACD3,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062027Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-xmlsec1-1.2.24.TXT2020-02-07 07:08:08.000 23542300x800000000000000062026Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-xmlsec1-1.2.24.txtMD5=0BC087D40D8C041F2D0836F8FE05598F,SHA256=526285395DD39627199BA20FD7F70A2608C8C8C70E4FEA04ACEDDD71BAA53D07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062025Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\3150c8426c7e4d3139591b2bd3ac08cc591d743dMD5=4421DB08DF5263C53DD3974A4391065D,SHA256=59214CC0DB76CF47B5596E5F0415B4C103DD4381F2E9FEEA7DFF826F01F0D901,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062024Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\30fe35d9957aa4e654c9f6c0152a2c909e83ceefMD5=537DE496124F90221434E9088BD1B57C,SHA256=376AC4BF0264CE37E7FDB473F3867CC614198CEB44B3750B0529A1315B3CBAAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062023Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\30fb69c2bfd41813e6df6d45ef7eda104f569b5eMD5=4489C62B42C97768C1DE274C2DA33687,SHA256=D12FD30D15D055C8436903C26EDDD996746CF1ADB9E5FF2DDC2D5E031D7FB704,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062022Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\2f32891481e9ffe8c22f703e6a6d6e5672112ff6MD5=CD4060565FA56C2469D192E3D547F1D5,SHA256=4F859F7D7DAD95454A08AA326A2EEF78D89B6DC460AAE6DE1F65F5AA5C4CCB5F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062021Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-xml-name-validator-2.0.1.TXT2020-02-07 07:08:08.000 23542300x800000000000000062020Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\2e09eac1cc073ba2c64dfb950d82d05af955fb69MD5=3D8FECEEC7F950D68860F425CA322DA5,SHA256=03EF2E7D6E8BDA62E0AA860BFA7739A9BB0074CDCA0A859B3B26BCA68660CDBC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062019Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-xml-name-validator-2.0.1.txtMD5=2EACA7F1B8838B275CE5FD59135CDFD8,SHA256=0EC06320CED09A9A4768F6CFA74C61E589D5BEECB076D267203B6BA70B19BBFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062018Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\2d6d0a9d01a5c835abc5512f6762fad56c649c9dMD5=10B09C2D5966C7312E8C3C1491774925,SHA256=FD3BD094F46AB4E442731CAD26FADC98FDEE74343E51CEF5CEF5481B64B1E462,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062017Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\2b430ba6656a58195c1305a62caf1e4fcb9ecf8aMD5=E8694AF76EB7B0DFB8113827274C66A3,SHA256=A72708FE95E9E44E64B8CD001EC7F7A3F4B06DE127EBA37DE4A601C53550486D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062016Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\2a89c5a7a0b9832f654919a055f16146efe96206MD5=75536EA47EABB8EBC15A3581019E4074,SHA256=4562CE3C89CB77FD12485C86A6D4504882A184D2C2B01B69B6E792A2B2A6D54D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062015Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-urllib3-1.25.3.TXT2020-02-07 07:08:08.000 23542300x800000000000000062014Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\28c732741dbe09d18c23373087caddabf3f05b08MD5=ACEEB3266BC75747D8819D43612DF54C,SHA256=8EAFFC9840C043ED2557546C12FCADA696E26ED8C74382F92DE0B0BD3D68903E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062013Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-urllib3-1.25.3.txtMD5=65715C2EB961313D71B297DD5A04F85E,SHA256=7C0D136EE0585389ADF2D25671BB99687A1F75929F465B7F16EE3F01DA37255E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062012Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\28a481de142c61e1e52ef5b0cc99448f11002faaMD5=8634DAF4B0707DC1FFDB7C301D6FB87C,SHA256=F1F71BE88ED67EE03B52A74901B0B5E8940A4452AEA05193472DB16F41BBB1CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062011Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\288d2d04715cc9ff734a6b641816d421f68c4a34MD5=DF0D0865F6D19AAB3651141E401D6D6C,SHA256=3EF693167226D48B75E71A2BCB3CF50A5EB073DEE2D8412A626D7A41FBFFCE50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062010Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\2698c7a05b6fa53b9e36c53ef049706ace7491fcMD5=10DB75A6C2471D5FC2F2CFB7BA578D27,SHA256=B75A8857CC3D2FB0EE0C237410F73EA1BDDB4638FE877A84DB0CC9F3316D0A55,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062009Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-timsort-5ceb868bfb690190557c083518053da7dd5a7510.TXT2020-02-07 07:08:08.000 23542300x800000000000000062008Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-timsort-5ceb868bfb690190557c083518053da7dd5a7510.txtMD5=13CC02B9CCDC79F7CADB80E44B5101E7,SHA256=37903AD4DA622251C57873B356EC6683D4F40845A13653432CC24E855B92AD6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062007Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.217{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\267c201576424288ceab200e08d113e796b24180MD5=BBA346E1FCC254BB67CAE213B120FD4E,SHA256=CD7FBFD2894539B38313DC307C06375C779A0C6199C3E6AB6FACFB0816B2F5E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062006Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.216{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\2661b369b70b72453bb61c55aa7d643ec81bb89dMD5=5FDEB9E9A4F9677B0C87290893D7AF50,SHA256=625D50D263E8D784032C5C64EDC589C36673F386962AB2B8516C9B8E2B4E36E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062005Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.216{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\25bd5db7bab7cc9295361160fedf5f5dcf1b22b6MD5=C1DCFB1DC4A2AD0F06A9D3B21CE4D12D,SHA256=BDB3DEF2EF865EEB540CC7763ACDE8F8DCF7CCFBADD6779A10D916E52EA29A52,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062004Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.215{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-tempora-1.14.1.TXT2020-02-07 07:08:08.000 23542300x800000000000000062003Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.215{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\2590dc00b4474debe18669ca92c0d67f6442ed16MD5=1F3AD764E172278938602AE089568879,SHA256=DBA12F95C077014604FA9BCAEFAF9AFE737A1EA7E520605CAADD2A79F4EF8A30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062002Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.214{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-tempora-1.14.1.txtMD5=A33F38BBF47D48C70FE0D40E5F77498E,SHA256=A55E2FFE9B44998E621D51D8C094BED09ACC4B5236EE73D7DF395A33BA3C18FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062001Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.214{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\22ecad2f36d3c2353d9fcf7c17d53df10cca0ba2MD5=92733C7C0BE82F2E108BF10148A82B6C,SHA256=98124A64798000658AC33A22AB06B2CB3F86668BFBC0A6DF532654A029911687,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062000Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.213{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\205c3a393e61a348ee033387b998471a4164c4ceMD5=338C7CC65EAF1652E3500531ED332EB0,SHA256=ADEF845E98A77288DF693E137E7516663A8DE37908FB938F4669F2B89161C77D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061999Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.212{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\200f4feb15e044b3e9b9054d169d098fc54bff98MD5=632919AD49BAA01DA39FFEA3ED9EF652,SHA256=C0BC39916651BAE5A3ACCB2F5F07E36B378ED976D1AE2F67F6105243140FDA24,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061998Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.211{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-srm-1.2.11.TXT2020-02-07 07:08:08.000 23542300x800000000000000061997Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.197{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-srm-1.2.11.txtMD5=8199C0BB0B2CD0BFE824C81E6B639DB8,SHA256=71C24327EBE314053ABEA73A01997375AB5F89D0144B4DB7AF5FBAF4941B4999,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061996Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.197{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\1af88c3335028750a6078fc237d5d2071460ade0MD5=AC4011418C0653282F91279B764733F7,SHA256=BDE986797CEAFB08646C5CAAE899E89CB3B0FB504294915C63F2FC8344A0AA17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061995Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.197{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\1619c200f0826827bdecd369985c5efc57c1b8c8MD5=4486EE975470912FC0714B0B100C033E,SHA256=A8742EDCAACC12777184A391BB9C43AC515B50C4C33AC3DCC7BCA690403A82BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061994Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.197{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\133563d532c64e613175ec24cf42c35a8cc530faMD5=31BC3C37F3BE82635CB07653AB9EB4C4,SHA256=3B7095F5C210D24576C1328009E66A2B4EE046839D64B3283152FC4185C064AE,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061993Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.197{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-six-1.12.0.TXT2020-02-07 07:08:08.000 23542300x800000000000000061992Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.197{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\11befbd5f637c102c92e4ea18da924cba10ba25bMD5=11F8F37E32153812A4C808890067CF40,SHA256=9C65653D38FAC33B7DB56418601C7AEEEBA161B81830041ABF80B973B83C96A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061991Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.197{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-six-1.12.0.txtMD5=83E0F622BD5AC7D575DBD83D094D69B5,SHA256=E732F54DA58F3E9CF0C48E8B512948936FCF7361BD58AFA63A9A3C392BF794AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061990Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.197{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\10dec7d4a7581e6014708fd0a4b9ba7f05630f99MD5=3F044CF6DFCE4658C39C7BAEFEE162D1,SHA256=BC90A561A34F2E1A45AF7D2B4FAD03DC3B119AB4FEBEA019A44EBF23888087C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061989Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.197{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\0f3cf7b26d6522e9766797619d2cc51eb5224e58MD5=75DE1940F32E2D8FE29B7F255E5688C2,SHA256=2A4AD755FA1A5ADB8661EDE47D74D1757EB2DA3E5E2C570E7E2581A73191938E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061988Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.197{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-setuptools_scm_git_archive-1.1.TXT2020-02-07 07:08:08.000 23542300x800000000000000061987Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.197{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-setuptools_scm_git_archive-1.1.txtMD5=838C366F69B72C5DF05C96DFF79B35F2,SHA256=89807ACF2309BD285F033404EE78581602F3CD9B819A16AC2F0E5F60FF4A473E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061986Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.197{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\0eac80878b6ce8ecd3b0bfcf09f41fc2eae5bcffMD5=A6849E8B4608A651D37F9B68B70C40D3,SHA256=B30641555DAC58DCCA56A5FA5575659C46FF17C4DB09CB83069CD713BA6F4F98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061985Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.197{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\0d03641f205236952159ed57c54cfe6ba860dfa0MD5=1278B7075F9F8C529074193731FFA3D9,SHA256=EF0AA5302DC709558B7C777066A8F8BCC6F490E60863810C52418396D52079A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061984Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.197{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\0b225d437c8b7e1667d2f4a426a6ac4ad07268ccMD5=0E348CAB19207126686963400E6C0DDC,SHA256=1C674054659DBF0C620126A38F2A32DC1D2B72E5BEE57A59F76D9AC879F5CDAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061983Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.197{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\0969fdf27cde7739accbcc5765f079e82ca5aafdMD5=80681ABCA0498F8F62E43E669CF8EEE2,SHA256=B148D05D3F4491696ECCBFEA68087448CEC35F3263D54F7857F6F6E65C2165DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061982Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.180{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\00c4ba9be766c3a81dbc28e67b484a5d2ea94c4fMD5=7BD052ABFFFC2D78D98870A9C0AC7407,SHA256=466B5B1DDD094E742C1B1FA8BD62864FD5154FC99EA66036FD2258EB5A870874,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061981Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.180{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\002ec605bbeca34e10dfa84c8d3476f87471d50bMD5=8ADA5E28300929E41AB5153A8ADE115D,SHA256=DB8E9D5A88EF804971913E282DF119C4977247DEE3A06D25265A56B3A87C5D35,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061980Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.180{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-setuptools_scm-3.3.3.TXT2020-02-07 07:08:08.000 23542300x800000000000000061979Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.180{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-setuptools_scm-3.3.3.txtMD5=838C366F69B72C5DF05C96DFF79B35F2,SHA256=89807ACF2309BD285F033404EE78581602F3CD9B819A16AC2F0E5F60FF4A473E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061978Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.180{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-semantic_version-2.6.0.TXT2020-02-07 07:08:08.000 23542300x800000000000000061977Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.180{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-semantic_version-2.6.0.txtMD5=4FB31E3C1C7EEB8B5E8C07657CDD54E2,SHA256=A85E7EF2FBC670D26781ED6844CD31A7E8ADA65D21328F75A0B02402FAAE37EA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061976Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.180{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-prometheus-cpp-0.5.0.TXT2020-02-07 07:08:08.000 23542300x800000000000000061975Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.180{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-prometheus-cpp-0.5.0.txtMD5=57D76440FC5C9183C79D1747D18D2410,SHA256=002C2696D92B5C8CF956C11072BAA58EAF9F6ADE995C031EA635C6A1EE342AD1,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061974Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.164{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-portend-2.5.TXT2020-02-07 07:08:08.000 23542300x800000000000000061973Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.164{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-portend-2.5.txtMD5=A33F38BBF47D48C70FE0D40E5F77498E,SHA256=A55E2FFE9B44998E621D51D8C094BED09ACC4B5236EE73D7DF395A33BA3C18FD,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061972Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.164{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-pcre2-10.31.TXT2020-02-07 07:08:08.000 23542300x800000000000000061971Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.164{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-pcre2-10.31.txtMD5=F5E4BDE9FD0493D0967B4DBA9899590F,SHA256=4806D1C067BFFE106D97DAC68744373A866BFDD65486C0532ED1B41595EC4B64,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061970Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.164{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-openssl-1.0.2t.TXT2020-02-07 07:08:08.000 23542300x800000000000000061969Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.164{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-openssl-1.0.2t.txtMD5=F475368924827D06D4B416111C8BDB77,SHA256=C8F60F4842BBAD0353F5D81620E72B168B5638CA3A0A999F5DA113B22491612E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061968Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.164{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-openldap-2.4.45.TXT2020-02-07 07:08:08.000 23542300x800000000000000061967Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.164{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-openldap-2.4.45.txtMD5=153D07EF052C4A37A8FAC23BC6031972,SHA256=310FE25C858A9515FC8C8D7D1F24A67C9496F84A91E0A0E41EA9975B1371E569,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061966Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.164{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idxMD5=F82B72AE1DB77A29FB671CCA4203D7A3,SHA256=748BAEB096427BDE03650418C43AAD344A26A84E5ABE26D0BFBC094337C2CD28,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061965Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.149{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-nedmalloc.TXT2020-02-07 07:08:08.000 23542300x800000000000000061964Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.149{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-nedmalloc.txtMD5=B51058FEAD1AA71840B79527F5BFFD3D,SHA256=BEB8E42E9D6B4284E03304D05A81A0755200A965FC8D0A5E0AEA1E84CF805D6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061963Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.149{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\4\13\1D6EE38A7E58E49D.datMD5=B65DC451F2CFD073ED95A1360688F04C,SHA256=8DA345B3FF16AF02CFF7181E3FFA2E45ED2B4071283D6832FDA85D39AEA655D2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061962Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.149{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-lz4-1.8.2.TXT2020-02-07 07:08:08.000 23542300x800000000000000061961Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.149{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-lz4-1.8.2.txtMD5=EBC2EA4814A64DE7708F1571904B32CC,SHA256=D15D99C8DC6B0EC22174C0E563A95BC40F9363CA7F9D9D793BB5C5A8E8D0AF71,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061960Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.149{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idxMD5=AD444373A4BEA187144A0A9B1BA5367D,SHA256=5564812C4C399F131D702BE537B7B7C3FBF9BB584B3C3D06AA9D7E34EBCD0E05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061959Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.149{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\3\81\737457778730B8D9.datMD5=0147DE1BA029C385AF43617CDF2B25F9,SHA256=A3966AB89FDF5AABC319B48CA05FD4960D030FC14CEB6805B4AA940A132909D9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061958Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.149{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-libxslt-1.1.30.TXT2020-02-07 07:08:08.000 23542300x800000000000000061957Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.149{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-libxslt-1.1.30.txtMD5=0CD9A07AFBEB24026C9B03AECFEBA458,SHA256=7E48E290B6BFCCC2EC1B297023A1D77F2FD87417F71FBB9F50AABEF40A851819,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061956Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.149{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\3\34\41D5E8D387F41E9A.datMD5=F73F9964825CAF4722724CF45693F708,SHA256=12D85654F126CB903E8233E30849C0EA0F6C5033ECBEFB4FB13557ABB33609ED,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061955Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.149{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-libxml2-2.9.9.TXT2020-02-07 07:08:08.000 23542300x800000000000000061954Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.149{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-libxml2-2.9.9.txtMD5=2044417E2E5006B65A8B9067B683FCF1,SHA256=C5C63674F8A83C4D2E385D96D1C670A03CB871BA2927755467017317878574BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061953Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.149{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idxMD5=EBC70C6C6BF9DAFD60645AC4E2B4A64F,SHA256=E2B6A60152645647E687618AAB517E9BB3F802AFE77BDDD7BAF4387DA733C7A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061952Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.149{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idxMD5=C113D2D2A58CC4B817D616EE021427EF,SHA256=88C466805540295E2DE2650758585052A2D635D049CA8D9741867E094C8C5D5C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061951Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.149{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-libarchive-3.3.3.TXT2020-02-07 07:08:08.000 23542300x800000000000000061950Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.149{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-libarchive-3.3.3.txtMD5=ED99ACA006BC346974BB745A35336425,SHA256=AE6F35CC1979BEB316E4D6431FC34C6FC59F0DD126B425C8552BB41C86E4825D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061949Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.133{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\FE076837D01BBD02F9657ED54AF9A29AMD5=44EE089BF4B64EB888180A6641A33F81,SHA256=FE386A88465C22F660A4C8FC935BB78A90B9D07992A4B3D39C844282F2C19732,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061948Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.133{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-jaraco.functools-2.0.TXT2020-02-07 07:08:08.000 23542300x800000000000000061947Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.133{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\F8DB193E4C44CED91E5A09438FB23828MD5=DA2A381ED3F796D7A21D4A0ACEA93BA5,SHA256=FCBC9C2AAF9C60E02ACEF85A2D836CF3CE91EFAEDE643392C5C44B9C6A3F9179,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061946Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.133{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-jaraco.functools-2.0.txtMD5=A33F38BBF47D48C70FE0D40E5F77498E,SHA256=A55E2FFE9B44998E621D51D8C094BED09ACC4B5236EE73D7DF395A33BA3C18FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061945Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.133{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\F6AB7B4AC448F784CCD44AB7B7E913C4MD5=B6E788E3ADA2EFAD0296459E8B9FDEF5,SHA256=D7E35A016555CFB1795713C10DEC0FC04233A79A7CEAFDBCAAEA5BDC40F5C8CD,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061944Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.133{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-idna-2.8.TXT2020-02-07 07:08:08.000 23542300x800000000000000061943Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.133{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-idna-2.8.txtMD5=782775B32F96098512E283FB5D4546CD,SHA256=0D4BC7ABD48DCFB14E24254EE404066737FF0167144E222914A2113B8794683E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061942Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.133{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\F19631E67F1730E189E563FC248195F1MD5=48A781E522E2A8189B223DE46F2C1EC7,SHA256=3E474E719A6135F9CA3B4C3A4E33985C0D253B545416512FCBB29E15091610A6,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061941Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.133{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-futures-3.3.0.TXT2020-02-07 07:08:08.000 23542300x800000000000000061940Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.133{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\F0A8E570F9D5CE85C81F4DA04A642496MD5=F569C8FED334DAD51CC01088F27C27B0,SHA256=2C03DFFF3A9D63ADCC63864279BB57E3A7971AA3CC775C6F47EFEB6099EE8A8A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061939Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.133{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-futures-3.3.0.txtMD5=834D982F973C48B6D662B5944C5AB567,SHA256=A698BD5D441E4A16AF6C992B8E80CBFA12755D72D910854FA1FB11D4DEB0059A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061938Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.117{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-future-0.17.1.TXT2020-02-07 07:08:08.000 23542300x800000000000000061937Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.117{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-future-0.17.1.txtMD5=3C00B89DE8DABF26A9B70748CCF4C477,SHA256=E1CCA1EF4407D8BB6E3F22D6C8EE660C910C230FE9D36570C78710BDBC0B6440,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061936Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.117{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-funcsigs-1.0.2.TXT2020-02-07 07:08:08.000 23542300x800000000000000061935Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.117{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-funcsigs-1.0.2.txtMD5=D6BC91DC8E5793892189FE7481A2D354,SHA256=559229B4B693D80FE087D517F7C79D4857C965ADD18031512D0981EFC28755F0,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061934Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.117{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-FormEncode-1.3.1.TXT2020-02-07 07:08:08.000 23542300x800000000000000061933Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.117{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-FormEncode-1.3.1.txtMD5=D9E6F54C6189B5F360CF6C33239457CE,SHA256=A15F30707F88997B052B0D8C27B79DD7F86FB10EE2354795D83AA62DA3D39C34,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061932Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.117{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-double-conversion-3.0.0.TXT2020-02-07 07:08:08.000 23542300x800000000000000061931Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.117{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\F07E0CAFAE8E82EC1048EB9D1F9974FBMD5=010B29DAA0A1A049F1F2EF1C6C504C45,SHA256=C84905B16D61D83661B770C99E7A8308E6A0AF7A7D6022C5B129D11266A43828,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061930Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.117{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-double-conversion-3.0.0.txtMD5=1EA35644F0EC0D9767897115667E901F,SHA256=4AF93C12062C58058378DE2397DC1C92BBFF9DDFB1D583A01C84127557CE97CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061929Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.112{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\ECE359549FCAA0243A96A8B3B48F1BDFMD5=49DE3A17263F870E0942A1045DBD1C04,SHA256=AF303E609E781F19576DB93A83410050108BA6C5705D852174E3071AE4841BF3,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061928Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.096{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-defusedxml-0.5.0.TXT2020-02-07 07:08:08.000 23542300x800000000000000061927Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.096{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-defusedxml-0.5.0.txtMD5=056FEA6A4B395A24D0D278BF5C80249E,SHA256=B80CE9DA8C42A1F91079627FBBE2BF27210AE108A0FFE5F077D5B08E076C24C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061926Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.096{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\E721F0F1A9D3205B4826FC7294238A94MD5=5C086F3BA9EAEE4C6B7E010001D93724,SHA256=177CDDC27DEB1C486DC1246AA571759639BF16697E2DE76685BD57B87EE7CB96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061925Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.096{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\E3A04E34AF58CA116EE421C5EC9FECA5MD5=C95E6606BBB7E01E1B6A13837BF198A6,SHA256=AE017921E0CB470E32A557FD261862E07B02BAD75624282A2648136C6B36E15A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061924Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.096{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-decorator-4.4.0.TXT2020-02-07 07:08:08.000 23542300x800000000000000061923Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.096{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-decorator-4.4.0.txtMD5=BE2FD2007972BF96C08AF3293D728B22,SHA256=FD11660CABF0532082C45706862FAFC294907EC7F8E217818240A4999806782E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061922Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.096{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\E2014C21E689A89E913B1EE9D780AB44MD5=E792AAC096FDAC2F9284DC31738CB7ED,SHA256=AE118CA58D6CBEBEAB9E927F1E16C7ECF537748F6692E13E1DBA76C6C828156F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061921Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.096{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\E1B03B7122D748609F76DCEB55631580MD5=19600BA2AC2744BF00E909A432F37CEC,SHA256=5F65AC9EEDB3736D5FCA2FD92B9AC8B5DC02073836E38D6BD26383C51893E414,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061920Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.096{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-configparser-3.7.4.TXT2020-02-07 07:08:08.000 23542300x800000000000000061919Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.096{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-configparser-3.7.4.txtMD5=A33F38BBF47D48C70FE0D40E5F77498E,SHA256=A55E2FFE9B44998E621D51D8C094BED09ACC4B5236EE73D7DF395A33BA3C18FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061918Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.096{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\D24AC0732490F00EE1897F40CB701E09MD5=281B1CD94F5BD663BBAAF066FB3A7EC4,SHA256=E36D62AF2B0BA70EAFBD118C8C57440C0131634F608F163EBBA1EF6D8AAB486D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061917Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.096{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-CherryPy17-17.4.1.TXT2020-02-07 07:08:08.000 23542300x800000000000000061916Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.096{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-CherryPy17-17.4.1.txtMD5=BEEFFD9DFCC746ED5A91921F1ACC2746,SHA256=DA6DC218683F6DAB91C6367F00BF33095D980FB1F04D430C81C5E6994B8605E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061915Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.096{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\CD83F294BED6B299F23EACD6DE50BD78MD5=C95DCFE91DE4D1AF6302E3A3CDFD9C61,SHA256=298870C6F56B4CAE16850A3C862E08457440986A971899B8E515DCF23BAE5270,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061914Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.081{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\CCE92E68EE219C35A11100005A0165B2MD5=5B1B797413445182655A95480079A21A,SHA256=F96B88055DC8FEBE58797729E85B29DA4A87D1FC8B330FCF57ED4DDD0C2F2559,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061913Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.081{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-CherryPy-18.1.2.TXT2020-02-07 07:08:08.000 23542300x800000000000000061912Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.081{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\CC0C00FA0792334A1F2A0902599A1D38MD5=CEDFA311CB7C83A3F7E551D936E751E2,SHA256=60F4EB5806E4F337E535B28488E7A5A273BFDB96EEF6B40E1054579BB157E498,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061911Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.081{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-CherryPy-18.1.2.txtMD5=BEEFFD9DFCC746ED5A91921F1ACC2746,SHA256=DA6DC218683F6DAB91C6367F00BF33095D980FB1F04D430C81C5E6994B8605E0,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061910Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.081{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-cheroot-6.5.5.TXT2020-02-07 07:08:08.000 23542300x800000000000000061909Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.081{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-cheroot-6.5.5.txtMD5=BEEFFD9DFCC746ED5A91921F1ACC2746,SHA256=DA6DC218683F6DAB91C6367F00BF33095D980FB1F04D430C81C5E6994B8605E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061908Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.064{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\C57DF63C92FE024BE4FFF00C74859191MD5=7E770496D66C9B90A9D87E02F21538AE,SHA256=FD72E2C665E78BE7B7B5CE83260EE6E4C841C5023D465CB75B7018C15755AAA1,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061907Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.064{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-chardet-3.0.4.TXT2020-02-07 07:08:08.000 23542300x800000000000000061906Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.064{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-chardet-3.0.4.txtMD5=A6F89E2100D9B6CDFFCEA4F398E37343,SHA256=6095E9FFA777DD22839F7801AA845B31C9ED07F3D6BF8A26DC5D2DEC8CCC0EF3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061905Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.064{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\C4057EDDCAB0A4132321B80D64228E15MD5=1C96F96700DFBC1CFAF299FDB887B13F,SHA256=3846646994F9CB15FC127DFF7750A0A6016785DE51DF36175559F2ACA0E3563A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061904Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.064{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\BB159B8B3C3DDE48344C42248E8E9EAFMD5=403EBE44F82DC9E535FFC467017570F8,SHA256=9CF683B4CD9AB2B4475CEB02E16EDFB320D2B4160BC699A02A1E0EC5B4FA91B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061903Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.064{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\B2D92FD606207FE0387D5C785A8513E3MD5=2A183DA5F3EA92646FC04269FC4DF325,SHA256=53AE4C1DBD4C2C112680A9D9B495EDDFABA8F6A34E6EB78F5FEB4F142C0DD311,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061902Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.064{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-certifi-2019.6.16.TXT2020-02-07 07:08:08.000 23542300x800000000000000061901Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.064{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-certifi-2019.6.16.txtMD5=F77F61D14EE6FEAC4228D3EBD26CC1F1,SHA256=6A70A4BF6B010016D59A64B8AE4AD8DC7F5EF16F1FB453CC2ECD771C5A341131,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061900Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.049{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-botocore-1.12.204.TXT2020-02-07 07:08:08.000 23542300x800000000000000061899Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.049{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-botocore-1.12.204.txtMD5=2EE41112A44FE7014DCE33E26468BA93,SHA256=0D542E0C8804E39AA7F37EB00DA5A762149DC682D7829451287E11B938E94594,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061898Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.049{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-boto3-1.9.204.TXT2020-02-07 07:08:08.000 23542300x800000000000000061897Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.049{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-boto3-1.9.204.txtMD5=2EE41112A44FE7014DCE33E26468BA93,SHA256=0D542E0C8804E39AA7F37EB00DA5A762149DC682D7829451287E11B938E94594,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061896Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.049{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\AFDF247EA587FE009AD29B61244AF13DMD5=9A7395C617C2934D43ED0688C90689E9,SHA256=B486571DD4B867DDE8D16DA3B923985F00BBD5F550065210EA49C1944461C2B2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061895Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.049{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-beaker-1.10.1.TXT2020-02-07 07:08:08.000 23542300x800000000000000061894Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.033{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-beaker-1.10.1.txtMD5=5297E0E46F5BE6C86A87E35AFE958CC7,SHA256=FFEB29B5807F9A45D69CC5FAD8D1227EC21CDDF3BDA75333AF0841DF2199B33D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061893Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.033{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\AADD50C7D49470D6893ED3E000CE7F46MD5=AC779E7101F325CF5DDE861282A9F952,SHA256=C19944F2310A23B57B1395CADE565D2A0D96B9439EA5C4F3911DDB1E914677E4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061892Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.033{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-backports.functools_lru_cache-1.5.TXT2020-02-07 07:08:08.000 23542300x800000000000000061891Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.033{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-backports.functools_lru_cache-1.5.txtMD5=A33F38BBF47D48C70FE0D40E5F77498E,SHA256=A55E2FFE9B44998E621D51D8C094BED09ACC4B5236EE73D7DF395A33BA3C18FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061890Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.033{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\A7F696A443F6291040DD7D2618F5CECDMD5=7C3F70910695B0DB42E9822B57FF9D28,SHA256=DC9D23371E90613E94F1BAA23AEF10742DDB59528BA768F1BA805EA835B226CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061889Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.033{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\8B0760B06B11F5417209F3E3956312E0MD5=5C4ABD01538B3C2E8DD8597BB8AC15E6,SHA256=C04042D131A295B0E7E00A47343DC5D0C285D05A94D5218E80609B92ECD0A569,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061888Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.033{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-Babel-2.6.0.TXT2020-02-07 07:08:08.000 23542300x800000000000000061887Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.033{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\splunk\3rdparty\Copyright-for-Babel-2.6.0.txtMD5=EEBDC057DC12ABCC2D6C4453628BFCD4,SHA256=178B99C90DF898D0BEE84BD335F36B679C76FAFA9D3C288B4EAEA4EBD92D8602,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061886Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.033{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\88920668149EAE7ABCD4A83C1794C3BFMD5=10E5C35E6889EB757FFBD05E522F3636,SHA256=A1464550FFCE1A30671C41A2F780B75B818C8B2E3229C692E5B50D4E3B5DD06D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061885Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.033{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\copyright.TXT2020-02-07 07:06:34.000 23542300x800000000000000061884Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.033{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\share\copyright.txtMD5=25A9FEDC584FC6D5E10F689A1352D947,SHA256=144B3E7979C26A2AB1DB949C052B71675167DFA8F3B711A8714708D0EC29E3D2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061883Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.017{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\README-splunk.TXT2020-02-07 07:13:22.000 23542300x800000000000000061882Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.017{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\README-splunk.txtMD5=BF1EF1ADEA00C3E4EAE5C2075CB52FF3,SHA256=58A80D94EC29BCD8813BD00CD7C027D5F87624C0990DEB59A17EA97D0D15E352,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061881Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.017{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\86AA981C9D9BAB5A7016AD48E39CC703MD5=DD4BDB0415BC79F0033D02EB40C47275,SHA256=CEFEF345AB1F4D85BE3A86754108D4D1A83AD9CDE5B3FFEA201F84D5F872368E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061880Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.017{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\8252FCC23221C66B88FAD9A40F0F9EA3MD5=5276EAE0DE776C129729C59592A0295B,SHA256=4D4CAC03D7D8AD495D46E7ED5451D195926908BBA774F25CF26CA9C05AC7E1C7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061879Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.017{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\license-eula.TXT2020-02-07 07:06:34.000 23542300x800000000000000061878Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.017{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\license-eula.txtMD5=9AEAE8DA6C39C8CB930F5D8E2ED79E9B,SHA256=3A68B05DF4D9532044DDFD5C5A71F0BFC5EDE4864FD61BD64C0F2DB51287B00B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061877Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.017{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\7CD2524F8EF20CBA6AD61D4D3C04BACFMD5=02FB44040407F4A5C00E0FDBB99F6E09,SHA256=C2175810C19335FAB2472E058EDD5EDCCB6CADC2E3227BF69594D0A61514C0A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061876Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.017{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\78652A233EDE740109B333033DBF1A32MD5=0362DA866F0BF71642EED099E3CCA440,SHA256=07D11EDC3E12BBE0140C0A3363BEB8D24D367DA3B9A11E4C723E3A61E6CBA1BB,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061875Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.017{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\license-eula.RTF2020-02-07 07:06:34.000 23542300x800000000000000061874Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.017{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\license-eula.rtfMD5=F04D3F5A6E2ADCED8BED14878E27023D,SHA256=B1D86AF30CA5FCF26598A130EECB85DE876C598F58DCDAD1DB056E9824232B29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061873Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.015{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\6C1226493C5CCE894D83874216B662ACMD5=0A474C7456468C53D936C23C8D36DBB3,SHA256=A59D38936DBE770F8312A2FAA2109F6CDF8633DEE89350B0EE62DFF2D3ABDBFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061872Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.013{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\6A49F9280EA36F78E729D455CBABF39DMD5=4AED5A5149D79C9DC891C97E9FEAC2D5,SHA256=BAE614F3C3D1067BFCBE43BC6F2F9ABBA0671294D13EDC13183442091BA8F33F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061871Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:41.012{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\5E17B790478B97095EF50BAE86656C6EMD5=E5A2786C79F946CFE23CB7BF946F5CC3,SHA256=137218AAE8F514028ED571C120B111C51C316AD9E1D1FD5023DD7A1127AF2702,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061870Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.996{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\5C4FEF57A1103DC3EC8BBA5C23AD820DMD5=92946AEE1D74F75C78320BA9C992D62D,SHA256=0BA2734CE239E60CDA9DEC2713B5571BBD20CC442247F00634983D24947760BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061869Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.996{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\5BBCA962928AED82E18E7933A66C3C44MD5=8341CD233AD10C3937FB1A7BF6B6BAA8,SHA256=A1BDDC06E316CF96DF088AC8EA9666A67F0282E6950564ECB6B4A73183648171,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061868Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.996{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\557B30FD59E1FF4E0BB535AC95FC5226MD5=95AC0C1F03E6D83A2543CD20313A2279,SHA256=F2C4877FF0923EA92A922EE282177572C347310CF132D986751A58E9E7B0774E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061867Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.996{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\52A16CF4CC3B7B6BB95CBD13A12662A2MD5=B16694BAC95CAE4332F90D2EC364B14E,SHA256=3B2BC829B46F3AC70631B7B23E3A23DB98ACA9F5B5045A6BA5C97BA1567AB195,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061866Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.996{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\lib\copyright.TXT2020-02-07 07:06:34.000 23542300x800000000000000061865Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.996{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\lib\copyright.txtMD5=25A9FEDC584FC6D5E10F689A1352D947,SHA256=144B3E7979C26A2AB1DB949C052B71675167DFA8F3B711A8714708D0EC29E3D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061864Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.996{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\527ED1C8390F58C76437AE5E33E35D41MD5=F5592A2E83217CDB75958B374CADA20A,SHA256=42ECC334FADE3609B33966AB2EFE04654843166F9BEFB7AFD8FA20E4A3144EF3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061863Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.996{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\512A434C5ECE4C78D13C20A57AFD5608MD5=1877AEFF9E765446F2877D027579DC1F,SHA256=AA7AFA1527B824CCAB48C9B5A06F4A069358E61EFB1B724CB5FD7D05C3F9FA21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061862Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.996{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\4C7DD2B9663F41FB0329680A5E50B4B5MD5=84AF2BBF2BC192A66A3CC3D02AF49BE2,SHA256=E78510ED9CFE60B37A2493117DE1B6542C3FE6549C5664E18BB3DB6F639889D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031857Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:41.206{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=055947FC70504FD243A7959DE12FCAE3,SHA256=D6E0205AAE3DC13B4F3A9A0F42B3A9E6AD0D2A0EE324E287B486263D4E43D19C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031856Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:41.097{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3BB1-61E9-0C06-000000002202}3508C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031855Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:41.097{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031854Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:41.097{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031853Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:41.097{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031852Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:41.097{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031851Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:41.097{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031850Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:41.097{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031849Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:41.097{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031848Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:41.097{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031847Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:41.097{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031846Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:41.097{CE7C8936-1A7C-61E9-0500-000000002202}388404C:\Windows\system32\csrss.exe{CE7C8936-3BB1-61E9-0C06-000000002202}3508C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000031845Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:41.097{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3BB1-61E9-0C06-000000002202}3508C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000031844Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:41.098{CE7C8936-3BB1-61E9-0C06-000000002202}3508C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x800000000000000062240Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.982{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell\License.TXT2021-10-01 16:41:40.000 23542300x800000000000000062239Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.982{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell\License.txtMD5=EF55ABDC50973E5EC00F992ABDD5CD51,SHA256=88046BF22D5B4F4B8CC85079AE6AAE5424A3A1999DB952ED152828FF325B2C6D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062238Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.979{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell\License.log4net.TXT2021-10-01 16:41:40.000 23542300x800000000000000062237Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.978{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell\License.log4net.txtMD5=BEFFA3E145276835A6E3D075E9DA389E,SHA256=638A653208DBB8C69D3739DF442ED21B6136B6EFD77606E24F1F2B071FBA2A33,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062236Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.975{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell\ImportGuard.PS12022-01-04 18:32:22.000 23542300x800000000000000062235Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.974{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell\ImportGuard.ps1MD5=5E9C77F93A8505A18DF910BA5F89A884,SHA256=AEA26CC8A1929E3CB412630FB9F8C61529044265F791892300D21C619BF62047,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062234Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.971{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell\CHANGELOG.TXT2022-01-04 18:05:20.000 23542300x800000000000000062233Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.967{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell\CHANGELOG.TXTMD5=C6167C53673DBFC46A10003A4490CA81,SHA256=F2A23527274138FC8046026092CD9533663DC43687221973797CFEA2DAACFA65,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062232Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.929{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell\AWSAliases.PS12022-01-04 18:32:18.000 23542300x800000000000000062231Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.928{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell\AWSAliases.ps1MD5=76D25E204202BD3733696FDBF847EDFB,SHA256=ECD1FE6788784B1D8B5D7F595B4323641EECA4F06C9C97CE641C486846FA16A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062230Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.866{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Documentation\spacer.gifMD5=18B3E43ABAD26BDAC6F4CEA944777B62,SHA256=3CA19E57C9A2465AE4DF271316BA4D29E7FF7F113A2A2C5297780C0B7A0AC09D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062229Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.861{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Documentation\AWSToolsForWindows_sprite.pngMD5=2C182DCEFD4AE0C3DACD8AE0F3EE4897,SHA256=5616DDB6E0AFA687D524FD64E1BECF1BDA2AC824535CDD0B175978C5F801EA31,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062228Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.846{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Documentation\AWSToolsForWindows.htmlMD5=646C9DF8662BD83375769896DC4A2A55,SHA256=0A2C83EBCC4046C2811DECAF9A9F2F0AE1E56B11A6A56BD548B36E9BB0308F77,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062227Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.838{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Deployment Tool\Samples\SingleInstanceDeploymentSample.TXT2021-10-01 16:41:40.000 23542300x800000000000000062226Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.838{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Deployment Tool\Samples\SingleInstanceDeploymentSample.txtMD5=CA59B1BC45649738748CF22A24578080,SHA256=68A886EFD8D8D8DE5C78BD231E3D205220DF9F96A1E3F4C77773B4B057EFF41B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062225Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.831{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Deployment Tool\Samples\LoadBalancedDeploymentSample.TXT2021-10-01 16:41:40.000 23542300x800000000000000062224Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.830{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Deployment Tool\Samples\LoadBalancedDeploymentSample.txtMD5=8EECD619122F37AEB45EDFE1FC16F9FE,SHA256=B1E77ED77A361131679C4E54942F2B90D5BD34F7833CCFA2149F191588975B91,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062223Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.827{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Deployment Tool\Samples\ElasticBeanstalkDeploymentSample.TXT2021-10-01 16:41:40.000 23542300x800000000000000062222Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Deployment Tool\Samples\ElasticBeanstalkDeploymentSample.txtMD5=56905843C249563A7FC4E8EC6EEDAFD9,SHA256=AF2CCA0CD19C130C995F8BD5D2DFE18663970056B417C74F9E130B42EDDA31DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062221Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.801{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Deployment Tool\Samples\AWSDeploymentSampleApp.zipMD5=CE04737C9F5E21F73E3E52B95894A5ED,SHA256=3F428B41A0E949027C442C2D18BE05E8FB926AE8D3751BBF52AE842359B6C0D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062220Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.801{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Deployment Tool\README.htmlMD5=7845FDAE4AA8D804F98B4E72A453F77B,SHA256=C0457BE854AAC2F658E167E80138500E842243C714F64BA9142E411D674D9240,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062219Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.801{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Deployment Tool\License.TXT2021-10-01 16:41:40.000 23542300x800000000000000062218Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.801{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Deployment Tool\License.txtMD5=C49DC996DDE8E21390AF472BA86B081E,SHA256=AC4A71831E2A665BCFFE67A0C5B329F1AA710C01CE305E61A78826D3EA06124A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062217Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.786{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Deployment Tool\License.sharpen.TXT2021-10-01 16:41:40.000 23542300x800000000000000062216Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.786{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Deployment Tool\License.sharpen.txtMD5=70A327D511E97D12784F12E599D17311,SHA256=EA962B9323AB84913E9B61A24274BF524417A722268920969AC79070370D3F9A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062215Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.786{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Deployment Tool\License.putty.TXT2021-10-01 16:41:40.000 23542300x800000000000000062214Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.786{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Deployment Tool\License.putty.txtMD5=2EA4881E2E4011F0C704D9093BC994D3,SHA256=097A4FD2993891136C105D43912706B078C832605AFE0C1496C7A08923D48721,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062213Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.769{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Deployment Tool\License.nsch.TXT2021-10-01 16:41:40.000 23542300x800000000000000062212Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.769{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Deployment Tool\License.nsch.txtMD5=037DDFFC85E5754046A52BC4418E5271,SHA256=DADD4F88884590478F447B6DBEC8A64DE0E439087529DDD5CDB5F23D877BECA9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062211Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.769{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Deployment Tool\License.ngit.TXT2021-10-01 16:41:40.000 23542300x800000000000000062210Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.769{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Deployment Tool\License.ngit.txtMD5=A0694401314F6AD84098A2544F133A48,SHA256=4EC27E924B27B7EE4331D6DE8F8B20C9D84B59876A31AAE93CFFFE2DE93A1FA3,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062209Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.769{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Deployment Tool\License.mono-classlibraries.TXT2021-10-01 16:41:40.000 23542300x800000000000000062208Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.769{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Deployment Tool\License.mono-classlibraries.txtMD5=B529BA3EAA8B05266DE94DFBB3D4C350,SHA256=93C0476C6CD210F1117C6C9091FBE1B2B94A5865842638093122DCF031BF2048,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062207Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.754{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Deployment Tool\License.log4net.TXT2021-10-01 16:41:40.000 23542300x800000000000000062206Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.754{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Deployment Tool\License.log4net.txtMD5=BEFFA3E145276835A6E3D075E9DA389E,SHA256=638A653208DBB8C69D3739DF442ED21B6136B6EFD77606E24F1F2B071FBA2A33,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062205Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.754{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Deployment Tool\License.ICSharpCode.SharpZipLib.TXT2021-10-01 16:41:40.000 23542300x800000000000000062204Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.754{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\Deployment Tool\License.ICSharpCode.SharpZipLib.txtMD5=2F90312EDF2F07E6F93BA23D8C80072F,SHA256=C76E7EA51C0992CB55EE45F1213233CB7DBA40D6BDAD4F2291459E9A1DD3BF03,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062203Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.669{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\CodeCommit\Notice.TXT2021-10-01 16:41:40.000 23542300x800000000000000062202Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.669{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\CodeCommit\Notice.txtMD5=5959458B62BD55ECA9C1F7BA3D9434CE,SHA256=D1A0A00937F8F1F2954EBC56721FE2B148C78D7CC5E7C344F28C357D7BAD1F2B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062201Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.659{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\CodeCommit\License.TXT2021-10-01 16:41:40.000 23542300x800000000000000062200Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.659{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\CodeCommit\License.txtMD5=02D8EF21C666949C5B31E75D4B278F47,SHA256=F634E0B04B32E05DA1915E2D58E89C63E9F358DCD65CC5218A6152EC0E3D65A1,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062199Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.643{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS SDK for .NET\bin\Notice.TXT2021-10-01 16:41:40.000 23542300x800000000000000062198Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.643{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-89EAB195F9AEB9F070AB21174B5F01A9C52B8481.bin.67MD5=F21E9E30CA393E4E16064BB0B32C9363,SHA256=57DB50E58454547818A38240E2FAD29E40A0319F73DC0D5493446C3F616A8E07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062197Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.643{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS SDK for .NET\bin\Notice.txtMD5=E953A1DC6B4C75F89EC663E928D24D54,SHA256=5E56C236684C6EF3F3BEA7262C79FAD77F5307BA723245A1F1FAEB7EB6214F7D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062196Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.433{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3BB2-61E9-8609-000000002102}2400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000062195Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.416{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000062194Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.416{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000062193Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.416{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000062192Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.416{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000062191Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.415{6F5BEE90-18A7-61E9-0500-000000002102}392368C:\Windows\system32\csrss.exe{6F5BEE90-3BB2-61E9-8609-000000002102}2400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000062190Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.415{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3BB2-61E9-8609-000000002102}2400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000062189Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.414{6F5BEE90-3BB2-61E9-8609-000000002102}2400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000031887Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.863{CE7C8936-3BB2-61E9-0E06-000000002202}22123636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031886Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.722{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3BB2-61E9-0E06-000000002202}2212C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031885Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.722{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031884Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.722{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031883Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.722{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031882Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.722{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031881Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.722{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031880Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.722{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031879Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.722{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031878Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.722{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031877Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.722{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031876Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.722{CE7C8936-1A7C-61E9-0500-000000002202}388504C:\Windows\system32\csrss.exe{CE7C8936-3BB2-61E9-0E06-000000002202}2212C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000031875Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.722{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3BB2-61E9-0E06-000000002202}2212C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000031874Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.723{CE7C8936-3BB2-61E9-0E06-000000002202}2212C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031873Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.425{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=171F6B2693D08814AE6C5C809438A674,SHA256=6356CA1934B9FA0604272F7BBEF14DFCF5ED2D038960C1D91F48F1DE8A1C062F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031872Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.269{CE7C8936-3BB2-61E9-0D06-000000002202}35283112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000031871Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.128{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2340B5231572397F3FB521EEDFD4FF98,SHA256=480FF73CD54739356FAE87F29224C6D63EC44C49B98333B1EF80DD2271005333,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031870Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.113{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3BB2-61E9-0D06-000000002202}3528C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031869Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.113{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031868Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.113{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031867Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.113{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031866Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.113{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031865Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.113{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031864Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.113{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031863Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.113{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031862Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.113{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031861Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.113{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031860Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.113{CE7C8936-1A7C-61E9-0500-000000002202}388940C:\Windows\system32\csrss.exe{CE7C8936-3BB2-61E9-0D06-000000002202}3528C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000031859Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.113{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3BB2-61E9-0D06-000000002202}3528C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000031858Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.113{CE7C8936-3BB2-61E9-0D06-000000002202}3528C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x800000000000000062610Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.999{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\notepadplusplus.install\legal\VERIFICATION.TXT2022-01-20 07:58:18.226 23542300x800000000000000062609Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.999{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\notepadplusplus.install\legal\VERIFICATION.txtMD5=D09A663FED07648343AAE7B9638798E1,SHA256=CD2140855F7512B401790583D1A879D12A0FC653EC3989E4BB2DAF1424ECE754,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062608Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.990{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\notepadplusplus.install\legal\LICENSE.TXT2022-01-20 07:58:18.210 23542300x800000000000000062607Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.989{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\notepadplusplus.install\legal\LICENSE.txtMD5=397AD6FD5743ECC1826ADD6EA0FB0AF4,SHA256=B2A74140769DC8BD34CB72BD2D177E58522E69427F39651B738011F244F835BD,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062606Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.986{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\notepadplusplus\tools\chocolateyInstall.PS12022-01-20 07:58:23.460 23542300x800000000000000062605Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.986{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\notepadplusplus\tools\chocolateyInstall.ps1MD5=E681F355000DAF7C0D94E48772AF8A38,SHA256=13182BC30B6463503D6C8959EC9E40E692802B72327C64F3144F41E6B1ABE16C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062604Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.982{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\KB3035131\Tools\ChocolateyInstall.PS12022-01-20 09:26:43.508 23542300x800000000000000062603Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.982{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\KB3035131\Tools\ChocolateyInstall.ps1MD5=C96AB84A5AEBA2761E40A151EE4B0230,SHA256=8EB3AE2705982B1DFA27D4FB6BD54ABDAC18E64280F1BF01229FCAD4A922BDD4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062602Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.979{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\KB3033929\Tools\ChocolateyInstall.PS12022-01-20 09:26:49.875 23542300x800000000000000062601Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.979{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\KB3033929\Tools\ChocolateyInstall.ps1MD5=DCFEEBCAAE9D8E20C81B9AEE7094016B,SHA256=1AA880E351DB63AF01B5B5B5F13EA0E801DB1F7BA1B15822E0F9BE33EEFB3367,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062600Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.976{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\KB2999226\tools\chocolateyinstall.PS12022-01-20 09:26:52.561 23542300x800000000000000062599Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.976{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\KB2999226\tools\chocolateyinstall.ps1MD5=DE3EBDADD4B400BFDCACEF22A64D7E4F,SHA256=BBE45CA5ABAF6114B9E8AA9FDE7B66EF9C4DF96F8095ACB5EF53594F088B606E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062598Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.973{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\KB2919442\tools\ChocolateyInstall.PS12022-01-20 09:26:50.798 23542300x800000000000000062597Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.973{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\KB2919442\tools\ChocolateyInstall.ps1MD5=154B6B62AD6DFE6A6339441FB8A0CFDE,SHA256=E06F99A282649E4F85AEE31BD2E98D481EA809412272AFB84676D51CD52A9B3C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062596Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.967{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\KB2919355\tools\ChocolateyInstall.PS12022-01-20 09:26:51.709 23542300x800000000000000062595Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.966{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\KB2919355\tools\ChocolateyInstall.ps1MD5=7C8F335CAA880A57142BC255CF70FA01,SHA256=E20FABAB59AE1512675DA4A978810A97E4B370577CFBD337E9E26A2050AC55FC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062594Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\git.install\tools\helpers.PS12022-01-20 07:58:35.585 23542300x800000000000000062593Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\git.install\tools\helpers.ps1MD5=F45BCB3C18DDC77BBE4B84293F8D9D6A,SHA256=CF8AF5C62F5B3EABCE5CC1AC7C7C6633F258CD953E619931D7E51A2181F61131,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062592Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.961{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\git.install\tools\chocolateyInstall.PS12022-01-20 07:58:35.492 23542300x800000000000000062591Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.960{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\git.install\tools\chocolateyInstall.ps1MD5=50D60591B58562FD8A1449B7BFC24FDD,SHA256=C76145AB2D832A9EF250B60ACBC798BA1F296C4B1B3FD6726BC175E884737BAA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062590Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.957{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\git.install\tools\chocolateyBeforeModify.PS12022-01-20 07:58:35.492 23542300x800000000000000062589Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.957{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\git.install\tools\chocolateyBeforeModify.ps1MD5=06E010E8568FED9273445F4D3114F790,SHA256=52F1373B7B2FD4A35F37B4BDBAF2CAED47560B9E552691A4B6FA50EBCF460D76,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062588Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.953{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\git.install\legal\VERIFICATION.TXT2022-01-20 07:58:35.492 23542300x800000000000000062587Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.953{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\git.install\legal\VERIFICATION.txtMD5=6DF37074053F0D34A69E549CAEADF1F2,SHA256=CB890F909425009A9EAFD341BDA55DA7D35E6CB559AEDBA1141DAA92FB085E9F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062586Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\git.install\legal\LICENSE.TXT2022-01-20 07:58:35.492 23542300x800000000000000062585Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\git.install\legal\LICENSE.txtMD5=147AC7E5E6DAA60704C926873D2C066D,SHA256=454649DDC02B5CC098513CEA28DB6592B45AC0A906386287C4D48CF8DBDE651C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062584Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.945{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\Firefox\tools\LanguageChecksums.csvMD5=01C7A40A2341616C58E9EF94E3F3057D,SHA256=F4E5AAD4C89EBC980E8AA0A8EBA21F9541E6DA0964CDDD445D41F34D52374057,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062583Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.941{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\Firefox\tools\helpers.PS12022-01-20 07:57:47.380 23542300x800000000000000062582Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.941{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\Firefox\tools\helpers.ps1MD5=CA5876FC9410D72822211D4F0C66BEBD,SHA256=4E2989F13B07C0808BA14BD1BD54A1300E1451A32D7CA1E903A5A847890F07D1,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062581Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.936{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\Firefox\tools\chocolateyUninstall.PS12022-01-20 07:57:47.364 23542300x800000000000000062580Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.936{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\Firefox\tools\chocolateyUninstall.ps1MD5=3B18166A8B26ACBA217BC72C55274198,SHA256=2158EF0DF7BE03A34EF5569E6EE9F9EBBD83826CFD3DD89C0424B089548975FA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062579Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.932{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\Firefox\tools\chocolateyInstall.PS12022-01-20 07:57:47.364 23542300x800000000000000062578Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.932{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\Firefox\tools\chocolateyInstall.ps1MD5=EDD07328AC386A76B20D20384127E456,SHA256=3866109981667D4989A3DCB9979356756D85C75F1973BB5647B55049292D952C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062577Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.928{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-windowsupdate.extension\extensions\Test-WindowsUpdate.PS12022-01-20 09:26:41.477 23542300x800000000000000062576Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.927{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-windowsupdate.extension\extensions\Test-WindowsUpdate.ps1MD5=7579F636EC17744323C82F774AE259DE,SHA256=1345B6AD05D4AD94D7ECBB9F292C1BD9C08C3B2552CADB8E0212C6920749F31E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062575Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.925{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-windowsupdate.extension\extensions\Set-PowerShellExitCode.PS12022-01-20 09:26:41.477 23542300x800000000000000062574Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.924{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-windowsupdate.extension\extensions\Set-PowerShellExitCode.ps1MD5=58F9F443A2415DB881C5FB711C6D445A,SHA256=CA135C60948C54651F2A20086C5AAFC5ABB6EA993628B1A7703FD508623B9532,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062573Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.921{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-windowsupdate.extension\extensions\Install-WindowsUpdate.PS12022-01-20 09:26:41.477 23542300x800000000000000062572Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.921{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-windowsupdate.extension\extensions\Install-WindowsUpdate.ps1MD5=68DF43E06F795F78EBC86D86D43C793A,SHA256=65C56EE9D0A8CD8563866BA3D4ABD8163F3CB25B7CF9857B3DFA12BE8583915A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062571Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-windowsupdate.extension\extensions\Install-ChocolateyPackageAndHandleExitCode.PS12022-01-20 09:26:41.477 23542300x800000000000000062570Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.916{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-windowsupdate.extension\extensions\Install-ChocolateyPackageAndHandleExitCode.ps1MD5=10A758B39213EA1C887B360A3FE8F6FF,SHA256=D7A0761B614BB8DE1B401B305D4D980D8CC528C6D58F76F31B471453737015AB,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062569Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.913{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-windowsupdate.extension\extensions\Get-WindowsUpdateErrorDescription.PS12022-01-20 09:26:41.477 23542300x800000000000000062568Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.913{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-windowsupdate.extension\extensions\Get-WindowsUpdateErrorDescription.ps1MD5=1E302C5D745B2A3C87DCFE76709A5C7F,SHA256=D3AE37280B16044522F43D136C64411DD233168C60428220FFE3B0F48809AEC7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062567Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.909{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-windowsupdate.extension\extensions\Get-NativeInstallerExitCode.PS12022-01-20 09:26:41.461 23542300x800000000000000062566Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.904{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-windowsupdate.extension\extensions\Get-NativeInstallerExitCode.ps1MD5=A8DA12DDEFC9C6A077E7F59FB47C3CEC,SHA256=9578150663FA740CC87E30621E045D6BD6ADA06EC5EE1F2D49DBC096CE8EF3AA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062565Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.901{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Remove-Process.PS12022-01-20 07:57:45.271 23542300x800000000000000062564Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.901{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Remove-Process.ps1MD5=CFDFB899BE8491454B264BF7C5EF08BA,SHA256=090B1A55DF7DD64AC0A9B1BE90E41ECD6D70C7DD6EFE56493403372F55C06C67,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062563Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.894{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Register-Application.PS12022-01-20 07:57:45.271 23542300x800000000000000062562Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.894{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Register-Application.ps1MD5=D2853E569DAC9A341642BA76EC4FB411,SHA256=A7E432146B2195A79875B6AC1AD82EDDF40EFEC79122EE41A68C68577E5D03EC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062561Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.886{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Get-WebContent.PS12022-01-20 07:57:45.271 23542300x800000000000000062560Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.885{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Get-WebContent.ps1MD5=57D013E581EFEA3D4D8366183C9A5797,SHA256=8EB487D51E3879F21035828878E463438A15032B1DEB4018B3583EF60A92AFBF,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062559Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.880{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Get-UninstallRegistryKey.PS12022-01-20 07:57:45.271 23542300x800000000000000062558Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.880{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Get-UninstallRegistryKey.ps1MD5=3FAA5C11AAFC4EA35BB98EA797446C97,SHA256=748E1ABD1581C5C7360CC88C7A8C3BDCE13626C2D537484CBB3C529F0F8D49DD,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062557Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.877{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Get-PackageParameters.PS12022-01-20 07:57:45.271 23542300x800000000000000062556Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.877{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Get-PackageParameters.ps1MD5=C08B3AF8CA150B6609DF2B978B693269,SHA256=B5D464AB38A665FDF2E4A532C00B0470F69DDB6D68ED3121FE1091FBFDDEDCE0,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062555Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.874{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Get-PackageCacheLocation.PS12022-01-20 07:57:45.271 23542300x800000000000000062554Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.873{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Get-PackageCacheLocation.ps1MD5=77A378E5C659E5A53D2D64E276159B62,SHA256=409DAED00ECE17BACE5809F95A642455956DE49DB602873800149C2A53579F95,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062553Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.870{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Get-EffectiveProxy.PS12022-01-20 07:57:45.271 23542300x800000000000000062552Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.870{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Get-EffectiveProxy.ps1MD5=3895F062D2D91D9D32D1FC57A619066C,SHA256=83A4A58547F802155A275D258E0D958D568F2A0FB4829F967A9EFCB56F3555A9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062551Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.867{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Get-AvailableDriveLetter.PS12022-01-20 07:57:45.255 23542300x800000000000000062550Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.867{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Get-AvailableDriveLetter.ps1MD5=2F386746AFC2ACB9561DFB245239B93F,SHA256=4BAEDDD946417D9AA51FF7D50791289FF102CCDF4EFE086C2653E15C711D6505,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062549Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.864{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Get-AppInstallLocation.PS12022-01-20 07:57:45.255 23542300x800000000000000062548Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.864{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Get-AppInstallLocation.ps1MD5=D036C97BC50A3731BF69A15417F60E72,SHA256=0FFB210BD76AB0214F5AC2361108A6303CED5DEBBF04B62D3C99042F799718BC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062547Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.859{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\7zip.install\tools\chocolateyUninstall.PS12022-01-20 07:59:10.868 23542300x800000000000000062546Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.859{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\7zip.install\tools\chocolateyUninstall.ps1MD5=9575DFA835A44C14B24732DC994B5C96,SHA256=F107CE0197A19388DBD6EBEF2D9C2AFD7E7D1588AB49D2C1818748B5DAD85D66,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062545Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.843{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\7zip.install\tools\chocolateyInstall.PS12022-01-20 07:59:10.868 23542300x800000000000000062544Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.843{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\7zip.install\tools\chocolateyInstall.ps1MD5=0BCA1D66A247FCE19914D0F2C63E6581,SHA256=501E1B572021BADBB227C2423569452A28DEEE46DE615ECE1FB2B0C9F0EED477,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062543Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.843{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\7zip.install\legal\VERIFICATION.TXT2022-01-20 07:59:10.837 23542300x800000000000000062542Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.843{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\7zip.install\legal\VERIFICATION.txtMD5=9D7C9C1EDC56E501B964265873420090,SHA256=BEEDE25C76F915D438886D4ADB4E962B8F3F954427FFF162B6208601067CED84,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062541Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.843{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\7zip.install\legal\LICENSE.TXT2022-01-20 07:59:10.837 23542300x800000000000000062540Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.843{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\7zip.install\legal\LICENSE.txtMD5=650BD91878930A925935C6103A4422CC,SHA256=35F3C3FB382B3973437975D17BCFF206A53C0F76C04E4E5B94B49E5A38DED6F8,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062539Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.843{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Write-FunctionCallLogMessage.PS12022-01-20 07:57:37.146 23542300x800000000000000062538Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.843{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Write-FunctionCallLogMessage.ps1MD5=C06B322F038E0C84851088AC58F2E025,SHA256=2C9693C640D27596F0DF1C17E8FA535F056A1921F89FAD84822F783353742119,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062537Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.827{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Write-FileUpdateLog.PS12022-01-20 07:57:37.146 23542300x800000000000000062536Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.827{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Write-FileUpdateLog.ps1MD5=7D2BC2BC2BB48F0EAFF33D1FEFC53246,SHA256=007386C85F01FD0EBACAB8C1FF561F6B19D13271B192B08C13957ACB62FCBD53,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062535Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.827{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Write-ChocolateySuccess.PS12022-01-20 07:57:37.146 23542300x800000000000000062534Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.827{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Write-ChocolateySuccess.ps1MD5=396DF82B94FED8677F9A8FC95FE00460,SHA256=FC4B276B92E7E38FCB429CA2F5037B21B16C336A60CA9B0147A4977B40EAC4C7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062533Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.827{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Write-ChocolateyFailure.PS12022-01-20 07:57:37.130 23542300x800000000000000062532Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.827{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Write-ChocolateyFailure.ps1MD5=842EA9BC34D7973F3D8B7854654F3CDB,SHA256=16AF7393AC941237358174CDDD96D00E28B694E1C2AEACCAA9125F80877E91B5,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062531Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.827{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Update-SessionEnvironment.PS12022-01-20 07:57:37.130 23542300x800000000000000062530Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.827{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Update-SessionEnvironment.ps1MD5=CCE4820A494541D9677D68AA3DB087E5,SHA256=205BB514A11F6E7089BF01BE5B363C81B89D5DC996AC481A3A83C2739E0B5120,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062529Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.827{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\UnInstall-ChocolateyZipPackage.PS12022-01-20 07:57:37.130 23542300x800000000000000062528Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.827{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\UnInstall-ChocolateyZipPackage.ps1MD5=934230A9C38CED23EAD2CAC3C1C015AA,SHA256=39B89C19C4E61C0BAFB2AB86A99DC8CCC64BCE335F09FD63CC51695505E8A326,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062527Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.827{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Uninstall-ChocolateyPackage.PS12022-01-20 07:57:37.130 23542300x800000000000000062526Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.827{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Uninstall-ChocolateyPackage.ps1MD5=542686F00E1278F76FACC6FBB049495A,SHA256=98EC99E8DA28BDD52185AF6A4CF224579E17A885C6776F577CABF68FE94F73CE,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062525Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.812{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Uninstall-ChocolateyEnvironmentVariable.PS12022-01-20 07:57:37.130 23542300x800000000000000062524Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.812{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Uninstall-ChocolateyEnvironmentVariable.ps1MD5=7D26FBB01FF0BAC9E659E4A5EAD6BB5E,SHA256=45406E537CEB77CE61B4F5D4989ED3DABFDC76376299FA63EBD6C5948D88B935,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062523Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.812{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Uninstall-BinFile.PS12022-01-20 07:57:37.130 23542300x800000000000000062522Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.812{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Uninstall-BinFile.ps1MD5=B81FC37BAAD2CB4CDDA7F7CAA015A514,SHA256=A87B5270540D1D079E3751F07372FE1A6A62D7BDA15FD5F2EC32E93277158DEA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062521Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.812{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Test-ProcessAdminRights.PS12022-01-20 07:57:37.130 23542300x800000000000000062520Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.812{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Test-ProcessAdminRights.ps1MD5=DF88F4C032AEB6AE0CB85D0A8EF8EA4D,SHA256=BD8C5C8FB64FE0746C65512012243F2EDCF039655F53B241765561C058D3EC7F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062519Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.812{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Start-ChocolateyProcessAsAdmin.PS12022-01-20 07:57:37.130 23542300x800000000000000062518Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.812{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Start-ChocolateyProcessAsAdmin.ps1MD5=BA3E4A27766035EA6D21F9B4865800FF,SHA256=898DE27755B037315348F16DC55BC5B89C82D0716B069919B91E34C072EA8856,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062517Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.812{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Set-PowerShellExitCode.PS12022-01-20 07:57:37.130 23542300x800000000000000062516Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.812{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Set-PowerShellExitCode.ps1MD5=25530737F3992DB93E085FB98843DFB3,SHA256=01D85951493B9A5FE9C76F936C9632F5A4BB35887E9CA4B77E14EB7DEB55E0B2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062515Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.796{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Set-EnvironmentVariable.PS12022-01-20 07:57:37.130 23542300x800000000000000062514Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.796{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Set-EnvironmentVariable.ps1MD5=01C4BE6A0BB6BD95CD5FF520DAB48788,SHA256=7C240CC80DDBBEEB4B5B269154AADD5869811089FAE03702DB2E8BE93893C3CF,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062513Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.796{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-Vsix.PS12022-01-20 07:57:37.130 23542300x800000000000000062512Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.796{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-Vsix.ps1MD5=BF61C3C967452618E39D585F77B48306,SHA256=95326819F9C33658403DFA1705CAD3C589EAB27F92F1D53D14B35B147578E8A0,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062511Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.796{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyZipPackage.PS12022-01-20 07:57:37.130 23542300x800000000000000062510Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.796{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyZipPackage.ps1MD5=3C7F2133497A2FB740F52A533DA4C1D8,SHA256=349C3223B95731F16F3178836B24DA532C95A104C2C5FC0A67FA4C6FF7F19BFA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062509Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.796{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyVsixPackage.PS12022-01-20 07:57:37.130 23542300x800000000000000062508Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.796{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyVsixPackage.ps1MD5=394648A4653149F0D832AFF346360C91,SHA256=10BC42DCA5180F5F946610A34D3F28B6E86EAFB819151170B9DAE8E1AE99241A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062507Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyShortcut.PS12022-01-20 07:57:37.130 23542300x800000000000000062506Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyShortcut.ps1MD5=3578FB22B5B729ADE1F829FAABA1DBA2,SHA256=6E73CD38F30F10846A6291EE046CA23CCCCD0CD393FBFF3C8563D8B80E24CC66,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062505Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyPowershellCommand.PS12022-01-20 07:57:37.130 23542300x800000000000000062504Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyPowershellCommand.ps1MD5=3FF63D56791BF602D491E4D64DD345E0,SHA256=12BBD956B13589B8FAE6AE47AB1642CA5CFBADD5E6DA71BCB09AD2C79B0A7004,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062503Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyPinnedTaskBarItem.PS12022-01-20 07:57:37.130 23542300x800000000000000062502Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyPinnedTaskBarItem.ps1MD5=416A32CB052F58D2BECB09A9AE5BAA2A,SHA256=1BD4567ED88BA21A09EED1D64F7952D50B3522BF9B5E2F3A1978861ADC9E4AE2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062501Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyPath.PS12022-01-20 07:57:37.130 23542300x800000000000000062500Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyPath.ps1MD5=09FFE4BF0D109FFE3F80570AAC9901D5,SHA256=E0D699D357D3D4ADA512D89C6659F283F0C515FFC1FE40E7F4B0C78ADB1726EC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062499Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyPackage.PS12022-01-20 07:57:37.130 23542300x800000000000000062498Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.765{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyPackage.ps1MD5=4D7E1E1A57B1342FB3D039202024FAF3,SHA256=25B44C8928CB988CB29E551A3184B0ED892359029079F1CF7AB8A39A11C6A354,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062497Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.765{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyInstallPackage.PS12022-01-20 07:57:37.130 23542300x800000000000000062496Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.765{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyInstallPackage.ps1MD5=311BA8A805B19E260094662C98C22396,SHA256=016B7378112B7FC53A45A989C06ACEC8CD73A0F4ACFB02F7EE68D90F5E32A495,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062495Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.765{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyFileAssociation.PS12022-01-20 07:57:37.130 23542300x800000000000000062494Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.765{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyFileAssociation.ps1MD5=A49E49BE1AAFB202679D37BB0FD9CAED,SHA256=26CB96BA6747BFB776ED4D05A553299DE11745DB0EC09086E78E36DE341209D8,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062493Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.765{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyExplorerMenuItem.PS12022-01-20 07:57:37.130 23542300x800000000000000062492Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.765{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyExplorerMenuItem.ps1MD5=50618AD8C208FD4A408E75BE4C368E35,SHA256=41380C9441FD6D63448DEC24ACAB15D52664F712B831AA188BF2FF64FA9B6AEF,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062491Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.765{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyEnvironmentVariable.PS12022-01-20 07:57:37.115 23542300x800000000000000062490Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.765{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyEnvironmentVariable.ps1MD5=5CF8FADFCA698C4292CC4CE6649A1C87,SHA256=99D9A66976BF4A10021215FAD6E8E5837102B9B6410DFDEAD3637F67B6B4B4CB,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062489Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.765{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyDesktopLink.PS12022-01-20 07:57:37.115 23542300x800000000000000062488Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.765{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyDesktopLink.ps1MD5=C912017E2BEBBDE65BDA624677B93DB5,SHA256=32C28ADFBAAE1638F2A0422B5263555798BA5C632ACBAD2FFBBE9AE0297FC2EF,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062487Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.764{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-BinFile.PS12022-01-20 07:57:37.115 23542300x800000000000000062486Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.764{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Install-BinFile.ps1MD5=D1AA15E96F52B3E81046DE2A605013F8,SHA256=7AE1E73141FFC327F9F59051424D065100C2218744DF100FE250C576360EF4BA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062485Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.762{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-WebHeaders.PS12022-01-20 07:57:37.115 23542300x800000000000000062484Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.761{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-WebHeaders.ps1MD5=DEDDBA6A115558CF341724633DEED2A5,SHA256=602E71D3FEF117DD4C9E3BABF3E27AA56726D4CA04E9157E4E48405D45C18F38,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062483Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.759{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-WebFileName.PS12022-01-20 07:57:37.115 23542300x800000000000000062482Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.743{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-WebFileName.ps1MD5=534154189CD09FF5198E28AA4D43D24A,SHA256=452FA7029D7817DCC488478B41F353C60ECC699C0EB17136DEA47EB63B91BC80,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062481Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.743{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-WebFile.PS12022-01-20 07:57:37.115 23542300x800000000000000062480Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.743{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-WebFile.ps1MD5=D0A33924A6C227053A3593CAB0BD2A9B,SHA256=044BC082595EC019D797E982C83239B2768F90CE7D90BFFD301D67479AFAC474,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062479Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.743{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-VirusCheckValid.PS12022-01-20 07:57:37.099 23542300x800000000000000062478Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.743{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-VirusCheckValid.ps1MD5=0A2F86A75251B2BAA2C7CF4DD58B1C32,SHA256=BADDCBF865A8F6B75B4B3EF218579AC5D7069BD29DFDF643C81752C4DFC5A62E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062477Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.743{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-UninstallRegistryKey.PS12022-01-20 07:57:37.099 23542300x800000000000000062476Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.743{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-UninstallRegistryKey.ps1MD5=13C3AF149CA092B7CDA4E5CC7A1CF2E1,SHA256=A5E7DE42D3EC3ABB6B033C55511F4776CED913119679D9F80C787EE98FDE3895,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062475Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.743{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-UACEnabled.PS12022-01-20 07:57:37.099 23542300x800000000000000062474Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.743{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-UACEnabled.ps1MD5=189FDA072780A91E3CB414776B9D8670,SHA256=BA392FE3C933B0CB49056CD590CA26D7FC5E2A6142E98E90744F5E35ED395BB9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062473Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.743{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-ToolsLocation.PS12022-01-20 07:57:37.099 23542300x800000000000000062472Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.743{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-ToolsLocation.ps1MD5=616D9796792AA2EBA3B5D7564B950960,SHA256=A3A11A76354C987DD64CEBBAE6FE82109787BB911C21FB53D6DD52FC7B4F2548,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062471Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.727{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-PackageParameters.PS12022-01-20 07:57:37.099 23542300x800000000000000062470Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.727{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-PackageParameters.ps1MD5=A2581ED300A6C274D9677CBE28924AF9,SHA256=7525B50BE87F33E5B4B4AD80815B8499F8F739A3DA65E0368D4983EAC8141F27,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062469Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.727{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-OSArchitectureWidth.PS12022-01-20 07:57:37.099 23542300x800000000000000062468Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.727{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-OSArchitectureWidth.ps1MD5=DAA3937489D746D652F25AE0C109AB61,SHA256=D2B24A83AB5622323DBD11877FAC2121A4A2C6C127776F2291D8BFD7B466D657,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062467Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.727{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-FtpFile.PS12022-01-20 07:57:37.099 23542300x800000000000000062466Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.727{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-FtpFile.ps1MD5=6EFDF76D649608583A335F34C757BFE1,SHA256=B717C062632079A356D11361B9C7C74780176C365E60882943DA97205DB7AEC2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062465Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.727{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-EnvironmentVariableNames.PS12022-01-20 07:57:37.099 23542300x800000000000000062464Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.727{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-EnvironmentVariableNames.ps1MD5=320258D02C301888426451E01EC81733,SHA256=2FC7075256503D8F299CE28CB39CCC1E3F260E8B49BE27D72ED28DD4C89E30FB,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062463Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.727{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-EnvironmentVariable.PS12022-01-20 07:57:37.099 23542300x800000000000000062462Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.727{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-EnvironmentVariable.ps1MD5=4105D6B2C1F76F5666EF99BC59D2081D,SHA256=86C000A5900926D3799F7F5F32534A75555B81269D29FE6BF58E59FBAA193572,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062461Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.727{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-ChocolateyWebFile.PS12022-01-20 07:57:37.099 23542300x800000000000000062460Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.727{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-ChocolateyWebFile.ps1MD5=FB6E847C9C67256DBC7CFA10F816F78C,SHA256=BC12EF4C021FC6B9AF3C89F9E58185ADF3FA16BD3CAA95C49E425E1505917BB1,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062459Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.712{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-ChocolateyUnzip.PS12022-01-20 07:57:37.099 23542300x800000000000000062458Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.712{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-ChocolateyUnzip.ps1MD5=1F6D0085FF8F98E6ABFEEFA690058200,SHA256=F5C7414F097EE2CF09C1A7C67A99AA4C001DACAC1172710E5F20C772C33986CA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062457Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.712{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-CheckSumValid.PS12022-01-20 07:57:37.099 23542300x800000000000000062456Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.712{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Get-CheckSumValid.ps1MD5=1C4B1E1AC038CEA237150FBB2EB003C4,SHA256=C1056774E29B0B75D696298129005D54B275B580710B7AE0A2E2E0EF63012B18,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062455Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.712{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Format-FileSize.PS12022-01-20 07:57:37.099 23542300x800000000000000062454Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.712{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\functions\Format-FileSize.ps1MD5=A0A9D3BE99356AE4B73EB2E52B32102A,SHA256=778D6FAF6560135C171098F552DC971BBC0131139A009C319EA919B1128AC234,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062453Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.712{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\ChocolateyTabExpansion.PS12022-01-20 07:57:37.099 23542300x800000000000000062452Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.712{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\ChocolateyTabExpansion.ps1MD5=F563BBCE2A9B2A76DD5AC14B6979EBB1,SHA256=06DC601B5B7A2F7ABE735C1DAA93229B00F84C75112315F1BC78E15F154DB2C7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062451Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.712{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\chocolateyScriptRunner.PS12022-01-20 07:57:37.083 23542300x800000000000000062450Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.712{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\helpers\chocolateyScriptRunner.ps1MD5=D799AC0A52B5DEA97181BB1E5D529731,SHA256=9DE532F5A5788A87ACB5ECC6CF5407C48DB71435BE824639D99BAB56965E4D14,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062449Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.712{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-windowsupdate\Test-WindowsUpdate.PS12022-01-20 09:26:41.925 23542300x800000000000000062448Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.712{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-windowsupdate\Test-WindowsUpdate.ps1MD5=7579F636EC17744323C82F774AE259DE,SHA256=1345B6AD05D4AD94D7ECBB9F292C1BD9C08C3B2552CADB8E0212C6920749F31E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062447Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.696{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-windowsupdate\Set-PowerShellExitCode.PS12022-01-20 09:26:41.925 23542300x800000000000000062446Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.696{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-windowsupdate\Set-PowerShellExitCode.ps1MD5=58F9F443A2415DB881C5FB711C6D445A,SHA256=CA135C60948C54651F2A20086C5AAFC5ABB6EA993628B1A7703FD508623B9532,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062445Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.696{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-windowsupdate\Install-WindowsUpdate.PS12022-01-20 09:26:41.909 23542300x800000000000000062444Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.696{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-windowsupdate\Install-WindowsUpdate.ps1MD5=68DF43E06F795F78EBC86D86D43C793A,SHA256=65C56EE9D0A8CD8563866BA3D4ABD8163F3CB25B7CF9857B3DFA12BE8583915A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062443Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.696{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-windowsupdate\Install-ChocolateyPackageAndHandleExitCode.PS12022-01-20 09:26:41.909 23542300x800000000000000062442Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.696{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-windowsupdate\Install-ChocolateyPackageAndHandleExitCode.ps1MD5=10A758B39213EA1C887B360A3FE8F6FF,SHA256=D7A0761B614BB8DE1B401B305D4D980D8CC528C6D58F76F31B471453737015AB,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062441Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.696{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-windowsupdate\Get-WindowsUpdateErrorDescription.PS12022-01-20 09:26:41.909 23542300x800000000000000062440Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.696{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-windowsupdate\Get-WindowsUpdateErrorDescription.ps1MD5=1E302C5D745B2A3C87DCFE76709A5C7F,SHA256=D3AE37280B16044522F43D136C64411DD233168C60428220FFE3B0F48809AEC7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062439Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.696{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-windowsupdate\Get-NativeInstallerExitCode.PS12022-01-20 09:26:41.909 23542300x800000000000000062438Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.696{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-windowsupdate\Get-NativeInstallerExitCode.ps1MD5=A8DA12DDEFC9C6A077E7F59FB47C3CEC,SHA256=9578150663FA740CC87E30621E045D6BD6ADA06EC5EE1F2D49DBC096CE8EF3AA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062437Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.696{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Remove-Process.PS12022-01-20 07:57:45.739 23542300x800000000000000062436Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.681{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Remove-Process.ps1MD5=CFDFB899BE8491454B264BF7C5EF08BA,SHA256=090B1A55DF7DD64AC0A9B1BE90E41ECD6D70C7DD6EFE56493403372F55C06C67,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062435Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.681{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Register-Application.PS12022-01-20 07:57:45.739 23542300x800000000000000062434Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.681{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Register-Application.ps1MD5=D2853E569DAC9A341642BA76EC4FB411,SHA256=A7E432146B2195A79875B6AC1AD82EDDF40EFEC79122EE41A68C68577E5D03EC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062433Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.681{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Get-WebContent.PS12022-01-20 07:57:45.739 23542300x800000000000000062432Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.681{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Get-WebContent.ps1MD5=57D013E581EFEA3D4D8366183C9A5797,SHA256=8EB487D51E3879F21035828878E463438A15032B1DEB4018B3583EF60A92AFBF,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062431Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.681{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Get-UninstallRegistryKey.PS12022-01-20 07:57:45.739 23542300x800000000000000062430Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.681{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Get-UninstallRegistryKey.ps1MD5=3FAA5C11AAFC4EA35BB98EA797446C97,SHA256=748E1ABD1581C5C7360CC88C7A8C3BDCE13626C2D537484CBB3C529F0F8D49DD,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062429Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.681{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Get-PackageParameters.PS12022-01-20 07:57:45.724 23542300x800000000000000062428Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.681{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Get-PackageParameters.ps1MD5=C08B3AF8CA150B6609DF2B978B693269,SHA256=B5D464AB38A665FDF2E4A532C00B0470F69DDB6D68ED3121FE1091FBFDDEDCE0,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062427Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.665{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Get-PackageCacheLocation.PS12022-01-20 07:57:45.724 23542300x800000000000000062426Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.665{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Get-PackageCacheLocation.ps1MD5=77A378E5C659E5A53D2D64E276159B62,SHA256=409DAED00ECE17BACE5809F95A642455956DE49DB602873800149C2A53579F95,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062425Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.665{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Get-EffectiveProxy.PS12022-01-20 07:57:45.724 23542300x800000000000000062424Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.665{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Get-EffectiveProxy.ps1MD5=3895F062D2D91D9D32D1FC57A619066C,SHA256=83A4A58547F802155A275D258E0D958D568F2A0FB4829F967A9EFCB56F3555A9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062423Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.665{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Get-AvailableDriveLetter.PS12022-01-20 07:57:45.724 23542300x800000000000000062422Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.665{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Get-AvailableDriveLetter.ps1MD5=2F386746AFC2ACB9561DFB245239B93F,SHA256=4BAEDDD946417D9AA51FF7D50791289FF102CCDF4EFE086C2653E15C711D6505,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062421Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.665{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Get-AppInstallLocation.PS12022-01-20 07:57:45.724 23542300x800000000000000062420Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.665{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Get-AppInstallLocation.ps1MD5=D036C97BC50A3731BF69A15417F60E72,SHA256=0FFB210BD76AB0214F5AC2361108A6303CED5DEBBF04B62D3C99042F799718BC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062419Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\CREDITS.TXT2022-01-20 07:57:37.193 23542300x800000000000000062418Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\CREDITS.txtMD5=1A5DEC162C3368C44BA15200E085F6A2,SHA256=E19447F8A69E23B25816FBC008BBAB8F59A1DF8C3D2EB030F5A7DA3AEDE7D9AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062417Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.659{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\config\chocolatey.config.backupMD5=8B6737800745D3B99886D013B3392AC3,SHA256=86F10504CA147D13A157944F926141FE164A89FA8A71847458BDA7102ABB6594,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062416Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.644{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\config\chocolatey.configMD5=DD76208CF0622A2703D9E968D99D6FA9,SHA256=3946027B4E93EFC05C7E1E9F1CC7229F109ACACF738EE6A144778FB0043AF92E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062415Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.644{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\bin\_processed.TXT2022-01-20 07:57:37.458 23542300x800000000000000062414Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.644{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\bin\_processed.txtMD5=D63690D8CBE108C6C00F9CCA91EE8342,SHA256=236A67518D4937DF70E5C758E506FBF9AAB6BB1E118B468D2619B892C80CD767,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062413Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.644{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\bin\RefreshEnv.CMD2022-01-20 07:57:37.286 23542300x800000000000000062412Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.644{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\bin\RefreshEnv.cmdMD5=B4326546C3A252494DCD512976F8B89A,SHA256=9B251737A6B6ACE9FDE45B64FD653B04575C6416F15112FBE1697A47B14990E6,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062411Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.628{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\SSM\Update\amazon-ssm-agent\3.1.338.0\uninstall.PS12021-10-13 03:08:20.577 23542300x800000000000000062410Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.628{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\SSM\Update\amazon-ssm-agent\3.1.338.0\uninstall.ps1MD5=975649709A56ABBA908F5CB77D58F87F,SHA256=950953DD769A00FAA9D2C6A4EE87EB484FD4E9227AC2437F5468B6009BC181EE,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062409Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.628{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\SSM\Update\amazon-ssm-agent\3.1.338.0\install.PS12021-10-13 03:08:20.576 23542300x800000000000000062408Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.628{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\SSM\Update\amazon-ssm-agent\3.1.338.0\install.ps1MD5=FAFC6A6599F82D20B776131D07C26DB0,SHA256=1D8106CF36B5E3A3623F94DDF4CEC72EAF5675500CA936B90C1FA0E81B417DEC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062407Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.612{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\SSM\InstanceData\i-05191cd2b0e4e26fd\document\orchestration\39886e7e-01eb-4355-a198-47f1132a2417\RunSysprep\_script.PS12022-01-12 05:39:10.464 23542300x800000000000000062406Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.612{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\SSM\InstanceData\i-05191cd2b0e4e26fd\document\orchestration\39886e7e-01eb-4355-a198-47f1132a2417\RunSysprep\_script.ps1MD5=ADBAD3F953C7092BA38C94742C4F3160,SHA256=7E68868B59665B4168E71AECFCA4A8FA10915E80B9FB2BB6BC8F9553E0B5D7BA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062405Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.612{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Sysprep\SysprepSpecialize.CMD2021-08-11 03:39:25.012 23542300x800000000000000062404Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.612{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Sysprep\SysprepSpecialize.cmdMD5=3103E9075068950F6D7C363FD37875F6,SHA256=EFD94BC546A75DBB453F10CF2BA440C70D9093A8809E4B34C2D59A2A86968FC8,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062403Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.612{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Sysprep\Randomize-LocalAdminPassword.PS12021-08-11 03:39:25.012 23542300x800000000000000062402Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.612{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Sysprep\Randomize-LocalAdminPassword.ps1MD5=23CDD01DA40AB60D563EFCB594A62F10,SHA256=3782832DD694BF57677D481811C8A98958158A3BCCC04C5A43AFDDC852FFFE53,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062401Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.596{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Sysprep\BeforeSysprep.CMD2021-08-11 03:39:25.012 23542300x800000000000000062400Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.596{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Sysprep\BeforeSysprep.cmdMD5=542100A9B2990982DAFEB4EFFD7A7670,SHA256=AAFCB130E1E33E455F39FE9D3F1A2FCDF717A2F344236843EE8BBCDF42B36B97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062399Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.596{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Settings\Ec2LaunchSettings.exe.configMD5=28960C034283C54B6F70673F77FD07FA,SHA256=8D65429E0B2A82C11D3EDC4EA04ED200AEDFEA1D7EF8B984E88A8E97CFF54770,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062398Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.596{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\SysprepInstance.PS12021-08-11 03:39:24.887 23542300x800000000000000062397Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.596{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\SysprepInstance.ps1MD5=36FAE13C5BFB719168FEA9D1F51D76EB,SHA256=3DAD0BDAB764CB74428D29B5FAEB508ABB5723CB02F8600313E9C6EEB0A4C4B7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062396Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.596{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\SendWindowsIsReady.PS12021-08-11 03:39:24.887 23542300x800000000000000062395Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.596{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\SendWindowsIsReady.ps1MD5=1D63A825283D4B9302AF5F1E9B4F2208,SHA256=2143E59D328CB43BD2A1ED73A7153B9389164383EA980D065181CC3F26AA5AFE,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062394Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.596{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\SendEventLogs.PS12021-08-11 03:39:24.887 23542300x800000000000000062393Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.596{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\SendEventLogs.ps1MD5=5E432A788ABC4C3C95946D11DA4FEF62,SHA256=87EBCF1816B4D2A5411A7D050453A72B210F18F8CBB40A1BE997BADDE2232AE8,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062392Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\InitializeInstance.PS12021-08-11 03:39:24.887 23542300x800000000000000062391Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\InitializeInstance.ps1MD5=8940FCFA66F5673764320098E5281C70,SHA256=9EBE7BD92964DF33F28745980D0B75C886D6B446A6B673F1AA336A7FF2FC9F5C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062390Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\InitializeDisks.PS12021-08-11 03:39:24.887 23542300x800000000000000062389Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\InitializeDisks.ps1MD5=1E62D564D038FED7C56BCD30E1913FF9,SHA256=50B9621C81935ACE119D19824F3F10EE687C079CA5B47B838C6596F7B2AAA106,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062388Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.565{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Readme.TXT2021-08-11 03:39:24.887 23542300x800000000000000062387Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.565{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Readme.txtMD5=0A4735E0D7AC487868802BF4E77E9D79,SHA256=66D331BBAF267EA0A67FC49483706BC916DE36A633B64D6D592327AA55464BC8,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062386Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.565{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Write-Log.PS12021-08-11 03:39:24.809 23542300x800000000000000062385Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.565{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Write-Log.ps1MD5=EBDA421D8B824A8B20A00F6E564F6DC2,SHA256=47E3183388275D8D0E6E49EC2B657929B3B9E02FE9C7F02F6FD66616640709CE,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062384Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.565{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Wait-Sysprep.PS12021-08-11 03:39:24.856 23542300x800000000000000062383Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.565{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Wait-Sysprep.ps1MD5=2A2FD97291F75ACEFA5CC069C04BAD2F,SHA256=A7576124C44947EA4874F84EB9C8F1C5D72242E6A2706E0BE93DB0A93FA1D400,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062382Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.565{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Wait-Metadata.PS12021-08-11 03:39:24.824 23542300x800000000000000062381Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.565{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Wait-Metadata.ps1MD5=CC19B6346D655906039A8BB9425B02CB,SHA256=7631DEEBC55DA40490733B353A40CACE3E26F3C7CBC0088921FBED39BAD931E4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062380Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.565{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Test-NanoServer.PS12021-08-11 03:39:24.840 23542300x800000000000000062379Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.565{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Test-NanoServer.ps1MD5=CA809523AFAD1BDCEA212934974854E7,SHA256=73FB01B821D0B5C768FF86EB15BE97AC62FBE9C2F194C5172D10A7B61959B3DC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062378Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.564{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Test-EphemeralDisk.PS12021-08-11 03:39:24.809 23542300x800000000000000062377Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.564{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Test-EphemeralDisk.ps1MD5=30189B74538D7AE62B39E5326A4E5E42,SHA256=0B13CB06EF5459A89344974EE2E4937FAC5DE5417C7074D7131EDD688D8C8D68,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062376Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-Wallpaper.PS12021-08-11 03:39:24.809 23542300x800000000000000062375Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-Wallpaper.ps1MD5=50CB910E361439948FD1C16FEAEEE7B7,SHA256=416C18512B1AA74BDDA70A3B2B9201BA8FBC8D1E36F7B5A3DF7C8F9428709B7B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062374Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.558{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-Trim.PS12021-08-11 03:39:24.824 23542300x800000000000000062373Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.558{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-Trim.ps1MD5=B771FE051EC790506B80079E47ACB395,SHA256=A271C060762B9FDD47C856E039784900965A8D4952E0322CA14E15C3ADAE936F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062372Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.555{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-SerialPort.PS12021-08-11 03:39:24.840 23542300x800000000000000062371Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.555{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-SerialPort.ps1MD5=A567A75684AC2EE6D8AC1843124D30F2,SHA256=8A9F17C07D057298012A95EA2E75F6809674A265B2F79A87944B7BB087266210,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062370Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.552{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-PowerPlanValue.PS12021-08-11 03:39:24.887 23542300x800000000000000062369Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.551{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-PowerPlanValue.ps1MD5=885A730FF57042AEDBFC16BDE820E1B6,SHA256=E2DC14F41D3C7C0A8F6184E74EBFC3C050F0ABF6C2ED08D93C69CE71B8C69174,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062368Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.550{6F5BEE90-3BB3-61E9-8709-000000002102}69726324C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000062367Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.547{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-MonitorAlwaysOn.PS12021-08-11 03:39:24.856 23542300x800000000000000062366Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.546{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-MonitorAlwaysOn.ps1MD5=CA4E0EAEDF1D67BE7A76FE807B77EF07,SHA256=CF572EE18E506D465F18D0351EB5D781E6EFF0966220DADD6D954571B65877B9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062365Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.543{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-HibernateOnSleep.PS12021-08-11 03:39:24.809 23542300x800000000000000062364Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.543{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-HibernateOnSleep.ps1MD5=F519A7003C78DDFEC122A6CA19225F58,SHA256=1F46449A758815934E6AEAE63A062823A85AB64A63BE248DC14F65633A9571F1,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062363Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.540{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-ENAConfig.PS12021-08-11 03:39:24.824 23542300x800000000000000062362Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.540{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-ENAConfig.ps1MD5=EDE76321053F513252DC08766507C5D9,SHA256=FD1ED4B3A5CAE03D2E9C3FCA150B500D0F640B49A113B7FA584B56F39FBBB5AE,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062361Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.537{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-DriveLetters.PS12021-08-11 03:39:24.871 23542300x800000000000000062360Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.536{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-DriveLetters.ps1MD5=EBDCE9EF4B2C1FBBC9F9ED45D81BB700,SHA256=160E55F7D43FE8ECF0A680BFE84BC6B580DB0775B54FFBD01B16820EFCBF979D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062359Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.534{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-ComputerName.PS12021-08-11 03:39:24.856 23542300x800000000000000062358Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.534{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-ComputerName.ps1MD5=1ECFAA48F9386ED30431B6B035E10BA3,SHA256=750F89BACE5B934B0C2BA72D8DB4F526DDB13496DF1C6C4917D4915F2F0F6380,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062357Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.531{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-BootVolumeSize.PS12021-08-11 03:39:24.809 23542300x800000000000000062356Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.531{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-BootVolumeSize.ps1MD5=7E72C971E85604EC7344E3C067134114,SHA256=C882AF0743CFE82C038E0612A22DE92FE8D2B41378BC781036EEE598726D0EFF,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062355Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.528{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-AdminAccount.PS12021-08-11 03:39:24.856 23542300x800000000000000062354Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.528{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-AdminAccount.ps1MD5=E38FA08DD5F0CD13E85024E7CA8D71C7,SHA256=DA5A0348552C888058754971788DB29EA0B312AAC0BF40985400AAB6093D7752,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062353Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.524{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-ActivationSettings.PS12021-08-11 03:39:24.824 23542300x800000000000000062352Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.523{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-ActivationSettings.ps1MD5=5A3545EB2CEE425E983F3977E90E2E01,SHA256=B96C8FC130CE94FC9B81A2D9969006A69E5233C6277BC781E8C3B79F6D694079,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062351Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.520{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-WindowsIsReady.PS12021-08-11 03:39:24.824 23542300x800000000000000062350Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.520{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-WindowsIsReady.ps1MD5=FEF428D55AE8F6FD5CB31BF66E083533,SHA256=C529A3DD3FEE31B4EE608418C0564EDCD8FDDD130F956618B123E95E5F61866F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062349Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.517{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-VSSVersion.PS12021-08-11 03:39:24.856 23542300x800000000000000062348Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.517{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-VSSVersion.ps1MD5=E08C063E5BDFF58C8E4C6F205F85D656,SHA256=927EF9B0867757812786ED236FAECFEAAB289F44A3B5024585CCA83EC5AF3C48,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062347Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.267{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local64993- 11241100x800000000000000062346Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-SSMAgentVersion.PS12021-08-11 03:39:24.871 23542300x800000000000000062345Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.513{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-SSMAgentVersion.ps1MD5=1CAAEF8ABCD80FE12E5B55DCC542FD8F,SHA256=0187ADD888BD6DCC5D6EA07E478334CF93ACCE67F2BDD2334E4E9024F5E843F4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062344Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.446{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-RDPCertInfo.PS12021-08-11 03:39:24.840 23542300x800000000000000062343Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.446{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-RDPCertInfo.ps1MD5=D3393DFCBD35CA725984E28F89ABCF74,SHA256=105858FDCBD42A1A489F07B847F4EE698E48338FEF78C1D5C57E13CE341F5163,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062342Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.442{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-OSInfo.PS12021-08-11 03:39:24.809 23542300x800000000000000062341Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.441{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-OSInfo.ps1MD5=4366F319AC09368672F05479826EC6E9,SHA256=9EB0062E942D44DAB70CD3F075B3B459C7A20EB3858C0C3E959B5DEC129A432D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062340Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.438{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-MsSqlInfo.PS12021-08-11 03:39:24.856 23542300x800000000000000062339Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.437{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-MsSqlInfo.ps1MD5=0816AC4C1F5B5BB4A87DB679348EEAE7,SHA256=A7D26F323957AFE1B574D8706EA8B877F5B884B160A01F29B3BD71937455B701,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062338Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.434{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-Message.PS12021-08-11 03:39:24.840 23542300x800000000000000062337Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.434{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-Message.ps1MD5=29FA3E060C76D41164DD7F6E374CA20D,SHA256=4A9EE11B568DFC78543C658D2EEBDAB57CB4D6C53AC4A4A3FEA135C71D646737,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062336Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.431{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-InstanceInfo.PS12021-08-11 03:39:24.809 23542300x800000000000000062335Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.431{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-InstanceInfo.ps1MD5=50441C411E5E56C5782AC47A7A742C65,SHA256=BC3CEB455D072953743AAD29923870349CC3E2729D76626B084D1C649BF6989F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062334Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.428{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-IDInfo.PS12021-08-11 03:39:24.856 23542300x800000000000000062333Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.428{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-IDInfo.ps1MD5=4CF4D0F9FFEACD8C9A4886C369186235,SHA256=2796BC8CA483640A3681EB5309DD59C6C52DACAC03741224732663F495E561BC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062332Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.426{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-FeatureStatus.PS12021-08-11 03:39:24.824 23542300x800000000000000062331Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.425{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-FeatureStatus.ps1MD5=AE27599D3AFFA857ED7992170590538F,SHA256=E83654BAF358F6C7CC975B05F1E84D3647EDC5B8BB2EC86E8BEC8E1401A7DB3C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062330Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.422{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-Ec2LaunchVersion.PS12021-08-11 03:39:24.856 23542300x800000000000000062329Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.422{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-Ec2LaunchVersion.ps1MD5=7B9C5ECEF1A61FE590FE9F7233017116,SHA256=1BECC9C26115938DB34D51DED583B838D679C7815EFD5C72AF88B5E2BC4DBBC7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062328Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.419{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-DriverInfo.PS12021-08-11 03:39:24.809 23542300x800000000000000062327Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.419{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-DriverInfo.ps1MD5=618FC229912F4B7A6E9891AE9771A085,SHA256=C4406BC6F87B3EA9A09F2C47985C526C8A4BC1E276041B1FD94886C5C1B18ECC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062326Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.416{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-AMIInfo.PS12021-08-11 03:39:24.840 23542300x800000000000000062325Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.416{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-AMIInfo.ps1MD5=23A8605A2B2BF8D512E6E16A578AC896,SHA256=7D2C8628B5B484119539E92B2C61679EEF710DC376051973B856190AD32CCE7D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062324Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.414{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-AdminCredentials.PS12021-08-11 03:39:24.887 23542300x800000000000000062323Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.413{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Send-AdminCredentials.ps1MD5=53E6207C8F180E0B4113A68D87C23E28,SHA256=5512E81AA6CD52D74B76C1E8BC66A076D0E62C2C92CC4B440CB559837758D0BC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062322Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.411{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Register-ScriptScheduler.PS12021-08-11 03:39:24.840 23542300x800000000000000062321Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.410{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Register-ScriptScheduler.ps1MD5=5485978C1C734AB2A29A720A81F5674E,SHA256=0DD0115840D07868BC14E8EFC79D6A568C962CA0477B827B6436B02E27F6AA0C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062320Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.407{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Register-PowershellScheduler.PS12021-08-11 03:39:24.840 23542300x800000000000000062319Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.407{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Register-PowershellScheduler.ps1MD5=9D45E933DAFF1B39A377A40B4DF04785,SHA256=5FF7D3EB35B462F8C626103276CF273B4557F549D05A0CC33DBE26E715CB167C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062318Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.405{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Register-FunctionScheduler.PS12021-08-11 03:39:24.824 23542300x800000000000000062317Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.404{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Register-FunctionScheduler.ps1MD5=A1CB02BBA830CF9D921E717F85457D61,SHA256=FF2F1BBC466D494A2E0CF6E66E39EC3BF7F1EF1E761F31D2DE1EEFD9D1EBBBFC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062316Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.401{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Open-SerialPort.PS12021-08-11 03:39:24.887 23542300x800000000000000062315Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.401{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Open-SerialPort.ps1MD5=9C1978CEA2919899643FE557C4FFC96A,SHA256=1CCAD2D4F96F11318A360A99931E0A916323948551ABA20EB4E5B7E0A54BC61A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062314Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.399{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\New-WarningFile.PS12021-08-11 03:39:24.824 23542300x800000000000000062313Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.398{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\New-WarningFile.ps1MD5=06933A65FC40D16C56F435DCDFEDDFF1,SHA256=2BA2819ADCE8A4C1C7F21A2F73CA9344259F2E58D79BF40569DB3A7005AB0771,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062312Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.396{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\New-WallpaperSetup.PS12021-08-11 03:39:24.887 23542300x800000000000000062311Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.396{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\New-WallpaperSetup.ps1MD5=2039B26A6B357D50CBE0A4A5F8D6D41B,SHA256=A65746447AAE40AA66164ECE777C54BB310D52C9BCF64EDB1E47D5A888AF1735,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062310Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.393{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\New-RandomPassword.PS12021-08-11 03:39:24.856 23542300x800000000000000062309Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.392{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\New-RandomPassword.ps1MD5=00DBF68831FCEDC4DBAA918CABA83FC0,SHA256=D2E83CD009C270D1F4E4CD5D807E60A707E0670A904F04AFDBA14B5F711604FC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062308Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.390{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Invoke-WithTimeout.PS12021-08-11 03:39:24.824 23542300x800000000000000062307Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.389{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Invoke-WithTimeout.ps1MD5=67F9B6AECDDBA368229BD0873DCC74C4,SHA256=AA12E6F066E120F4719046526A34435455DBBB62DE7EFCEA5B02EDE72B1B2CFC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062306Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.386{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Invoke-Userdata.PS12021-08-11 03:39:24.871 23542300x800000000000000062305Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.386{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Invoke-Userdata.ps1MD5=FAC469B067B1F09BEB99FD85A2E945DB,SHA256=3DC078636B71875B8CB3B2B44B4376EB5BD7B030461B4377166EEEE0CD2DAE56,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062304Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.381{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Invoke-NetUser.PS12021-08-11 03:39:24.856 23542300x800000000000000062303Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.381{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Invoke-NetUser.ps1MD5=8C68F6FAE768D0FB4177A0119D1A1AE6,SHA256=F303481F42EBE6BCEE1C9621E3B843AA42EB071C0D0A54471A1664FB1F600BC4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062302Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.377{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Invoke-CmdAsAdmin.PS12021-08-11 03:39:24.824 23542300x800000000000000062301Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.377{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Invoke-CmdAsAdmin.ps1MD5=6D61ED33524F4DE1DFCE02BCCB39C04D,SHA256=CEA5CC17BF3A7FEC5D55C93E464CB906319DC8869358B23D39920A5E4E5F5621,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062300Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.371{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Install-EgpuManager.PS12021-08-11 03:39:24.809 23542300x800000000000000062299Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.370{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Install-EgpuManager.ps1MD5=C9B10EA81564873D28D247032657DCB8,SHA256=E3282A3622DF5FAEA4C855CB0F357049037A4773E63E941928148CAB6DC334E2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062298Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.368{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Initialize-Log.PS12021-08-11 03:39:24.871 23542300x800000000000000062297Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.367{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Initialize-Log.ps1MD5=B0FF19A079213CA2567876C50D3F1043,SHA256=E1A3811A90F898EAC0DB341B4A61823F4553157372ADFF46674549AB1407FA87,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062296Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.365{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Initialize-Ec2Disk.PS12021-08-11 03:39:24.824 23542300x800000000000000062295Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.364{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Initialize-Ec2Disk.ps1MD5=9DF2655B96545A5AD3BC3263E128693A,SHA256=F357CC126AF6145D455CBFE4B11E4EE2120AA58AAF1DDF688C1727D8CB64F318,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062294Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.362{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Import-WallpaperUtil.PS12021-08-11 03:39:24.824 23542300x800000000000000062293Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.361{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Import-WallpaperUtil.ps1MD5=A562F8BC3C1500BB934BEFE5648B4BED,SHA256=EB5C3FCC32AE391E5BE82F8C78B1FFC79595F82BBB6F82402EBDF0058DDB039C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062292Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.355{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Import-SerialPortUtil.PS12021-08-11 03:39:24.824 23542300x800000000000000062291Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.355{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Import-SerialPortUtil.ps1MD5=5B1309F1A5E8EF442882C7D8CDCB2398,SHA256=2C0241641767240542B1F0C2EBAF4BBE7A85EBDA9B07753982713FE2723A82AB,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062290Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.351{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Import-RunCmdUtil.PS12021-08-11 03:39:24.871 23542300x800000000000000062289Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.351{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Import-RunCmdUtil.ps1MD5=8F06AC28C7386E943599BCF86A00BD97,SHA256=4C5ADC2CA46F1329C3A90754D716DC588E54BCCFDD3B274454AF13C408E54DB6,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062288Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.348{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Get-Metadata.PS12021-08-11 03:39:24.824 23542300x800000000000000062287Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.348{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Get-Metadata.ps1MD5=7E08DD3D4ED037C942FA085943832CC2,SHA256=7F1DE9C6D7EF2FBFF3464D53D0537A99861728DB7FA3F496392C37E32C2E3F37,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062286Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.345{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Get-LaunchConfig.PS12021-08-11 03:39:24.809 23542300x800000000000000062285Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.345{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Get-LaunchConfig.ps1MD5=96FFE9D8BE5264EF2172E99C10F13B13,SHA256=6C9C42CA2EAD58230BECD292806EB4326467DAD61F6AB0B20593FE7D8DDC5A72,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062284Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.343{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Get-EventLogConfig.PS12021-08-11 03:39:24.871 23542300x800000000000000062283Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.342{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Get-EventLogConfig.ps1MD5=2419AC2B2CFA93641239D826270A46D7,SHA256=011E9A5EAC21753AA8A524C27E4B55CFC309ECEB23C88FE792FF9F4CCDCE7357,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062282Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.340{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Get-DriveLetterMappingConfig.PS12021-08-11 03:39:24.871 23542300x800000000000000062281Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.340{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Get-DriveLetterMappingConfig.ps1MD5=1182E00F31E7B4465DD6F8C02713ECDA,SHA256=5503026B7A49F9F19CF14994DEF4D2594BA62EA8480477D3D764D023411A5164,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062280Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Get-ConsolePort.PS12021-08-11 03:39:24.887 23542300x800000000000000062279Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Get-ConsolePort.ps1MD5=9B8284F8FF0ED990B60C937D3544B611,SHA256=C6347A04951F5986B6639CE16F284776EAF808AC31B4CD5C9DDAC38F3B91082A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062278Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.332{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Get-BlockDeviceMapping.PS12021-08-11 03:39:24.809 23542300x800000000000000062277Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.332{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Get-BlockDeviceMapping.ps1MD5=9D20E3113680B5404E58A3F7119DEB06,SHA256=EF05A41E1C36CAEA2A28149A53FA86AF5235FE1DD6D1368F5D1A3FFB65C3678A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062276Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.329{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Confirm-Password.PS12021-08-11 03:39:24.871 23542300x800000000000000062275Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.328{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Confirm-Password.ps1MD5=95A72BF5D210D6E87733DDD732860A25,SHA256=95297F9D607A2130119CAF2937DD0AB55534592BF9D0971F5E4E3492319604FD,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062274Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.325{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Confirm-LaunchConfig.PS12021-08-11 03:39:24.840 23542300x800000000000000062273Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.324{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Confirm-LaunchConfig.ps1MD5=98819D3A43D81D884A98DD3AF0EAA22F,SHA256=C6E05260D23B960BD8930B9CE43511A424E078F41C651E0718D3014EA56DEAD4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062272Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.322{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Confirm-EventLogConfig.PS12021-08-11 03:39:24.856 23542300x800000000000000062271Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.321{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Confirm-EventLogConfig.ps1MD5=80D52D53D3815563A069645E5CC3D731,SHA256=EC2F710639C15816406BFCFBA578AE3F4B1E7DD3C7D046C0CE26CFA7C5509F7D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062270Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.317{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Complete-Log.PS12021-08-11 03:39:24.871 23542300x800000000000000062269Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.317{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Complete-Log.ps1MD5=2EE8EDECB3EF2BC80EE791BFA7078861,SHA256=5CDDF936E59E0052E875E6E9F9DF1BCAEFB3AB09B2E1116F419791566797456F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062268Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.314{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Close-SerialPort.PS12021-08-11 03:39:24.856 23542300x800000000000000062267Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.314{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Close-SerialPort.ps1MD5=BF93061C100D7C6F25CEF554808C2E3C,SHA256=196F1FE3EB13552A571077D82894497906188653F751C4D26628EF1ECB42044E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062266Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.312{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Clear-Wallpaper.PS12021-08-11 03:39:24.856 23542300x800000000000000062265Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.311{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Clear-Wallpaper.ps1MD5=0E0F80F57CD6FB04EAEE21C9D854172B,SHA256=B6B2EC971F059A3C5F1A7492E21A4A3A1DAD23DCDAB758FD814413661C66EC3D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062264Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.309{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Add-Routes.PS12021-08-11 03:39:24.871 23542300x800000000000000062263Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.309{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Add-Routes.ps1MD5=D0B9650290A2981581E666B91A1A437E,SHA256=D06D83F22AE1E0983070AB5DD7DB61C1210140BB91F38B89AF6E520F8AEBD05C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062262Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.306{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Add-DnsSuffixList.PS12021-08-11 03:39:24.824 23542300x800000000000000062261Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.305{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Add-DnsSuffixList.ps1MD5=D19402CA0F017EC1433C86E931D66143,SHA256=C1DE72E983D1B90D08ACC42B5EEA1CB1E6223CB3E2371546FF879473E70F9F81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062260Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.300{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Log\WallpaperSetup.logMD5=6B0F4C8ACF97EF978BA48D7DC98F8636,SHA256=94C3B919FDAC0733FFC32F478B2CB3AA387F6127428965D936D7BB1929FFB517,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062259Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.297{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Log\UserdataExecution.logMD5=1EF2E540DBB496C8C1EE193B40A0B95C,SHA256=F2890A0313ADB4151E4E267BEA67F91EFE14B0626ECB905EF45A48D2DA5CF3D2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062258Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.295{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3BB3-61E9-8709-000000002102}6972C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000062257Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.293{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000062256Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.293{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000062255Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.292{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000062254Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.292{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000062253Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.292{6F5BEE90-18A7-61E9-0500-000000002102}392408C:\Windows\system32\csrss.exe{6F5BEE90-3BB3-61E9-8709-000000002102}6972C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000062252Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.291{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3BB3-61E9-8709-000000002102}6972C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000062251Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.286{6F5BEE90-3BB3-61E9-8709-000000002102}6972C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000062250Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.287{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\EC2-Windows\Launch\Log\Ec2Launch.logMD5=1D56EDE0B3AF008C61D59700876E010F,SHA256=45FBA6585C96BFB423B7C1C32364EA87D4AAEEB5534E46215E5DA4529BEA4DD7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062249Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.279{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\AWSUpdateWindowsInstance\13e15dff-94a8-41e2-95ed-7b873bb41ea6\Start-AwsUwiSysprep\state_Start-AwsUwiSysprep.TXT2022-01-12 05:39:11.638 23542300x800000000000000062248Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.279{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\AWSUpdateWindowsInstance\13e15dff-94a8-41e2-95ed-7b873bb41ea6\Start-AwsUwiSysprep\state_Start-AwsUwiSysprep.txtMD5=14640397CC2F9EC52675B0CCA5A79087,SHA256=97B3EF0A47F0E8D5C8D216E7BE557FCBBE8DA4E35BD9FC507D773761AB586B54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062247Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.276{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Amazon\AWSUpdateWindowsInstance\13e15dff-94a8-41e2-95ed-7b873bb41ea6\Start-AwsUwiSysprep\Start-AwsUwiSysprep.logMD5=7A26F7B28C646E4F8ADCBAF2A7948672,SHA256=643BD11843A24E63EB421330C528EC35DFD9AA012FB56240ACA802BBDB1E92C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062246Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.108{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\Mozilla Maintenance Service\updater.iniMD5=7A6CBD521497F6DD382F7B8C6AAA1EB5,SHA256=531B55D2224EFA181B75ED4CEB84E4F854F26C2382DC411945515D57D8DF2243,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062245Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.105{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.logMD5=AAF3D6D1ED9FE0FD99717B54AAAB1669,SHA256=E328E909562EDBABFE3B89DC03F212DAF09573605436F56783F282A81180329A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062244Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.101{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\desktop.iniMD5=5B8A2BA3138573583FF9E0158096EC48,SHA256=66403205BC86D98B75F2449958F717F2F971FCA0D33B0D211F03971484E9B567,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062243Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.081{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-89EAB195F9AEB9F070AB21174B5F01A9C52B8481.bin.6CMD5=E51F26984D6337F3E002CFE78BAC131E,SHA256=5D4E2D9630BCA32FC23E536CB0F6F8E9541A3325D799E545FB18170B4BC521AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062242Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.060{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Desktop.iniMD5=6BD5FB46283AA48E638BEF47510C47DA,SHA256=44FE5EEBD80E46F903D68C07BCF06D187A3698BF3953BC58BB578465E2E0FE6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062241Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.046{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files (x86)\AWS Tools\ThirdPartySource\SharpZipLib_0860_SourceSamples.zipMD5=F7269EFC053E9781D110053A02397696,SHA256=D0AC6DA32F8F2ABD24A3588C6D2FCEFF46292B1CC4C3037440F7CE4E55162096,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031903Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:43.784{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DE68AF5BCFAE3B67ABFF2BFDC64C9999,SHA256=A4A5541B9FF227CF2D6AEAA66CF686EEFF42CF200EDF18F61B7D1ECDA1D999E5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031902Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:43.597{CE7C8936-3BB3-61E9-0F06-000000002202}38402220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000031901Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:43.581{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CCCF0C3480FF7EE320AD08CDE4706E71,SHA256=B6C0FD7F3CC6270D7677A3E1DBDF83B62ED5997661916BA052EC1CF7895B7BBC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031900Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:43.394{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3BB3-61E9-0F06-000000002202}3840C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031899Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:43.394{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031898Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:43.394{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031897Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:43.394{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031896Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:43.394{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031895Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:43.394{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031894Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:43.394{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031893Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:43.394{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031892Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:43.394{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031891Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:43.394{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031890Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:43.394{CE7C8936-1A7C-61E9-0500-000000002202}388404C:\Windows\system32\csrss.exe{CE7C8936-3BB3-61E9-0F06-000000002202}3840C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000031889Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:43.394{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3BB3-61E9-0F06-000000002202}3840C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000031888Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:43.394{CE7C8936-3BB3-61E9-0F06-000000002202}3840C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000062724Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.615{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDeviceControl-20210811-053803.logMD5=8ED2EDFC16F4B8E8D0A1249F8DFC8EE2,SHA256=D366BCF11F6B6DFD80F519A28D366A7FD1265540EB11CEB9F7325E57825D7B6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062723Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.615{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20220120-070444.logMD5=F3B25701FE362EC84616A93A45CE9998,SHA256=B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062722Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.615{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20211215-030539.logMD5=391F533B01AEDD6F9D8A59A1B3E26B39,SHA256=68847BDB1672DD16AF62E8F70820AECEC0F976D5E67A32A17048895025FCA83D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062721Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.599{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20211110-031318.logMD5=36CAF5F41B1D58CC271D4326BF72F720,SHA256=2341DFA2D2ECCF7D54D1AB663030F7F3EA68D744135C41375FD5B922F6B32E87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062720Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.599{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20210915-030314.logMD5=055232D2441C9F778A3C1AA0AB6F4272,SHA256=7C11DA49632BFDB7B79F29C63F436415269EF962FE1744B89FCEA68243891B13,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062719Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.599{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20210714-025705.logMD5=98521A91404558ACBDAF5D6D2CF4AA3B,SHA256=2E4F67BA3BAECD53705BC8141F59AC95718BCB316BF70265FDA064B729612E08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062718Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.599{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20210609-032955.logMD5=C15E2B96BA4050A2AB02808714FDE3F7,SHA256=C8CD54E296722FCB4EA236C8A823543A1F8093162B468848433A78AD53C85512,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062717Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.584{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20210414-025347.logMD5=151CFF8B8F5EFB852A3E80452768A961,SHA256=3B3F0609AE34D368C2CAEB78353C1414700BD927B16F0BBA4CA264210E7B0065,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062716Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.584{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20210310-175236.logMD5=25AF4408C53B55D34476B5C1C47E8445,SHA256=DB81C26ACAD132301116096FD303F208F4BA92A6A75FA8F6D4882DBE0C36B657,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062715Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.584{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20210113-201324.logMD5=F3B25701FE362EC84616A93A45CE9998,SHA256=B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062714Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.584{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20201209-052029.logMD5=CB0AED3B296DF6F1FCAED6DD79DA46DA,SHA256=0A9160944ACFA715C8E6B37DE42E96C1D5FF27A99F2E4DA6A60E4EC37524F7CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062713Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.584{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20201014-024353.logMD5=5834C1F517D9E0C996ED9B05D829CDD6,SHA256=ACE3F612A89D49B2CFC8CA5EDC2A0E8014525906142C689B0B121EFA5E44C68A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062712Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.568{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20200909-033343.logMD5=62639D5743F9B4B93866DD4186F62253,SHA256=FA161DF42AA225C0016798B63F24A89288CA6607540E3A2DF4DE513ED85F8DF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062711Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.568{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20200715-053446.logMD5=3F02C72BE330A0B2ED7A1CCAFC0708AD,SHA256=631A9A55461CE459743471EB0A6E143C59ADF8B61ABD199BE16E7EE202C56321,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062710Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.568{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20200610-052915.logMD5=ADDB568CC54D7BEFD654EF9B39497686,SHA256=7CE87A8D22B3F8780EF34F97E9DB35C847E4ACEDA4424F8B9D2BD026A2ED960E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062709Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.568{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20200415-052855.logMD5=039CD61B7D4B5169232BE65A742A6AC5,SHA256=BC4CEA100C52DA215D12F360874A75D532AA720BD7AA04966EE0DB7D59033F44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062708Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.568{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20200311-053305.logMD5=97242E690FD48F9FF746B8D9552029CC,SHA256=68F9F7A54402C662FAADD350C7584E19E95045A6C00DDF474C3A67D88D24C021,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062707Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.553{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20200115-053116.logMD5=F3B25701FE362EC84616A93A45CE9998,SHA256=B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062706Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.553{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20191214-164545.logMD5=8799E93AC1C0397B19503E74B2FBA180,SHA256=A04B823B0D79FAF2B1D962A0FF96442C0AC2E8A63245F4E1F034979D4269D7C2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062705Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.532{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local52449-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local389ldap 354300x800000000000000062704Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:43.532{6F5BEE90-18B8-61E9-2700-000000002102}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local52449-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local389ldap 354300x800000000000000062703Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:42.273{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52448-false41.63.96.128https-41-63-96-128.hhn.llnw.net80http 23542300x800000000000000062702Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.537{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20191113-052824.logMD5=B933CFD9301937DEF6CA51A51AA2ECBA,SHA256=4536C8E0D86B1DEB12D0651534BF8E61D82BC98E47B76EF868F4FECAFD8026DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062701Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.537{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20191009-052626.logMD5=73185957DE2C515BCCD3D539DB3306A0,SHA256=BF5B52767D69F964F38D9FD25D6460B242F6C4578EABF7E4F1283B1938FC7283,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062700Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.537{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20190906-052800.logMD5=F3B25701FE362EC84616A93A45CE9998,SHA256=B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062699Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.537{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20190612-052748.logMD5=4246B578DAB78947E4BC51F0D2F2C4DD,SHA256=29BE841CA3016669D5E46DF8CDD30A5D716968A95F1B2D5D23AD2292774D2BC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062698Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.530{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20190421-053209.logMD5=3D27CD6B8107F25C69DFDB3A040BE558,SHA256=D5F299AB81196FA0A8E9813C65E0828FD915759964A7927C383085A29E34BA2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062697Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.525{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20190213-053313.logMD5=C94684004815E880D6CACBF1F6B92456,SHA256=ACFB759AA554E8BE8630E24DA08F4B8381A6C9B443A205BF66FEAA5ACD9DB802,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062696Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.522{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20190109-222025.logMD5=F3B25701FE362EC84616A93A45CE9998,SHA256=B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062695Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.519{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20181119-024200.logMD5=82A379B1EF8C92EBE70003B2D005127F,SHA256=25ED9A31BCD22AEE47CC632C08A74B358BE3509AFD66BB3222E7AF9E64466B96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062694Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.513{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20180916-181813.logMD5=B732A95E7B9EAF23258820C0828C5E97,SHA256=F129E04938E65559B03A288ED9FCA21F6E7980BB5FA3918AF7E387E023ECB200,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062693Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.507{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20180814-230709.logMD5=14AC54B4CCD5E33E3CEFDDC57C4BD4BF,SHA256=049BBA498BFD33AB4227D51C21E1BD7E81817A6B6FA642827321F9A32FC35687,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062692Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.503{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20180613-051431.logMD5=0AC26BD2E3B4C21D35B2F8C35953751D,SHA256=7C5C03C66252998626DAB8D4E2E03BD04AFD863B2706941ABE00ABE9397AD4A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062691Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.500{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-11242016-000541.logMD5=F3B25701FE362EC84616A93A45CE9998,SHA256=B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062690Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-11172017-193005.logMD5=F3B25701FE362EC84616A93A45CE9998,SHA256=B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062689Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.495{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-10182016-015358.logMD5=F3B25701FE362EC84616A93A45CE9998,SHA256=B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062688Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.492{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-09132017-104812.logMD5=F3B25701FE362EC84616A93A45CE9998,SHA256=B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062687Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.489{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-09122016-043403.logMD5=F3B25701FE362EC84616A93A45CE9998,SHA256=B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062686Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.485{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-08092017-062047.logMD5=F3B25701FE362EC84616A93A45CE9998,SHA256=B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062685Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.482{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-06152017-165644.logMD5=F3B25701FE362EC84616A93A45CE9998,SHA256=B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062684Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.478{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-05112017-235041.logMD5=F3B25701FE362EC84616A93A45CE9998,SHA256=B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062683Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.475{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-04112018-184436.logMD5=839FC3739E8C209081C7A07C4D244641,SHA256=0FC17AB7C80F1600D10D9A981DC88AF97B989E20F04E414AADBBEC0057A15F91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062682Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.471{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-03162017-185340.logMD5=F3B25701FE362EC84616A93A45CE9998,SHA256=B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062681Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.467{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-02232018-102541.logMD5=9DF4BCD1D576BCC015026BB4E7DC7157,SHA256=0BFBCA53413C1DADDC3A725BE7D698587B6F0121C0984822722DA44B04D6824B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062680Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.464{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-01112017-210158.logMD5=F3B25701FE362EC84616A93A45CE9998,SHA256=B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062679Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.457{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-01052018-231907.logMD5=F3B25701FE362EC84616A93A45CE9998,SHA256=B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062678Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.437{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.dbMD5=C8C17C14CDD510AF8FE481D6C1A243B7,SHA256=4CB33E3EAEB82F4FE934681520760CCBBF263740998DF53602E297365B1576F0,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062677Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localT10232022-01-20 10:38:44.420{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows\Start Menu Places\desktop.INI2016-07-16 13:23:34.398 23542300x800000000000000062676Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.419{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows\Start Menu Places\desktop.iniMD5=16AEB165401DA977306B6FC1A5324806,SHA256=5807B6F5394A20BEAD49766659456C572AABEAC56376AE85CE5E6700B4D3041C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062675Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localT10232022-01-20 10:38:44.415{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.INI2016-07-16 13:23:24.586 23542300x800000000000000062674Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.415{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.iniMD5=AB006EAB28F3CFE4344B7DB45C67092D,SHA256=66E0EDABCDCDEC6DFF28340A0A696A78D96F5EFF03FA82B6F90BC76332182A1F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062673Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localT10232022-01-20 10:38:44.411{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.INI2016-07-16 13:23:24.586 23542300x800000000000000062672Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.411{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.iniMD5=7F1698BAB066B764A314A589D338DAAE,SHA256=CDB11958506A5BA5478E22ED472FA3AE422FE9916D674F290207E1FC29AE5A76,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062671Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localT10232022-01-20 10:38:44.408{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.INI2016-07-16 13:23:24.586 23542300x800000000000000062670Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.408{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.iniMD5=CAC4D0F604168B35338F40B0FE08C453,SHA256=8D1EDA3F60FDB808BB783045C7295EF4ECA5192136160F6C46A919E9E53E92E6,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062669Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localT10232022-01-20 10:38:44.404{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.INI2016-07-16 13:23:24.554 23542300x800000000000000062668Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.404{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.iniMD5=A6F5820A827F8FE5E25A864E291E0EE6,SHA256=F9F12ACE4D2B33FBAC59EAE524B8199E314D15BA872C8E8FFC2BABE3355D2664,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062667Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localT10232022-01-20 10:38:44.401{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Terminal Services\Desktop.INI2016-07-16 13:23:24.586 23542300x800000000000000062666Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.401{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Terminal Services\Desktop.iniMD5=F2D39FBBE5228AA505A4C21E0461B2EC,SHA256=3ABB3693D871D0CDB833F9746742A77C12E21FD94C5186C6D7A60E967E3720E8,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062665Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localT10232022-01-20 10:38:44.396{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.INI2016-07-16 13:23:24.570 23542300x800000000000000062664Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.396{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.iniMD5=EDF1B742206424AFC9280AD0012C36D7,SHA256=924B89506E666983A026FF99BB018257FA71800EB37AEC30E19CC69472F594E4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062663Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localT10232022-01-20 10:38:44.393{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.INI2016-07-16 13:23:34.398 23542300x800000000000000062662Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.392{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.iniMD5=D00A9FEEE37BC22E42AF8ECBFA36F556,SHA256=54594B21ED9F313C11FF25376AEA8932835A80D68E742FC1D5344805B0A780AE,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062661Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localT10232022-01-20 10:38:44.389{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.INI2016-07-16 13:23:24.570 23542300x800000000000000062660Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.389{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.iniMD5=677E37CF4A2B2938CC9ED152920D9886,SHA256=4FB7B1D55EF7D052FB0FBDFE6BD56ED65F0F606C9AED211B8E4EAECAD05907EA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062659Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localT10232022-01-20 10:38:44.387{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.INI2016-07-16 13:23:24.554 23542300x800000000000000062658Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.387{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.iniMD5=2DB341606A8D0E39C81A95A64ED33C84,SHA256=01A69BA309C6665E612654E9D4D6B081772083DD3B9BB657C5123F02233E775A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062657Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localT10232022-01-20 10:38:44.383{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows\Start Menu\desktop.INI2016-07-16 13:23:24.554 23542300x800000000000000062656Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.383{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows\Start Menu\desktop.iniMD5=A2D31A04BC38EEAC22FCA3E30508BA47,SHA256=8E00A24AE458EFFE00A55344F7F34189B4594613284745FF7D406856A196C531,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062655Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.378{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000007.dbMD5=52374331E8500137CE5BCC8B43A834A7,SHA256=47C23FD81C4418FA044D449A2F7E434AE19117A51EB24870AF8C4B035A580B17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062654Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.368{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000007.dbMD5=A8DF0964D7616BFA3A703AAABB3F74D4,SHA256=7DDFA3E33D28158D2B811E1097E5134FC27189114C805263144F98AE59852D33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062653Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.351{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows\Caches\cversions.2.dbMD5=D0C5D8BD58018F110DCC32EB43157E98,SHA256=0348817A4404E34319932298F9EAC9F699A7C9BAC41164E43D9C5BA57A2A98AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062652Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.332{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\User Account Pictures\user.pngMD5=CE1E5810D7C9F27A6B139B7BB5772198,SHA256=0AE29A2E9FB4CA75DA5145AC86AB6DD9F12767CADB5BC6A9AA4B1036EDC128E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062651Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.329{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmpMD5=DC2C42110B7D84F144C6D905A3DDA74E,SHA256=4E07A1A6FBB5F29252A7C7AD7C3C80B32B4CC8BAEB832DBE40C38BBF85D984E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062650Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.312{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\User Account Pictures\user-48.pngMD5=45F18A848F56AB20F3394A06625B0F74,SHA256=E5CE93221BAF11322184C3FFA5AF9B3A9CDB537E1932745F333D872A0ECDA140,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062649Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.307{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\User Account Pictures\user-40.pngMD5=62EB5F8AF13F0886F278614F5F43E21F,SHA256=EC3E84AD90487122BA0EBA5945DE8A2CA2B10FFC16B3A02746DEF24E926148B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062648Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.304{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\User Account Pictures\user-32.pngMD5=8B0C9A9879D00A4ECED7948D6E47C3A3,SHA256=552C3AE1507531C972FE23B1849E9CF60668030A18E70B22BAC40654895B1D44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062647Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.301{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\User Account Pictures\user-192.pngMD5=4D11D81DC520C49DAEC13A866CA2A200,SHA256=6918F0F8F0461F866A849FC691FA5DE86DB117554FC09C6497F9DF363EB483D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062646Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.294{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\User Account Pictures\guest.pngMD5=CE1E5810D7C9F27A6B139B7BB5772198,SHA256=0AE29A2E9FB4CA75DA5145AC86AB6DD9F12767CADB5BC6A9AA4B1036EDC128E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062645Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.288{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmpMD5=DC2C42110B7D84F144C6D905A3DDA74E,SHA256=4E07A1A6FBB5F29252A7C7AD7C3C80B32B4CC8BAEB832DBE40C38BBF85D984E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062644Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.131{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Event Viewer\Views\ServerRoles\desktop.iniMD5=2793124A0E734B03D1C002AA383E4B16,SHA256=C59EEBA6210567EBBA76673280726E4AF19B3780333E1F624437DD91916F97BB,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062643Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.101{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\tools\shimgen.license.TXT2022-01-20 07:57:37.193 23542300x800000000000000062642Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.101{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\tools\shimgen.license.txtMD5=58FA6B4B88C177B273F25D9324FDF301,SHA256=A2BB559CDA0826A8DB2B893D3B5D7DE6CF13D91210FB920E33B682851D44C037,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062641Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.096{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\tools\checksum.license.TXT2022-01-20 07:57:37.177 23542300x800000000000000062640Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.096{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\tools\checksum.license.txtMD5=A10B78183254DA1214DD51A5ACE74BC0,SHA256=29472B6BE2F4E7134F09CC2FADF088CB87089853B383CA4AF29C19CC8DFC1A62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062639Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.093{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\tools\checksum.exe.configMD5=E9AD5DD7B32C44F8A241DE0E883D7733,SHA256=9B250C32CBEC90D2A61CB90055AC825D7A5F9A5923209CFD0625FCA09A908D0A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062638Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.090{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\tools\7zip.license.TXT2022-01-20 07:57:37.177 23542300x800000000000000062637Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.090{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\tools\7zip.license.txtMD5=899A48828B85C4B0402EE7CF1F65B62B,SHA256=20343526E04CE61EED2675282462E7080D305246F7807386621149C2025765D9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062636Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.087{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\redirects\RefreshEnv.CMD2022-01-20 07:57:37.161 23542300x800000000000000062635Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.086{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\redirects\RefreshEnv.cmdMD5=B4326546C3A252494DCD512976F8B89A,SHA256=9B251737A6B6ACE9FDE45B64FD653B04575C6416F15112FBE1697A47B14990E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062634Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.080{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\logs\chocolatey.logMD5=367966B9AA6C69199602CAB278A368D6,SHA256=86F6E4354F0B6FA0A39F8D8130840741A412F9902921C71DAB00BA16AF5A69CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062633Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.066{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FDCD689BE3794DA3D5BA1A18DA744874,SHA256=5B767EE341DB6FF3368E18F6EA59BBA3686C051091E6183C5D154A2DF97A78C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062632Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.065{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1221A3E6C016849270EB443422F459A5,SHA256=D7F548AB2644670615040F5E58D0F89FED97340FD7C71EB48DD75D0F84D9D581,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062631Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.048{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\logs\choco.summary.logMD5=528D58B73D7F6C4F0F58DD7E57EC35A4,SHA256=46B8C109ACA6B8967BCDC3A3176082DA307C8F98CE0BC5B1274D135AB1BE5A21,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062630Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.042{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\LICENSE.TXT2022-01-20 07:57:37.208 23542300x800000000000000062629Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.041{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\LICENSE.txtMD5=B4ECFC2FF4822CE40435ADA0A02D4EC5,SHA256=A42AC97C0186E34BDC5F5A7D87D00A424754592F0EC80B522A872D630C1E870A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062628Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.033{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\vcredist140\tools\data.PS12022-01-20 09:26:53.294 23542300x800000000000000062627Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.033{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\vcredist140\tools\data.ps1MD5=160C389B966B9D8746C30CC552A2B68B,SHA256=FA3B90C1E4C336848FE475D0194145A453873200FFE079FEA7F2E8EC64BDA22E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062626Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.027{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\vcredist140\tools\chocolateyUninstall.PS12022-01-20 09:26:53.294 23542300x800000000000000062625Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.026{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\vcredist140\tools\chocolateyUninstall.ps1MD5=0FFC57B43B4BD80ABCFD3A38D2AE4680,SHA256=1254497D196D1571881BC4A1BCDA32DA5B85320D2D4BE3E392BC41188CDF4ECA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062624Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.024{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\vcredist140\tools\chocolateyInstall.PS12022-01-20 09:26:53.294 23542300x800000000000000062623Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.023{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\vcredist140\tools\chocolateyInstall.ps1MD5=A09076EA0C66633E37D23221F963DE6B,SHA256=BEA762B1E83C7124B69A8872C0B75751252DD062F60F57CC2F07D612C51C2BE9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062622Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.021{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\python3\tools\helpers.PS12022-01-20 09:27:16.443 23542300x800000000000000062621Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.020{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\python3\tools\helpers.ps1MD5=57720D017CC2AF92672EC71DF7D089B1,SHA256=CDBA70A3391DBECB55E051BE7A7EC3E8BE3F7ADE5CB8B11687CE0F8FF3656A6D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062620Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.018{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\python3\tools\chocolateyInstall.PS12022-01-20 09:27:16.443 23542300x800000000000000062619Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.018{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\python3\tools\chocolateyInstall.ps1MD5=F666B4ECA6C344CB1A5E19D00263F501,SHA256=81FEC18611C99BA2C088445A5DE839D6C4842763FC34D937E5E49E8B1F22E9AC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062618Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.015{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\python3\legal\VERIFICATION.TXT2022-01-20 09:27:16.443 23542300x800000000000000062617Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.015{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\python3\legal\VERIFICATION.txtMD5=568AF5B6EA2CC3E7981CCDB5D39E79F6,SHA256=EEE716E9636352D9E9DCC80CD1C2F8BEEA1CCBB805D13F2491FF5BC7467F10C6,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062616Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.012{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\python3\legal\LICENSE.TXT2022-01-20 09:27:16.443 23542300x800000000000000062615Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.012{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\python3\legal\LICENSE.txtMD5=3FBFBB88B1C6F11A666EB20C490B6DD6,SHA256=A2D8FE06ABC84461A259F224EFF7867331B324879396A7C5F7AA40C963D3FE75,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062614Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.009{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\notepadplusplus.install\tools\chocolateyUninstall.PS12022-01-20 07:58:18.226 23542300x800000000000000062613Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.008{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\notepadplusplus.install\tools\chocolateyUninstall.ps1MD5=53320AA62EBA74A2B64155CE4DD1D87B,SHA256=7D5B57153A30B896C2ED9FFF918CEBCF92F32C5CA198BDB6F90D08932D10C699,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062612Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.003{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\notepadplusplus.install\tools\chocolateyInstall.PS12022-01-20 07:58:18.226 23542300x800000000000000062611Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:44.003{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\chocolatey\lib\notepadplusplus.install\tools\chocolateyInstall.ps1MD5=2623B0981B43183DABBDE8290C62F945,SHA256=2BA0A024185D8DDD534A63E2DEE8CEF761E07AE5B17A0F8CED7C7C7C9832FC78,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031918Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:42.969{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51388-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031917Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:44.597{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B4416994F92CD14EBB0E697ADEC4344,SHA256=B8FF030CDE338024D9BBD751E2F273E129FE6DF6AC7712A9ABA01A2F5A50077B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031916Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:44.066{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3BB4-61E9-1006-000000002202}3336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031915Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:44.066{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031914Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:44.066{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031913Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:44.066{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031912Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:44.066{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031911Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:44.066{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031910Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:44.066{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031909Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:44.066{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031908Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:44.066{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031907Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:44.066{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031906Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:44.066{CE7C8936-1A7C-61E9-0500-000000002202}388504C:\Windows\system32\csrss.exe{CE7C8936-3BB4-61E9-1006-000000002202}3336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000031905Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:44.066{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3BB4-61E9-1006-000000002202}3336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000031904Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:44.066{CE7C8936-3BB4-61E9-1006-000000002202}3336C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000062780Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.998{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\traceback.hMD5=42B3CA416F49CAC89F9C239C2C054111,SHA256=8E279FA8AA2EF63C604206005DFBB732720632FDB425E2A13D56D4FCD5580946,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062779Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.983{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\sysmodule.hMD5=BDADFEB9E2AF876D3F6AEB7F7DE0AEC0,SHA256=6BAF1275C8E490D6DCB75FED9F030A65AE6178EC59090A91991BEA85B575193B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062778Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.968{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\pytime.hMD5=BE19D001EB57BA187354724FE9D77D82,SHA256=D50DAB1B5685412BC2F9F0CE8990846A33148E2E4431677872E9AF26CF064B6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062777Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.967{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-89EAB195F9AEB9F070AB21174B5F01A9C52B8481.bin.79MD5=2EA23523FF5AF32BBCA9930351DCC6D1,SHA256=C9137609E080129CB879281335894973A504B867131CA9ED909E418C85AFDC0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062776Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.965{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\pythonrun.hMD5=336A0FAB02A24600A0B8B513FC305E45,SHA256=293B1A0DBCE799CB6BCD53F5D947D0F3EC97A0446D79F6DE62F621A29BE261A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062775Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.962{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\pystate.hMD5=C8256D3DCA976362A8AE304C1F3053DA,SHA256=9302622DB7D051DC84709827E84727BB25369B35821BEECD1DC3340C110DC097,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062774Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.948{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\pymem.hMD5=E5E62995E21FDDB3F0B29DDAC77D7C9C,SHA256=4471EE830A01532450D95B83003DC2A8319267FB5ABBFBDEA20133DB0E640831,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062773Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.922{6F5BEE90-3BB5-61E9-8809-000000002102}65162008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000062772Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.922{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\pylifecycle.hMD5=D1D6C2E98B82E73A53C65B943BC97BBE,SHA256=8D8C1BA43E300FCC74A8A394A197AC56E2C563AB2CC32333863C5350346A61FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062771Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.903{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\pyfpe.hMD5=BBC7515EBD44C181429DE06707AA39E0,SHA256=B8B42E4F39DBC5F267E8E1FF0C4A52B431A422E6CB58C2380826A0C478334316,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062770Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.886{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\pyerrors.hMD5=486BD2941FC537CC2398EA0E4D1556C3,SHA256=1699B51BAB1ED538F1B1D9538DCCD784C930897CC8DDEA47E335EE0263CDCEC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062769Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.883{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\pydebug.hMD5=65E5DE5B4EDE77078FB763DFBB456D62,SHA256=EEF9DB06626C6FBE2BE15530F4662AF270D3C6FA255BD22CB9F7C99AD715AF01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062768Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.880{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\pyctype.hMD5=91891583393561856B0C66D384A1B6E9,SHA256=5B0CF2697E86E054D0A0721670D0A8E0318ED9ACB05EA0E93CD543E263F2F97A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062767Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.877{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\picklebufobject.hMD5=6A936E7FB222A67C334F6DD6E547E757,SHA256=90327D76CC64A5E375660143050FACB3AA59422B983E57C6624D0F92B9812785,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062766Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.859{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\odictobject.hMD5=D9ACFD7588D27CD7ADD94E90C8E30993,SHA256=FFBF2A43E05699C1B0C80CBBFE60E649BF329EEC7B8E0D38E5CA59A29CD3600C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062765Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.855{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\objimpl.hMD5=622C78AAC347FB5FD1322BE01D6D1A28,SHA256=BFD7599386F35C71EE58200337A6C0694EBD85C319623576C278E18092E05D27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062764Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.852{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\object.hMD5=C8B11045B35E47077CDB764907E08FEE,SHA256=FD8F20E9A6E56B761345B248460873976CD4C8984446FA84F6F8339F4DAF5B0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062763Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.849{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\methodobject.hMD5=0B4912D983BC2AD45D36366FC00EC849,SHA256=9F1C6C5A47811332966B8C3AD0F41C053F408E269DE2266613607659FCD2C8EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062762Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.846{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\listobject.hMD5=23752D4661822EF0161203CBED3A5CD8,SHA256=2C5BE901E01B0BE378BDE17EA270CBB7C628481A23551F45D3E57A0F22BD4955,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062761Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.843{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\interpreteridobject.hMD5=3D49C40583E099B05F31BED767B5DA8F,SHA256=07D04990AE07FBEFCDF0DB99ADFD8C1781EAE324A10CE946A837482AA588A679,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062760Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.839{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\initconfig.hMD5=26CA65F4F89F692C4B2F2A03C8BF6E1B,SHA256=93523D66EA85A782136FAD0E3CE43675A1EB62CCC48399BE9EA5F93BF6AF2E9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062759Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.836{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\import.hMD5=3AE4E978C79A499F2E5ED73BD96D7460,SHA256=605130BDE18BD9A1631FE09C19D67241A70D176EBFC58AF3DE0123A3041B5439,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062758Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.834{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\frameobject.hMD5=773CE04F54F095D7F701923E64EA196A,SHA256=B30823C3F2A38517E0505CEF1FF227E921D2EF20500C9E57E16F378073AE32AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062757Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.830{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\fileutils.hMD5=975F384778F6D96B3C01E657D3E0608F,SHA256=4F03856857D30A3560798AD300755E1F2CB880FFE49A7AE02E334DC5473A7AC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062756Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\fileobject.hMD5=D2B09B04F51E2EE2DDECDE511FA9BE6D,SHA256=77A85C587A7B9887C3D78A6153DEE9850FA4D6BF141A035BBB4B4FFB11122CDA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062755Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.823{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\dictobject.hMD5=78FA3D67E381F4CF8824A714B450D45C,SHA256=1EAC889B33708C732E2436AD285C4FA8C619A88766653EC9F97A59D777542321,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062754Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.821{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\compile.hMD5=87FBEACFA2AE8DE9B6C069F23C6B6319,SHA256=504322088E2F6420DC11BDBC2ACFA771B4130D8E51143004088D4EAC33DC789A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062753Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.818{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\code.hMD5=A2480317018F50D235958C68E3380E9F,SHA256=CCA8CDA6EF0A5C214DB34D2EF6C7693666E28E2FE8528D72790CDBA14D8DC838,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062752Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.815{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\ceval.hMD5=5A7B9AA24EC1FA36494620F069DF9336,SHA256=8AD526DC6DC446E4385C05F746DBDCBFB8321E60A34369E7628BCAD81859E197,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062751Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.812{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\bytesobject.hMD5=C2C64927FC33C146D2AF898A4FB1619D,SHA256=ADDFB38B211597B7C56787FF360E17201DA2E52CA254210B25190DE17D1072C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062750Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.810{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\bytearrayobject.hMD5=46B877EDDEFE8FD3734478C502617446,SHA256=7FA42B92364FFEEE382267AD77E9008DB6D1687E57C8B8118D4264AAF6C0DD74,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062749Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.807{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\abstract.hMD5=3DAA4992DEBF6ED9C94FE45CE7141C8D,SHA256=72F7B5E8439F9B7C718B1246366FB8A8F90358634021545C73305663FF942063,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062748Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.805{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\context.hMD5=DEC120C5E180829EE23B1165C8E36C9A,SHA256=F4AB30172779C3D8776D027777B5B4F73E60683C5FE0550500F22F04C0AE2833,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062747Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.802{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\complexobject.hMD5=125515FA530FE10AF1C44560C08D47F0,SHA256=B21E591DE7217B7DEE01EED906A9621910E80C702506D5EFC202DD0B1ED50550,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062746Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.799{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\compile.hMD5=E9F27B6D74674508C0F64F12E92BDF63,SHA256=90253B641F6727A16F8E171DBC6AFB28EA3E033331B9DA9A0CC1A7015E6104DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062745Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.796{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\codecs.hMD5=36B63F92D98A926090A007E1FE6252D4,SHA256=5EFDBAE68E530CCD2BD918C1B0DE68570397ECE9C5ACD453058E2DCAA35126DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062744Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.793{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\code.hMD5=BB2978A9018F1AEFADFAD4BC176D6100,SHA256=30C1E257241427999C30E39364D4BBC775D3E8C48E4489F897BFC69013F93BF1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062743Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.789{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\classobject.hMD5=83DC1D69945856F2354DDBC9F127CAB7,SHA256=AC4B50B771B7B6C0DBA3AB1ABC0320DD948D135902DB2CC0FD89B0FDF9FD1EC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062742Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.786{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\ceval.hMD5=F417F683E1B02E27D01DA714ED29B795,SHA256=BFC379EC9035270CC3362F0A4D1292FEC8E22F98D1A04508ADFF0D18FF050838,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062741Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.783{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cellobject.hMD5=ABE68939C4146C9A6687DF9CD1AED778,SHA256=337A5C635C475A14BBAEF84708B9F43E89CCB3D0A87882F03EAE9372584E13A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062740Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\bytesobject.hMD5=594E9F2F114D7E5B3AB066ABCA857D15,SHA256=66B66022DE5C87154E27A00EB92A3313A0FE274E11B820A559028925FE1BED1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062739Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.777{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\bytearrayobject.hMD5=AB9DAEE354BD1A97383D769A33FC0F35,SHA256=338FA050C4C4F06FDF4A52C29643D5BBFDB998CFD772CCAC220FD9042D1665CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062738Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.774{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\boolobject.hMD5=422050DAD7A060D9F6BEE075798C8810,SHA256=214BFF11FAB6613E9FA16AB9016C69F7C63B665A2C40C5E7BBF40C10DF8EC711,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062737Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.769{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\bltinmodule.hMD5=BE92944A8F488C10556BCA4885E85A09,SHA256=9BC7D4F6546AD38715880208EBE004616CCB76413009B664BD8FE1D3EBA06F59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062736Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.766{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\abstract.hMD5=0520ED6E5688B7CDA09292F30C4D74BA,SHA256=D83B7A31203A2C3069B32272A9B5D1CC9E335101722DFB393A6351598808F401,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062735Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.704{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Live\WLive48x48.pngMD5=346E52BACFE42B2D4541FCC62E9D452F,SHA256=481D3E0AAB3681CD196AD7A0A5080FE2BAAAE42ED60E545BD8D9C029AA1AB643,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062734Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.620{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7193444F18F904A60C64B0FBA6EBAFC,SHA256=838FB54E513D859B3F638D4DDF76A5A8F6ED16431359B336B5ACAEBFD25D2A57,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062733Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.620{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3BB5-61E9-8809-000000002102}6516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000062732Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.617{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000062731Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.617{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000062730Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.616{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000062729Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.616{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000062728Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.616{6F5BEE90-18A7-61E9-0500-000000002102}392508C:\Windows\system32\csrss.exe{6F5BEE90-3BB5-61E9-8809-000000002102}6516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000062727Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.616{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3BB5-61E9-8809-000000002102}6516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000062726Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.615{6F5BEE90-3BB5-61E9-8809-000000002102}6516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000062725Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.517{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPLog-09122016-043403.logMD5=C67B600064AB404ABD0F94AE18286D34,SHA256=EC3051189BAE73D9FA45EF46C7145F9DD274254F974D8158873CB600ABB4279D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031920Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:45.613{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E07D6F994B956BA020B2E28F2872B22,SHA256=6E0FDF36C366F00E7EC78446EC718787BAC6C20DD73A1622B2C4227340FD2E21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031919Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:45.081{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=079F0953AADAEB693B9C16E9E99CF1E8,SHA256=B00A9044DEEBB61EB1C0BF2005A1EC039E0A77E8ED9EC93CCA4C270A3D4170D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062952Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.997{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\bdb.pyMD5=8AA165DD2B94BEC076A669D9EF8A60C6,SHA256=9D5B0D918F8CA812F836F3050CD6667E2D5B6B800C49EECCFF0ACEDDCF0C4CF2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062951Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.982{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\base64.pyMD5=430BEF083EDC3857987FA9FDFAD40A1B,SHA256=2BDCB6D9EDFD97C91BC8AB325FCC3226C71527AA444ADB0A4ED70B60C18C388D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062950Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.982{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncore.pyMD5=335A54F8DDDF91D3E8A008A68C278654,SHA256=2C583C8E1DB8F62C18F512CADB2CE9363E511C50A07F296E7108D48BF8CC7AD6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062949Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.982{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\__main__.pyMD5=4C758632BA30CBD5CA8F50830E11975C,SHA256=82FDC4CD81292B82241AE8EAC259F977F33D7DF882EFC53B75C37C4CC85C525C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062948Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.966{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\__init__.pyMD5=79EA315D77D469CB64DFE39B82E14C52,SHA256=A5ED25BC789F41F1743D47E8E0899E5ECBC3CA1674589E7EE127426DB9EE79AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062947Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.966{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\windows_utils.pyMD5=3D2450646C295F667F04535CB6511EE9,SHA256=23FF6C7FECECFE35A06EAF7615C1E1E67C0740B78CA75A04C548B184BE87B958,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062946Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.950{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\windows_events.pyMD5=C056E5EA5C79859C70D42D5D4D67DE7C,SHA256=2AD305943A5C17752FEC2D42CDD15F55AF5968C85DF0EBF69A250C3CDF9C5C59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062945Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.950{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\unix_events.pyMD5=0B0096A850C70AE86E6E90421F2984C7,SHA256=CAC64FDD4444F7768465C6EA4FDED7A522442EE4ECC01EE21F5B365FAD9C5175,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062944Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.950{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\trsock.pyMD5=E481F8A3FC8B4A8395BBF44DA6585FCB,SHA256=408B28A6A11A88349E80FDC20BCD0F633323D4DCF347A38BAA5A5CE6D42AD297,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062943Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.950{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\transports.pyMD5=A0D05E0372B558D546B10EBB14F65FA2,SHA256=8EED64B0D572CD32CA7D8350365E7B47190DB3FD4DBD4E6887C1F725E2679FA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062942Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.935{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\threads.pyMD5=0EBB52B3B39916EDEE1B1CE2805F0D5E,SHA256=60310C6E008F10C117388BA34811250134DC6FE4577031CDA37E8F9ADEA40920,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062941Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.935{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\tasks.pyMD5=0A2524A71EC4C13FC0F264E786716045,SHA256=908EBBC14EFAC4A2ECAE5C64F4EFCBDD9962BF58C57A810461EBE25C694F6A1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062940Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.935{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\subprocess.pyMD5=367664768E545C482B86256F2818E026,SHA256=A511D0D64D2D8086B7CB8E81DBBB0D906FA12D8731DA52F20FF198F44BDF415A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062939Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.935{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\streams.pyMD5=F55CC009BC318CC94080BF2E7359A674,SHA256=55D805FF528D06A96B30122E4A71CA54F20413A04735CE1007B619F9EE2C0019,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062938Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.934{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\staggered.pyMD5=BCA378D3DB917FB79E03181E278C23AD,SHA256=18785BF43A6B21A235DA704A60CAF28232F6E57C56E3EB81D01BB50C5B9D4858,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062937Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.929{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\sslproto.pyMD5=7081B838C3006082C133A17F0DD94590,SHA256=D6648C3273CCC0AB50138212665667D5FC2BB50D0A8054FE928454DB96ABE36C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062936Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.913{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\selector_events.pyMD5=9F720FCDD2E3B2251F429081F0F84886,SHA256=7D4C07C760EE2882A5E82D048D9EF7552BE3914026D953096F18BD44AD418A59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062935Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.913{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\runners.pyMD5=9E248DFB8081884438219581CE36B284,SHA256=8DF94155A34A2D7000DFAB35612120D7CBEC630284F914AD1FE86EC7129C5CFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062934Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.913{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\queues.pyMD5=3B39445C2362785379E3D1B805A82730,SHA256=3C78D536CD6C01A4DDA11AB7550F29ADEC94856A6E1906187AD1D562D8564CB4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062933Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.913{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\protocols.pyMD5=D20F0BDBF5AC50BD0965234B3C5CCC13,SHA256=D3B7CFE26214F64598E1E0856E6FBC4B1FF2CDDA592D0EAA4CBFA9F826E91A84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062932Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.913{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\proactor_events.pyMD5=ADCAA95FF6B6B414F0CFA80BC0A797BC,SHA256=EBB3DDFAAD3A56C9FD63D9947DFEDE2C824EAEE1141B33DE65BF2FBFCA04B192,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062931Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.897{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\mixins.pyMD5=9C28F0870DDAAA3C763A1A9E062BAF75,SHA256=D43484AB1B446B66A53FDED1BE81E78934D391BB0A109B932E31579CBC55749D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062930Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.897{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\log.pyMD5=07687A8E3B30B3B320A3B3164812E3B1,SHA256=72433D0D5A4205B74EF4FF95CD3E1C8D98960A58371E5546698A3A38F231058C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062929Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.897{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\locks.pyMD5=F10B5CB7E0AFE7AF2617EB210DE50EFD,SHA256=85C71FE0F540E525601C2208C831DF0ECB05D78FCA610FE157206CC3A111D9AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062928Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.897{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\futures.pyMD5=C3788902EB58E5A2B9622D1F373331BC,SHA256=0D32FFDDC63378E9D82AEA2BC29D3D28BEDED4D73F11E0A75FE73F0050B1BABE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062927Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.881{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\format_helpers.pyMD5=64D0BFEF9B45C0EA83D954360F021869,SHA256=657449627E8706CDC28A575DF9E975058E787FA2CC6A70B5DA7F9EB39D371DCB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062926Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.881{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\exceptions.pyMD5=A83317D64AC8D1EB4FDACE5809F31435,SHA256=CCD5456CD6DD88563F208534D3049632A7CAA4EB9266682F6B46E988C05C2CC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062925Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.881{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\events.pyMD5=707A9844A572376F2103B3D053A1CE7C,SHA256=27EC3DD1171FFCB1D414CF42D7D095CCA62BB6A7E8FE16D2FE2F060369D250C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062924Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.881{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\coroutines.pyMD5=D2A6BE6AFF7175D295DA4A3A25A7E069,SHA256=C4F7628AA80D102E1F1478333F99767E1432312A49C54E08F4FB682140E6A590,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062923Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.881{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\constants.pyMD5=6B81F558F9EE2044D0C6AAE13C5C8E84,SHA256=395225E259A6C6486DC64213EC579E7A7C2E4E4BE83935B6C4120DCD6A1F929A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062922Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.881{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\base_tasks.pyMD5=47F432C42B8F851DE2915418672E8F7A,SHA256=A6B2FA6708C62DE555FE694CE3D0B7A2427A8A1A50CDA3694A09754F34101B14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062921Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.850{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\base_subprocess.pyMD5=19CC5FEA2559B817BF9FCAA3EE4B76B4,SHA256=FCD594ABA1912464A80B4C3E4651D5677787395541828A887EA1E0B3A16861FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062920Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.850{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\base_futures.pyMD5=216B4AF2D0F26C3586C808566034E664,SHA256=0F55E981F522D382F8F24848D6BE34E8E0144CF813D07035FCDD768713F6A863,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062919Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.850{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asyncio\base_events.pyMD5=41D436E19B6BBC49690B67211B540BC7,SHA256=FB42FCB3925053E185A374831C584DBB36EA4F09D597E9FF39EF9CD3E0DCF745,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062918Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.850{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\asynchat.pyMD5=3B09A48C6813AE9476AB93DE84909655,SHA256=21423C766CEC34C1EC907433BAF543A2058F650883BFABC3BE57CC6C00C0FB4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062917Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.834{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ast.pyMD5=D045E4BC2C515398427D3F9FFF66A85D,SHA256=ED596EDC82E0A1445D52532EA3577E4A1C99C44AD2F4295E0893CCECC6732659,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062916Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.834{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\argparse.pyMD5=91A5DD625561A643A527D25F092CC487,SHA256=7A50469531AB69DA0A6EA491BAB4D620EE932E21818016B0BB6029AEA1933A31,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062915Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.834{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\antigravity.pyMD5=3ED5C3D928783BE91A9C8FCA6BCB846E,SHA256=2C4879A527D2F5D0E0F0D81837EEB8510E2F77FDF2BBB2688835732E699CCD6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062914Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.834{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\aifc.pyMD5=BF5911BEAF58D01F1317D4416B929EED,SHA256=2EFBA033EF47B3E19DBCDCB6762B9B49AB1982EAE3B9D649548D15AFADC78DAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062913Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.829{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\abc.pyMD5=3A8E484DC1F9324075F1E574D7600334,SHA256=A63DE23D93B7CC096AE5DF79032DC2E12778B134BB14F7F40AC9A1F77F102577,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062912Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.813{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\weakrefobject.hMD5=0889B539B8F991EBDCC305387BC38CE6,SHA256=0C6F72A45816FF098FBE2789C6E0272FF0E8AA26C5DAA8865F816EFD4640DF8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062911Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.797{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\warnings.hMD5=83C2556BCBC5044047F48A39C3013B8B,SHA256=853E6E7D903049B290221970F289DC88B1B586C66D64B4905D1320C3BFBED5C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062910Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.797{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\unicodeobject.hMD5=84438922B20647278906580DB14437DB,SHA256=8A1C404B5F818D9246474B0BA6F0B4E79CB2E1FA69E014295B0A3282D400D03D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062909Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.781{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\typeslots.hMD5=88A633C701A3D235BC772D60EB618A12,SHA256=1A6563C9C3FECA87FEB11454A59F5A87B480F3A71B19B6B44033633D2CB82D05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062908Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.781{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\tupleobject.hMD5=A01219D9C49822C86BADB9AF559DF668,SHA256=2739A72984EBE2957173119B914420B5DA9682EAF7B9320743E2ABA278AE5363,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062907Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.781{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\tracemalloc.hMD5=22CB28F5C382651BB890336C1777F98F,SHA256=611F13D0390240ABEC0EFD07F53A565C955333CC1B9E169B2788534F96FB2C65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062906Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.781{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\traceback.hMD5=A6C28A7070F10B6A6A2847E74D682673,SHA256=508A4CEA5F39E2D01FAA61F2AAF10A78E258CF995BE94D3A0F3A79933D98E271,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062905Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.781{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\token.hMD5=858C753EA3CBEF68D1792EF88C115E5F,SHA256=ED81122AF1C472DBE825D5A03CF2CB69B14B6FE4D76B5F15A2B88FE9F5239560,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062904Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.766{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\sysmodule.hMD5=115BCAC4357B82F0855CF38EA5242A5A,SHA256=B465D5DE39A754B78371B1C2BF562A937BFE59C6FE79D4FD87E956B57E2DBD71,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062903Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.766{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\structseq.hMD5=65440383AE882B4AF9A6A807BF172466,SHA256=139A9BB636E6E10148C053F1DB618BC99412DBF556ECAF5A6EA956A626043881,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062902Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.750{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\structmember.hMD5=EE5A3E111630B3A040B202380B0AFA52,SHA256=110F8BF1E6D524E899D3BB83286E8DF9CB789CA82DFC028AFE7D0C8371CB6E86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062901Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.750{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\sliceobject.hMD5=C15FB702F7D4659132E39447A8C93FDB,SHA256=0329927AD9E0BB1386FA1C72A28BA0898C9DA320C8A3A5C9A234B8D06823B060,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062900Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.750{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\setobject.hMD5=1E0801087523BAB1EC9223357E3A748B,SHA256=6B312516DE51C0CCF0C4B9C97E8F68284D1C118BD9D73077D31DD6C8DFBC4B15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062899Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.750{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\rangeobject.hMD5=737E5C0DA8D24785599C2F3BFAE9A60D,SHA256=A0F3408C62F05650BA9E457CBB340A12B267D2A5CD94B000092A7E62EA21FC9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062898Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.734{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\py_curses.hMD5=3DBA7162D9DFA39B0BEBC66C6B34847A,SHA256=6E4FFA0AA3DA917D5FCBFE3245AFD698D44886AA8C0061C730404665497D4733,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062897Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.734{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\pythread.hMD5=8CAC2CCB84B10F563346A7A16BDA50FE,SHA256=791A944F070A21134284BD7B05409E284E6D737007CB104F60983EE3B43A8D1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062896Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.734{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\pythonrun.hMD5=16522349FE14B71143C7021F4093B9E6,SHA256=4FB0B6E3029015D032ABCA4FF0C0FBBE8D23AB5F72E9CDB28186DA381777C1BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062895Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.734{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\Python.hMD5=1C313A61567F9D0CB39CAD3482B418EE,SHA256=8F30949CC00E2FB84DEDCA2A061513CAFDCC5D01CEBBD90C477903AF8BBABC65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062894Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.730{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\pystrtod.hMD5=101150DAA7BBDAD4DEB2376B000914A6,SHA256=6E2900AC52AE96A94948BB8748245977132B56B607AE69EAC8421A4E75F22BDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062893Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.721{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\pystrhex.hMD5=BB1D8BBD3F9E5F55003FF85B5BEB020A,SHA256=CC1C7C4E4388B6058C86B6888118EA67329E91E18E61846477611502B2AE42FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062892Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.720{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-89EAB195F9AEB9F070AB21174B5F01A9C52B8481.bin.87MD5=0433F5BAC95BB1AF24E2C8110B1A6B04,SHA256=899CFAFA0521029570700509B271A0ACB940447EE5E1E00D3CE973C14D686786,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062891Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.714{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\pystrcmp.hMD5=1D69651494533AA0FB597A48341CE0C8,SHA256=2DD23B6FB3B7A7FEF62B33170A7215F0B68F2CDD6EDBA5548D0D563C5B124055,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062890Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.706{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\pystate.hMD5=7B54772293999AA2B508F92606C90004,SHA256=E6A1F6E01520D22AE09B308A13A75E8B451B32075924153CB83380D56A004E10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062889Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.697{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\pyport.hMD5=F0E96CFA7DBA018DCABAEE391BC76355,SHA256=3E83D1CB10EF137F8B3C17E609EAFE200E112C5805BC185556F82B9C5955115C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062888Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.691{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\pymem.hMD5=0ADF4826F91447127DDF01A479F6FA8C,SHA256=8BDC035E3741991996F951F838DFD8F0A97443257D68AB38C6E9FE0081D9307C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062887Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.678{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\pymath.hMD5=6B3ABB2E8A9CA76B34EA142F08356F0A,SHA256=B5153757642D14471E1989CD940A3238F2BCCE685CF03F5EB5503C28FE6850D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062886Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.678{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-89EAB195F9AEB9F070AB21174B5F01A9C52B8481.bin.83MD5=8437F1DDA17BD5656E2C7B3CB08C2419,SHA256=E7616D6DE2933437FF7E1BF89D1A249CAB4850239D94D942E0A64AB7284D6803,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062885Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.668{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\pymacro.hMD5=99E9401EF9654FD073ED1C0E9E2B385E,SHA256=8E4AB338D7464649A6AE1A4A4CF46FD8E378C1221E1BD1581ED600C00BC14D85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062884Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.656{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\pymacconfig.hMD5=87B0AE703BE59E794AC4370A2BE4C188,SHA256=639BD1803F57A4A1293B72905A904BE08553FF9CD040EE7B23BE41D90E4CBDCF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062883Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.651{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\pylifecycle.hMD5=291F6FE118DA856F4BD5B1F5768400C0,SHA256=AF555D6938D96ED9862AE35706031DC721A14EFAA0458A70001F5F1F63A6E9DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062882Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.646{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\pyhash.hMD5=5C62CB2A4C25BA961A942535C61F05F7,SHA256=975431E562FF8AD039EB253B30E9B67B60415B3E801BB6DE578F5A27337BC8B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062881Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.633{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\pyframe.hMD5=A8948706FF10BB1BA1F0E64BCDDBEC7E,SHA256=C37971E1746D987F9299F1B8E2E94E120266CEF2C6E4FE844E0E6187D15456D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062880Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.628{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\pyexpat.hMD5=9DC3AC8C1CEE9EFF2A709E83EC4CA515,SHA256=51E73F1874322331D8D145AEF37610319271C024C36D65921EA52BFDA7B70DF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062879Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.628{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-89EAB195F9AEB9F070AB21174B5F01A9C52B8481.bin.80MD5=16419B36D98CCDDAF59EA6A1EC2F11B2,SHA256=7C339078175F2371C694E014867B7840F80500168E3D8F68ACB870FB26051C69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062878Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.609{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\pyerrors.hMD5=7A02F3B1DE3F3607F7BEC16D95CD6B34,SHA256=440A08EABA32EBA8259AB48D78B8B0FCB9BFC8DC1A9494C04E1913012A6B7C9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062877Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.599{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\pydtrace.hMD5=09806638F331A606C65AE3EDB7772375,SHA256=2F3386F6AABDE0C9A5504A5424E5B42E969744E1692F636D16A009B024F440DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062876Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.585{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\pyconfig.hMD5=019F3472A8DB98E7676AFF485B48FCA4,SHA256=DCF5745CB0B0BA0D289706A6091DC2F49C9856994C6398A807EE83B14079EACC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062875Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.581{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\pycapsule.hMD5=54A50D33250DF99F315A6EC7D1288A44,SHA256=7AB4FED74391638392884905F8F0249222FB964B1674DF17EBC46F867E45EE62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062874Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.575{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\patchlevel.hMD5=4E811C2ACC60A9FDD84D91C59175FA9C,SHA256=06502197D8111F4D249BB90BF8422BB7C39C1711EA25C432C3487311B5F81F23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062873Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.571{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\osmodule.hMD5=BCB8EBA549031E5DD8F15AED24297EB3,SHA256=C3CF9EB8D709F9032E86E9ECEFDF2A26FDFCF5F3A0AFB6C3A1B470E8E97D6A0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062872Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.567{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\osdefs.hMD5=E39ACD45EAACDCFD5AFA071B7DC90AC1,SHA256=A32FD8D498C342B0263917A1CCADFF7A8D7CADC9B7DC711C822BFA3EC756893B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062871Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.563{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\opcode.hMD5=F310498539E2CBDF736DADF2358B485C,SHA256=C970C1631812F0B212C9D2EF5A0916E935183BEEAD1B0B2C2C0DAA7AF816F5CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062870Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.558{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\objimpl.hMD5=1821085D81772AA9443466C4028E36BB,SHA256=2EBB287FACB686634CF2C517B443FC7DF67994FA7002C562D70DAADEA59B8F0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062869Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.552{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\object.hMD5=75681149C1B923FE2E40901B55252C46,SHA256=D617336BDADAA8449F72AD5B055C1D131F2C8D24657366480CE35622F7D3734C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062868Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.547{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\namespaceobject.hMD5=D1BFC0A0AD580B13ED0641D02A715744,SHA256=9A5B3549A0A9F9F115208717B83737A4EA14A1EF453F8983715D540F35C74AF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062867Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.542{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\moduleobject.hMD5=3F7A979CAE3D97E1BF3C522FA12180CD,SHA256=91834F5B979709C706FF32B72C3CA7CA2C0BB612F6D4EC851AF3DECC64D4DF4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062866Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.538{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\modsupport.hMD5=89DEB37043921997212D57F227869AA2,SHA256=F2A4D5A755DECB8413C8D97A4250A99621234C3A3C11D96AAF5F74AE5E4B5632,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062865Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.528{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\methodobject.hMD5=4614495A7B4CEBD067BFBC77534D03F5,SHA256=D9DAAE3E4D1CE73C212B70550578893C1E3693A543A57CF00DC65C767254FEEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062864Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.522{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\memoryobject.hMD5=FCB9C521EE72AB734D13135B17878AE0,SHA256=849B4147B2AC4CE02D2D455E63165C2F858183D0D174A05DB27032414305EE46,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062863Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.516{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\marshal.hMD5=4349FE59130FAB570E5317535AC4B6D6,SHA256=1BD61477BDC9EDC021183DC7DFBD45C872A7359D27D5CD99AAD961CFB9BBFA75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062862Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.510{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\longobject.hMD5=13BF45D14880CA3DF3A66BEF65E8FD35,SHA256=BAFCEFABCB8234A740672539BF49DB5EFDE744D5204DFC86A4424F07106A93A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062861Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.503{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\longintrepr.hMD5=17B5D5ACD11212BB108086C8B131E887,SHA256=FBCDED492C9002384A8F50D262EA502A77AE2EE74E29B9E3403FA03ADB7C5E47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062860Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\listobject.hMD5=7F359B9A61AEE8C6B1485058542DC39A,SHA256=E64AEE180EB4F322E30BF280D14A1EB78BA1262E7F8370D139CC7C4D8DA439B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062859Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.492{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\iterobject.hMD5=0EB532113D44A964499B5E79878FABB7,SHA256=C4230A5AD5EDF6C08CDF2766F1ABFDC14BD8A4C829F94EB9D0FC9E14EFCDF86E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062858Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.489{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\intrcheck.hMD5=4C2DC2673FF0C29A24E94E5CB5A84465,SHA256=16492246BF15A2D1FA3E53B2D3BB7D7651EF4CCAA46BB4089CAC8F3C84F6DF7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062857Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.482{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\interpreteridobject.hMD5=5B22ACC05225F8A3D53E0E4229C32227,SHA256=FAABC0D532098E537BEF145DCAA5165AE0834B55DC252C84CC5E39F385402A27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062856Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.477{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_warnings.hMD5=B5FFFD472B72334D047AAA3E4F827A75,SHA256=A1BA8530C278DB8B83B5F0F8EA5356C1EB585592F8ECC107F578AA2DE5B0A3DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062855Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.468{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_unionobject.hMD5=BF4CD7152046C28549A249A963BD5E12,SHA256=89D11BCD8C123648A51A1E84F9590F5C70CB3F141398CA25477EA8B53A9549C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062854Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.462{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_ucnhash.hMD5=01DFAC0284CA64E5C407C6CA6A62CBFD,SHA256=13FF6A5688E724B4B560EA4E3B3BD787F0EDBB8B0DDEB5028A77D5F094B25A77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062853Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.453{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_tuple.hMD5=B9901C5BFD99CDC817A1B47C9B39DA6A,SHA256=1565B9EF590527EC6BCE74837C4E9BD8B5695FD646F8669B9EE3ACD697423BE8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062852Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.445{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_traceback.hMD5=EBC024A7ACF109017B55004E9270A820,SHA256=CAFB6016911B2DD5DBE2486F450D926F739A1681B9F40065B859152D470B60CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062851Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.435{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-89EAB195F9AEB9F070AB21174B5F01A9C52B8481.bin.7EMD5=2AED51B048D12268892C18EB82854D7D,SHA256=D0617599313B8E57BE189F71B06658776AD1C39958E6FBB7A460A8B0EF9C6D59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062850Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.432{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_sysmodule.hMD5=FC317D873E1D27B1E27FB19EFF116D90,SHA256=A20463E33FF906FE75F9EE409EC4BA373EDEA67C67FFD6208C192C0325A5EC87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062849Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.425{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_symtable.hMD5=80026A428ECAD7A56F578344F8F668FE,SHA256=43865A8EFF836D504FAFDF2E350711973CAD5622C04EC57CA690BDC39A72C01F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062848Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.420{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_structseq.hMD5=A72111DD516D0624D912FD21C8503308,SHA256=0195F59C45A7C5B53256032288320F73F6A5CD286AAC03363F2F159E46E22478,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062847Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.391{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_runtime.hMD5=D9685BB9B176C255300E9F9931B91DDA,SHA256=2D325F58F1A6610831CF7A512711EF513BF51C1020A323E04FB14F80BD41B349,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062846Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.391{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_pystate.hMD5=963552325BE0C6AFF4F59EC27A4F0293,SHA256=EA45B96B1166B308C677AF29F22EBCB4D458A5F430FF9DB6E52C3839C8C4BA9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062845Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.391{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_pymem.hMD5=5FCF8B346621E0B87C592E0F87955A34,SHA256=DC20FF987B16A1739E3F6E6A36307784105FD3184BF4D722C7DF37517DC8E198,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062844Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.391{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_pylifecycle.hMD5=DAC1ECB70F1641DF12F18916DEA51411,SHA256=41B78F1A92142DF364CB916AB3FE574894EF7DAE22A919A3F202C4BC62B12EEC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062843Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.376{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_pyhash.hMD5=69CE48D3A014D4BB0D5A34694E17A6C0,SHA256=464EF87B28946E503532B64702CA245FED4BBD5F06108AAC8C093569C12CED60,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062842Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.376{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_pyerrors.hMD5=CBF79B21BD85D34CB9C50F51FEF4E705,SHA256=4834FEEFB3FB58343DC94599D333A80C1D9EEE27105BA28D508E2B3575547CD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062841Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.344{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_pyarena.hMD5=47EDC5FF2506B956BE8D5BFD0A3C1581,SHA256=A43A0C6D97213D42E810454AD9D82ECC8AE899C53D26A60AAF90D31EE54FAF05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062840Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.344{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_pathconfig.hMD5=A9F33E76D595D0052A2069448DA78E64,SHA256=F1B9DCFD701E0777583E394CF18549FD772B02B316E2C972F0DCC1F345EDC4B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062839Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.344{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_parser.hMD5=6489CE9BB88C9EE6F47AFEC2077C7099,SHA256=0CC055EF7FB28786979D34191870FF9F96B8ACB9787904414AA99DC5CAA43FEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062838Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.329{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_object.hMD5=A3A6DC5D7C1BFFFD580C4D5ACF0A966D,SHA256=D53C4E79C2EDA418F0A28AB318F2181039BFF12A37984BC0E1C35F1FA804CD84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062837Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.329{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_moduleobject.hMD5=3662564EAE53ADA9122E602DC44CC995,SHA256=1B254CAB94D59B3011FECF5B1370D980441A7D22ACB788934D30A54E9FB67035,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062836Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.313{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_long.hMD5=96FCCC24D5E31C09E714D00317A07871,SHA256=D4E102D08AC8B853D217A8C6EE191A47D289314E818116C5FF4FA095014B4A4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062835Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.312{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_list.hMD5=C4432B53DDCE8754E08A9F4A662FB30D,SHA256=6602DF3B6726D08C987182DFF219F8CAC7A80E933CD8CFE2EC3F32B38A1E0CE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062834Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.291{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_interp.hMD5=B57D1CA4B13158FA7E9931F05EBD2393,SHA256=69CAFFC142528CFCFA30464B867F336DC5C4243F05CFDE04676D15FD0F1EFD7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062833Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.291{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_initconfig.hMD5=0B60AB2686BDC5043D7175B7D00D7ABB,SHA256=5B74675C8A491AED2233F1A8A1A8FEF1A8A1F110C90754F6C8C137A8EFC1EA10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062832Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.275{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_import.hMD5=0F4DCD869FCA48F421A3DE9C0664404D,SHA256=DD89264ED0A089AE6CF4AD2870397F03C528F9EC18F404C42AB18FB5F6A5CB9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062831Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.275{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_hashtable.hMD5=561EE412AAA1DC737E8216C065130E47,SHA256=92D5335A76FE51A2E50AA5EAF90EF0DB4AC1A4559630E8B6DD99CF7C7EFEF49B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062830Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.275{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_hamt.hMD5=8DCDFF28E388FA60B92DD88C3EF509D3,SHA256=EB87B0B2B8D9D0290A99E62817C634AF24A74F8ADAABE711A6FDE7EEDABF2F1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062829Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.260{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_gil.hMD5=6D41BB3793B74EA9DE14983D91A06C1B,SHA256=B6F1E407C086A487B896DEBE164C7D22678062CAFEDC8B248E4B5CA9B51D4EAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062828Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.260{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_getopt.hMD5=42F00137CE3A318EE39D33DB6607E1D6,SHA256=4592E97F536C2AB2392057ABE08CAAA0E0E755750F2998D31637E427EC95A05C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062827Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.244{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_gc.hMD5=EDE552C28BC7408FEC703874B42C4E4E,SHA256=F95363FC6F752A0200301CC56876291AB26E3FABE856F3B0F3AFD6E91D1BE7B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062826Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.244{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_format.hMD5=D79F831931932208D27AC58C946C295F,SHA256=B0E56D87F2C63F609632EE20D1208BED13CF0EA445118EBB1D9A7773750195CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062825Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.213{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_fileutils.hMD5=16D624693EEE9436AE6B95A4E10BF8BB,SHA256=DA42442DF981404A3EB3A0B54A62580EFA46DA72FA207C92B5D191A771B481E8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062824Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.213{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3BB6-61E9-8909-000000002102}3268C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000062823Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.213{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_dtoa.hMD5=5B9956305263BF49A6BDD9C7D7DF1649,SHA256=C5F509AB8312A8423AE144D677B2D93D1474C48E40828AD86CB3B51D68D3301C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062822Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.213{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000062821Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.213{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000062820Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.213{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000062819Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.213{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000062818Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.212{6F5BEE90-18A7-61E9-0500-000000002102}392368C:\Windows\system32\csrss.exe{6F5BEE90-3BB6-61E9-8909-000000002102}3268C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000062817Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.212{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3BB6-61E9-8909-000000002102}3268C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000062816Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.210{6F5BEE90-3BB6-61E9-8909-000000002102}3268C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000062815Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.211{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_context.hMD5=57DF2CA2060D56960915B3881C5C7C45,SHA256=967E8A47003B6685526136A6AE08E0D4A276155CA824C5091A5D065A7DA1B124,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062814Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.204{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_condvar.hMD5=D30D6FCB90033A56D4F71E740B45B7FE,SHA256=066D0CFD528E9AF1C4EDF9E136654D4A94F69E8027D76CAF0AFA5FBFE951F744,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062813Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.199{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_compile.hMD5=7EA83A9F81032521CF6CF71F0134954A,SHA256=98061115641CE88000C3CD2E07D67453DEE82E2B483E629ECD638FCDA73DC4BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062812Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.195{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-89EAB195F9AEB9F070AB21174B5F01A9C52B8481.bin.7CMD5=6DE08DFC5FC4D0E6C2952D0FA2434A84,SHA256=E6D1E85F9DDCA80D5962063580B42F251E7E6041406CA61C01E1F4ADE41189D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062811Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.193{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_code.hMD5=A46BA59672BF26005047A7F982B79CBC,SHA256=2933C82BF0220FF4B5281036B6983F1B1C013720E5C942A3B94C1CCB15B6E3FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062810Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.189{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_ceval.hMD5=20B7B203830AF8992E984BDE9526D8BA,SHA256=17B222E5D2CD97959AB2549AED0DAB7B7E3993FC8BECEB284B26129DCD70DC70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062809Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.178{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_call.hMD5=20E5AA10758B8FB136B54A44296DCBEA,SHA256=99AC45B9CBA4862BE205D24E01E446C0E8E96553BD82C1170CC30592387FFA77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062808Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.161{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_bytes_methods.hMD5=AA3251198DB61E8412E78A6F4402C3DA,SHA256=7F0E14A0E97255A066600EF715824BB4446A7B0951B00D9562AEAD25DB49743A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062807Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.161{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_blocks_output_buffer.hMD5=C7F4F7B3C1325AC902929248DB77C968,SHA256=2D9640645019C4BD889530F95811CBB4E6D85CCA8DE21744406E117B0F82887C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062806Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.161{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_bitutils.hMD5=C813E06847D712B0C8DC960D0A868CF9,SHA256=093FAA70ECE12D2DCF439DD13667389AEFC56B409AC935B575BB9E3412440AC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062805Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.161{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_atomic_funcs.hMD5=6CF03CFD0AA8D67D7B3DB29FF9D21A25,SHA256=9E01A0C8EA3E54B1D939C8752539DAC42F7C3628D8DE7D80837A714616095887,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062804Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.161{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_atomic.hMD5=EED15A4C832C9B7F5D987C0715FE1C76,SHA256=51ACDA5FC358BE54DBEFBD9C551257FF64CF9104AE81C1A440B0B231051B34C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062803Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.130{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_ast_state.hMD5=3050B23B9581D1B831818999A1DE1726,SHA256=3D0445215340B409C2EAC8CAFBF44CB49EDE71BD038AFA993BEAC93D4EF18EF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062802Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.130{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_ast.hMD5=5753BCD26805FECB6D8ACE261BA388B8,SHA256=02638F6FB51EC4A6DB097378D1D0D465AA1B939F0D3E83C32D146C6357838B7D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062801Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.130{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_asdl.hMD5=463C2CE30AF5B9B9871239688971EBA1,SHA256=18F9F7C5A465C23F18E1ECBB6B9FED5DF9EC150B73B35D5AA8DD5730DC4CF249,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062800Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.114{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_accu.hMD5=D5B6134238CDA84A0A4B858CC48D68D1,SHA256=61AED846511A9D87A1156908FAE5E23A2FBC21D14522E032967CB708B7985CBA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062799Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.114{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\internal\pycore_abstract.hMD5=DE46B15B9C3411352C7F6135BE300402,SHA256=C4B94325982689C7053672A0ABFE8B6C549C5458E4D07D864BF2A90FCD0674DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062798Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.099{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\import.hMD5=B143BF263899CD639F740EF27AB1285B,SHA256=89C4CBCF24DA3371FD5B860B6506D7036710873ADF27B2EC91FD86400B8EDB7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062797Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.099{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\genobject.hMD5=E16DF8F47788B4F9B4C982A8B06B1211,SHA256=F376C5792D3F78C23BA9538CD79AE9DE1B424B3662A4BCD0C88D7721D76FA5A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062796Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.083{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\genericaliasobject.hMD5=8F84875A052BF2CC69C8695AB9CE8BC0,SHA256=3EBD563F70F3D317558774E74916AF1C294852FD943E041A79DC46C8FBCC458E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062795Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.083{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\funcobject.hMD5=0784EC85E45EE2E6D36CF39ED5BC812F,SHA256=7A62DFF3F03C547C8D06BDB847CF449C6D27C094E2DFDC4E6E419F9C88D5628F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062794Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.083{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\frameobject.hMD5=52D5B8FF577BB31991FFEA0783EFBA67,SHA256=277C3B26F4D4B9B257DC3E216F895B5D699ADD4B56DF991BBB0952361CAEDA7D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062793Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.083{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\floatobject.hMD5=3349CCE7D8A53D0E4A1310F8B1AFB801,SHA256=AF7D9D985DADDEFB286DF6A4E88947D7E9BB500698C286B206C5EDC3A611471C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062792Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.082{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\fileutils.hMD5=D6676D9F538AC171D4611A61B2B0E569,SHA256=6E4809AD197D42C3AA43F44108D9E1D2BF5497813054E0E3E21C1731D58BD4DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062791Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.061{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\fileobject.hMD5=E54D85108699315334A5C036B1E75DF4,SHA256=E1DEC1A350FF79C3CCAE051B39919FDFADBC4D668963976FDB691E2DAF7515F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062790Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.045{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\exports.hMD5=F6865ECF062B1806548B92D04826D961,SHA256=185C68E380C7AA72D677A88A9820C11150A58FA3C3A750498CFAC01F25FE05DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062789Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.045{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\eval.hMD5=54E3EF3F2B24643E03B9EF576EAF50F6,SHA256=162350F66250DF4D0EB9831311AE292E8AF516B2AC0B9D49F4B53394F64A6F71,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062788Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.045{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\errcode.hMD5=1CF8C0699D7715B2510FE1897EBBBBD3,SHA256=3A05D65247D7D04DBE9A763C065D4858BED7199D6A8567D7381019F72FAFED6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062787Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.030{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\enumobject.hMD5=EF325605B8543385361518B5851C081C,SHA256=469C8A7BBCA8A67FD17BC728A1D6D4225C4C0566475774B5DEB655462F058659,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062786Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.030{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\dynamic_annotations.hMD5=48DEC9A3E9EA326ABA0927F8ED7D8017,SHA256=5B4ADBB589825BE2058422508E99BD664660E7240F53D1971C2EC181DA4A501C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062785Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.030{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\dictobject.hMD5=C4EBB3A9CB9002D69D4B6687BA83E227,SHA256=31ED848A22961BBAAE662D595C73007871E838E47466906CAFF48A2A5735904A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062784Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.030{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\descrobject.hMD5=E24C43E82EE2C8EDAD99F7669F0E141F,SHA256=7D50408DFFB572AE95DD62D9BC05BEDA00DED6193DD5E92173D6A365265950CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062783Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.014{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\datetime.hMD5=8AC6E53D5BBD440E7B74EA36CB4A3B2F,SHA256=91765FB0A05DDDAB3C267B326001C443FC11F9F28B99831463F03B5AC895E088,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062782Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.014{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\unicodeobject.hMD5=A2C1ED4413BB7F65B1D1CCA068B765EA,SHA256=7EEB9309371FF7702E349631A9DA3C77A9C8BC33B4B3C7CA0691C3421B66E054,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062781Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:45.998{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\include\cpython\tupleobject.hMD5=4B0D36D30455D10E9FDEBFFDE6B5A9EE,SHA256=DB441476CA36D6BB3CF6CC7E06A0C1D2ED02825419E7ED65992E9E039DA34DB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031921Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:46.628{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D60FD6A643FA629C7A624A3C60978F46,SHA256=17E2DB6274CB6B22F2B676ABF57EFE1FB74658296D102B6CE41C8C4C742DD117,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063149Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.987{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20191009-052626.466cMD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063148Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.987{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_clean.pyMD5=2BC5402E4D16F3AB5AD007DDB4A0D047,SHA256=DD5755A4AB9DABE80423E8990BAFA0BBD9DD24358D16E736A3D23EB3C8848802,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063147Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.987{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_check.pyMD5=1CBCED7D94176CE46AFFC2FD03CD1370,SHA256=8D6746AD4ED097A0028F5AB10E6BCB5CC7F061721496BD6CA721B398AB383E9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063146Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.971{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20190906-052800.31c1MD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063145Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.971{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_build_scripts.pyMD5=59A6DAECB468B4C4F8AF4BB8DC6CDD8D,SHA256=514F5BF038CF256C4D0778E6E954B961C3D429B593F5C8F5340BE24D64AE8388,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063144Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.971{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_build_py.pyMD5=675CF27B48BD3AC3ACB37A31229EF21A,SHA256=65ABF42146797B2B19538F4AF9986A9033B887F08DACDA15C1655280D5940640,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063143Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.971{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_build_ext.pyMD5=07738A7BFAD538CD009C9F1792A41589,SHA256=F8CE59DCD987CF52311AF197E0AF816800A77D7945E1BCE7DD9B2221F40A4035,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063142Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.971{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20190612-052748.5e36MD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063141Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.971{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_build_clib.pyMD5=87A4C106869C5961D769AEA00C2DF0A9,SHA256=69077611D380751F0F9F2D93CF1F09AC4BCE16F8109238342FC92EBE5832BA11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063140Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.955{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_build.pyMD5=459D5D0B703C0D3AE1A4324F616367DD,SHA256=AEA15639049FE273348D4C7E147535BC6A84AC8B30A1A39EE19ABFE5669A89D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063139Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.955{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_bdist_rpm.pyMD5=8109B0AF67110DCB8EB860BB8D472B50,SHA256=466F440C7AEDE82F8D53D469951747DFB14BF3ED829F53B821C4740C4D095AE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063138Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.955{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20190421-053209.5e3dMD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063137Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.955{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_bdist_msi.pyMD5=F83180C77C3CA1BD7CD908C0644B198A,SHA256=9C0B38D07DF20F670EA7B4663C74AD5E5B3E81A1E152B51C0AD474AEE95CF146,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063136Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.940{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_bdist_dumb.pyMD5=B780B548F5D20F8BE102E22B032DB59F,SHA256=FBAC9EE30E98E32B4EFB0029B9C318599F6ADEC75505541F4D89738F5A9F4271,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063135Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.940{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_bdist.pyMD5=60BC2E984727D8F2B7239F8D0DA9D44E,SHA256=E0D6A359B96B3910F58DA3893101DBADBB15F026507AD381604CFCB319AD8566,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063134Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.940{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_archive_util.pyMD5=7A948E7DB759BA18EE0D3806884C01CA,SHA256=1C2AB1F4DB3B5029F6B38876634F49AB1362214FF4342E87296D57AF14A281C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063133Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.940{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\support.pyMD5=43C09FF95CF314BB5B4FC55D45B07765,SHA256=2DE5017C0B9525B676C2FCA11314CAE564E950C37000B4853134DFDC882C493D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063132Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.938{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\sysconfig.pyMD5=FBE345EC641A0F674C2963084DC51DB3,SHA256=13F1A15709DC66576A7F727476A483DC7616AFC00E527FC248DA6A7797086AB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063131Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.918{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\spawn.pyMD5=DF25DC916FC0BC3A71A7BAC74C01C0A8,SHA256=E4CEC9313928C0619540797094B8111A7963AD07B5C4005E5E082C72EE2B2BB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063130Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.918{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20190213-053313.7874MD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063129Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.918{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\msvccompiler.pyMD5=0C96D985AEFF35B798D316FB804BC1B9,SHA256=4C6888367DF7349C9649E9083CDC84202E1A31AFCA81AD775C9C0261A091DFD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063128Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.918{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20190109-222025.50bbMD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063127Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.902{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\msvc9compiler.pyMD5=01EDAD07645F4C8098875F8B3FBCA850,SHA256=0A6151B42962B0F403FEE76C9374386D920488423E9B69868EF6144C112FD520,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063126Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.902{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\log.pyMD5=90DE3ABE57090B62EE942ED0680A4AEA,SHA256=436FF055B5D2458B737308D84EBCCDE03D63ED736DB6FB612E254ED693DB1273,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063125Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.902{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\file_util.pyMD5=A20B1F020873571F620F7B8CBFCA7A30,SHA256=485BEFF50549D7390CB8D3C84D57AAA2337CD10FF18F778339386CF4BEE42268,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063124Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.887{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\filelist.pyMD5=F41E93FBB43F630430E76916AE47E30A,SHA256=FFAC6CD29B794373094BD27E2902659872F0EDD415AC6C422ED4709615AEBD0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063123Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.887{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20181119-024200.476bMD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063122Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.887{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\fancy_getopt.pyMD5=86FE139CB820F5491312AC03D4880D51,SHA256=1D2ED826F86D339DBF44CA48A0FB4BEA8D23F4996FA010D8FB3A898ED42AEE08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063121Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.887{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\extension.pyMD5=BCC1FCC84D1056F3614BFBA8306E4BFF,SHA256=C13AE152D1BAA7ABDC319D8395AD195ECFFE68BFFEC6B7564A2829974A983277,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063120Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.871{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20180916-181813.2ff7MD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063119Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.871{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\errors.pyMD5=9251870C4788C056BBFDCEE1CA612723,SHA256=CABD7EC5BB0F0A2A830CC01865523DE6E12E77B3F7834EED6C0E9C4EE2CDCCA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063118Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.855{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\dist.pyMD5=10D4051283309BC31E24BC369243830A,SHA256=F5753C16A0CA078F18FD05D6834F95CD594EB48C666E929C0A20F85F316DD2B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063117Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.840{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20180814-230709.31ebMD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063116Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.840{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\dir_util.pyMD5=6D6921CFB9AB1E64A7D8C56137148361,SHA256=CD5F2BF3CA6D55AC935BBDBD095EA56FC56EDE2466CE058EAFA6BAA72590E867,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063115Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.839{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20180613-051431.606cMD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063114Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.817{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\dep_util.pyMD5=9950D9914FD4C0D3C929F2A151C5E120,SHA256=EED48F4538531E8707BA4F38346BD82D458EA969B7C75FE9B5076CA302BB3449,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063113Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.817{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-11242016-000541.76e0MD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063112Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.817{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\debug.pyMD5=64C560EA2A1F8F7E9095D53C60DD7097,SHA256=379D7EF4117C46A2B9C4E1ED2F713D6FA371B78966D4EC4FF0251CF5A97DF4FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063111Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.786{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-11172017-193005.1a55MD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063110Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.786{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\cygwinccompiler.pyMD5=DB38E6E3A15FEB14556FA951DCC9EE44,SHA256=4AE8A63AFDFD3A824CAD5B5F9AA7A9010D56B621E617789F12F0E1CEAB3A51F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063109Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.786{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\core.pyMD5=D15A0F3BF6BDDA13538333953322D17E,SHA256=D0B9BBF69F0563CFE9F7A446950DB8C9323D8C9BE0685111A5877157BE88A18B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063108Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.786{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\config.pyMD5=02092362C2157C59B6ABB1AA47E453AC,SHA256=5247F4012AC1EFF843C61AC888920A98951594621BD7F98094E207AF1CF5DA41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063107Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.786{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-10182016-015358.3727MD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063106Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.770{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\command\__init__.pyMD5=4ADAF69A02FE6869BF213304C1230552,SHA256=93C3197E5E648D128755360D0AEF074C3F93CA19FE1F17F4948EE3EF5C9BD524,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063105Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.770{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-09132017-104812.6edeMD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063104Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.770{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\command\upload.pyMD5=4E159AE196B4B25316AB8F42725D882C,SHA256=5CF511C94B67AAF428530AEE9A38079C0DD2FC8261EA11FB45CE5610EA796E54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063103Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.754{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\command\sdist.pyMD5=56B3314AF07B85F850DDBC97F8295576,SHA256=D586E7228021DDFBBBE50108FD69B9CBA828F2222E7DAAF30A660CE93627ED92,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063102Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.754{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-09122016-043403.1ba3MD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063101Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.754{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\command\register.pyMD5=6B2BA18226E1E6C6C5B3B0E3C2F4C09D,SHA256=BC2FBB9741E47411E3146BC74A6E7ED7CD1DB79F13CF971BCDD543A8EF071A2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063100Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.754{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\command\install_scripts.pyMD5=CE030EF464889B57F9840354F2E75E28,SHA256=181A058759E97467F386A77976B6E4788C4230FCC138EB75F8F49018F8223305,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063099Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.738{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\command\install_lib.pyMD5=BCE6FD70A614F6E39E2D8E0FE362B021,SHA256=1A6E059C71D155D82CE25A58E0EE694BBE3B94FC9EC4F55A42691B7818EA8BDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063098Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.738{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\command\install_headers.pyMD5=A7C8AADD0EF302C61345CA9987E5EBF6,SHA256=0C1DA5CBE60D24C16CED3725685F387730249E7D840AF929671FF422EC13F0AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063097Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.738{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\command\install_egg_info.pyMD5=2E1602363B1BE2CAB35EBE18AB8C36DB,SHA256=D4E6034CF73165DED9B07FDD42895900A4AF804B9C8B22013E3BB36204F32B20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063096Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.738{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-08092017-062047.1ff8MD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063095Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.733{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\command\install_data.pyMD5=E0E267254D0EFCF83C88F807CABE39F6,SHA256=B2799E88D99C99CC5A46798934E4ABCC8220BF8DF3142737553E75082C7262D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063094Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.717{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\command\install.pyMD5=52A07AD675CA636E27571051F9E3192E,SHA256=F990AB66D7C9BB87247FEEDA4BA0C83A5BA5F71BD31421D3D758913958D5B1D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063093Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.717{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-06152017-165644.6bd6MD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063092Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.717{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\command\config.pyMD5=44F319C4CB58DC7D666FE913A518E63D,SHA256=FFC162DC06244CFC040085DE9A6E618337DA50E03C546886B9034D671B99656D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063091Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.701{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\command\clean.pyMD5=F87DBE0A94577BAC57E5EB69104ADF2B,SHA256=AF74749ECFA1294E80C94FEF64045084EC89A4B136881D7AC901A6ED9B20C7BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063090Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.701{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\command\check.pyMD5=F74F108F8BA434064D8AF248AF25F6C9,SHA256=7B0BF58895ABF0DD61E98E686F10E8C32EFF4ACECA62F27FD886D7D14E45191C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063089Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.701{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-05112017-235041.7950MD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063088Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.701{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\command\build_scripts.pyMD5=DFAFA6C288CFAE9F544DF83F3908E890,SHA256=3722A0E412A3A82282C86A4012B575077DE442DDE4BC7570B0FF49B889AD147C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063087Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.688{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\command\build_py.pyMD5=13557678DEEC02D4F789CD1DC7F12B8B,SHA256=6AEC4CF13136C0BEF686C311CFC934339940EA2603F3540B41074CF3F6F53821,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063086Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.688{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-04112018-184436.2559MD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063085Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.688{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\command\build_ext.pyMD5=79473BA1AAA024355AB55B73633B2743,SHA256=40F261DD8A47291F88F5FC5D6D2A994C88C0AC8B5826FDF5E0CA8B6E25858CB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063084Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.688{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\command\build_clib.pyMD5=6D7F9F35793D0BD4C91B313D1B7417C2,SHA256=63D4148A9740416C5D81D5125ECAAC822EEB51805911C820925446BBF6DEFC23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063083Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.670{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\command\build.pyMD5=8B808B0B879EE7CCE411E725B95CC859,SHA256=D43053802FEAF2CB4A092BC93610D53EC46CF47F54B701A40703A9E2C08BE4B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063082Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.670{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\command\bdist_rpm.pyMD5=86FF73EB7D0B1A6C39365CD3A4907E5C,SHA256=40801A81526E018F73D051D78F88D7A091130E85EAFBDA07E1F12013F27470F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063081Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.670{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-03162017-185340.1a4eMD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063080Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.670{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\command\bdist_msi.pyMD5=A0BB9468E1B647A6B8163E634DB524C0,SHA256=A198C3979136B33B0206CD78CE47000E0E7DE55A94DB09D59356BA5B7D278CF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063079Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.670{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\command\bdist_dumb.pyMD5=2540A08F0688EF951E376EDCDA8C5DAE,SHA256=7168169D923288B8EB00F3D3038128A29B45927BCC4A3476BD2577C88007E993,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063078Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.654{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\command\bdist.pyMD5=20CE297284367AE47EE96C19AD5861B0,SHA256=91B7C37C34C4F264A0141474B83B1F086C5E7D5FDDF7E8F3683DB81B414F8022,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063077Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.654{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-02232018-102541.f0fMD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063076Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.654{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\cmd.pyMD5=DC00404D5BFD02B69F6346E3BA816E2B,SHA256=85E3FC729488F2A06EA61BC924C1BB0EFA0FD59E6BF9E8D80023C8B692D7E1E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063075Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.654{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\ccompiler.pyMD5=6589EAA27D9799497EF8E126CE42001F,SHA256=D3B2F28E6DF714FCEBFA3F90A283C2DF80FB753900D615DB0B51D3F82C7B081C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063074Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.638{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-01112017-210158.2835MD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063073Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.638{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\bcppcompiler.pyMD5=30EAB5F49ED5AFBD71EE48EED3F179A0,SHA256=5B1B928D077CA5273FF912E6B884520002B367052A5BE4034CADF00D79972898,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063072Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.638{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\archive_util.pyMD5=62F7B8D4F48AED01BBB8845C164D2DCA,SHA256=1269FD4F5DA0E20A50450A72FF2331F282A04CB0802CB6DE38BA1052BB6729EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063071Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.638{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\dis.pyMD5=629C132558A9EC0AADDA6B3568285463,SHA256=3DF71EEE06EF515D91204CB4A2AE9C0946C968473C51D2D902C82FB2B62BEA2E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063070Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.638{6F5BEE90-3BB7-61E9-8A09-000000002102}24445460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000063069Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.638{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\difflib.pyMD5=6660BB16A8C58F34296055C6CE18CBA5,SHA256=880A89F1E3CAFE2C0CC0B017774447CA04104FB262B3C12A10CD142B8C50B151,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063068Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.638{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-01052018-231907.6aecMD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063067Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.619{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\decimal.pyMD5=19468B7C81C8C73F6B37DE1BE745672C,SHA256=F205D8DC95D81B5D2B59362CBE0E385CFEEB98C14A70971F3372BE1403378B03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063066Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.619{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\dbm\__init__.pyMD5=AAA7BF10D5BB5125CD6A9F6584EFDFBD,SHA256=31CCB3572790579F00A99D0E76513E43F1554D8E72BE2B83C4795427F24885B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063065Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.603{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\dbm\ndbm.pyMD5=5967B257F3143A915F76FA1F4494E989,SHA256=D747238751AA697D7040EE1479E0C3EFF0172E1195825061CF517CF9BEF30050,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063064Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.603{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\dbm\gnu.pyMD5=49B75CF4D832E5DB5BFE4537C5332188,SHA256=98DCF3E73DC56C7DBF013852F685EAC1FE3A911785E682AB69836EBA5656C142,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063063Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.603{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\dbm\dumb.pyMD5=90265924B0CF9D1E3A0EF2BB2D549CE2,SHA256=96FC314ECD5EA6344FB016F3631D8013B214627D30B5AB19C21D1D6D35C5306A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063062Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.588{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\datetime.pyMD5=2C0E31B583845F73E9BAE346574E4053,SHA256=FFCC56914489049CD47247C371BB96007BA102429E0322B52D56933973A753FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063061Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.588{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\dataclasses.pyMD5=27FBA1B83032982DCAA4D1BEA238BF20,SHA256=DD5CD8D60D2EF77698A3BC0CDFF433404AF95FB80FE390A955D1BC11BBC6839A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063060Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.588{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\curses\__init__.pyMD5=63A612B59CF6205D8F5DC6984B8030C0,SHA256=EF71D789E173399F3F33F1EF5F5284456C9F3690779D1E597F3A92BD67C64E9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063059Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.588{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\curses\textpad.pyMD5=DD91DF75B078E3244BC13D35B9720367,SHA256=C8F8A7BA4705B571AA46BA16870FC9CFA8B9C5A4633E30556FF7DA162F67B15D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063058Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.569{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\curses\panel.pyMD5=5D453D87DBDD7C37EB62894B472EB094,SHA256=9B10A03C3224939D9BE2A078FE896DA5CFEAA9740D265F8052B5403BC5E15BBF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063057Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.569{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\curses\has_key.pyMD5=46B1621C4966F8371A3DEF67C5C6D632,SHA256=4838A7369459A90C58CFA5804C824F486BFAC1B7A8AE751C7DAB5443B500695E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063056Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.569{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\curses\ascii.pyMD5=000A12324F07A03393565E9BFA3B98ED,SHA256=42C4FB28EAA5A3DC8E65564B4A7FC7A352FCF775436E54A2BAA6608640434BE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063055Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.555{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\__init__.pyMD5=4011BD449ADC4F81A3C2471D506F013D,SHA256=554DCFD54E9D080FB9157BED5323C74F2709982B1E5B64896B85164A0B983F57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063054Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.555{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\_endian.pyMD5=017E36585911B8E46B02B637521E5B5C,SHA256=48ACC287ECDEB183631CABF97DF977AF3F05E081FCE79A53C35B6078561F7C50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063053Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.555{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\_aix.pyMD5=0BF271057C0AE3E6EEA6AE43DCDF8B78,SHA256=8DCEFABF8101D7ED0A90AD3325AC10BED792580A0FCE71938A4B3106B8FA3FBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063052Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.538{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\wintypes.pyMD5=E79896C3F4A4880478A06B6C5F248689,SHA256=F0EBC6BB351C64EADEC46014490C951A21798226BFBD487623C8630DCC0A21D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063051Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.538{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\util.pyMD5=7C2EF43E92C48F791F1C571975BFC2D5,SHA256=54D572F350291473AF1C38BC3E03BD58FB71F0F1A4BDC8B629C143D544E9A56A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063050Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.538{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\__main__.pyMD5=5257F93F9DB3817B3834209486F556E7,SHA256=DDE5CFCC88B23F92A41180A582C18CFD8CE2AFADD12B0F6780630F5EE699A6F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063049Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.536{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\__init__.pyMD5=82611F2C799ACE4BAD58A6E89CE5B0D9,SHA256=9CC3DA0531E291012C8265313E60C63A5E4698FAF1551DC1D1F73953E4F70699,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063048Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.516{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_wintypes.pyMD5=AF98AFCA97E67DFDFC4867B0E7140B37,SHA256=718F309C3903BA935D0B22EC676AD77261B1AD866E926D500FDB8CB2F65CBF97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063047Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.516{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_win32.pyMD5=D071F631263D91D552C0B3471B9C14E7,SHA256=6EADD6476638A4D96E57559107552FCA96B932525D8522670E639659AF864604,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063046Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.516{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_varsize_struct.pyMD5=16E74AE7496ABD4DD0FA2B6930AF4BA9,SHA256=9413558163A098982EFCADC55B5B3FAFC6A06A66CE427745268980317A024D2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063045Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.516{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_values.pyMD5=2924ECDDCA4595D852F0A29974608BA6,SHA256=95667B278B9A27F03E79A121E5C0E510390F6B23BF1BE190D01E62F7FA9659BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063044Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.500{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_unicode.pyMD5=E5F6FE9A18B73B09824BD89C215667C9,SHA256=9E390EB17E2407E9CD60BA5881FF301FD2DE4BD1BDB5C1ED8A046116260BAE2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063043Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.500{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_unaligned_structures.pyMD5=8A12F280CAB7E5B9C954D33C916D89D9,SHA256=31D3C262E7A6A9C78F1D4C53C1ACFAEFA6D7CDBFB6FAEFA8AB412DC1A8C0A04D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063042Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.485{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_struct_fields.pyMD5=6042806A08268402DFA4009CAFDBE196,SHA256=7D4D218D0FDCE230A2FBB8926CA93D718EADB54A38CD91126087BE1EA3FA760D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063041Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.470{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_structures.pyMD5=CB506BBC3A70B77CFAB408F07DB70963,SHA256=44559FF16998CF531A4796A7BEF28CFD44965EB5A53C4776A6BD7C265481D5B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063040Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.470{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_strings.pyMD5=6E9442A4F323A8053C2887369858DE62,SHA256=F312AC370A7F1E9229F21BF0729513C7347933320BFB3A702F0D0438B4F773BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063039Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.453{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_stringptr.pyMD5=3DBE3E2B362D6DA28819A8BB20838B4C,SHA256=09C49540BD86CCC2F714C8188A85F9A419B854AFE504E1D0B5450ADB71AAFDD3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063038Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.453{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_slicing.pyMD5=000A4990ABCA74AE3F65106C847D3E7C,SHA256=6AA1B72EB150B272DE1884D2261DDF28A73DF82B142BAC3E8425FCD496F6D31B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063037Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.453{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_sizes.pyMD5=585936C02BCA218C821CB09A0E6907F7,SHA256=B88CF2EF8990F6F4C8B97B205210512502BB97CCCDFDB35752536B891DC7C378,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063036Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.453{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_simplesubclasses.pyMD5=FB3737B32013A3EA2C0EF4821BE927C0,SHA256=C88982C642D80F89DAE724EE33E651CD699BC55BEFE2125D00BA46E05FEB3A32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063035Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.438{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_returnfuncptrs.pyMD5=DAAE61C1208D19F3EEAF67E808574EFC,SHA256=3E54A503AEAACADF9F1D88C8079B17B90FDC304FD0BE1A88945DBAFD4F61454F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063034Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.438{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_repr.pyMD5=DC164C6303D18BFBA316E23A8CC28A6E,SHA256=DB22BA49F0A2F142E60C675D3168CEEA667D9C15BE8DBA5D4156F5A4FDAFC16E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063033Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.438{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_refcounts.pyMD5=5DA23BB48EA8ABD7FD45E54E885A6639,SHA256=4E276D94F9CB1717355DDD1B0FC22CE5A2211C79D64A3AE8A2D79F7E23946E17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063032Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.438{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_random_things.pyMD5=B449761697D1195F8B4DA5AC5F8ADC9E,SHA256=5E99F35D8AC97F7E2118DD5A41867C8EB5815344E6AC4249D098F12736FC8D34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063031Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.432{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_python_api.pyMD5=FAD9E4A017AB03932403B6788F56074A,SHA256=CFD4DC18EC8246877126D4B12539E64D3952B2F4E7C0E47489231529907FE858,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063030Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.416{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_prototypes.pyMD5=95B3D8D27990B70FC6F7C653063093A9,SHA256=A2CF32DE21C1D96703B5FA105B24D7C048BC8CD7AADCF79543FB7F207D81F261,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063029Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.416{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_pointers.pyMD5=CC84C4A5707B83587F6B1244FC0B4734,SHA256=BAEBC5584B93EA2DC1C31FF33A3A3D5504DDA33CE1503E8F41E99223CDE86688,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063028Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.416{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_pickling.pyMD5=30922E706085ED4839981E9E59DB7D72,SHA256=135583F9F11BA2B0FAE4BBE4D7A8A75544D36A9B88598BF46B110A949177CB81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063027Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.403{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_pep3118.pyMD5=3A0A6EB89281D69A7F891D95B6C7C122,SHA256=316F9694565BECAC1F5D7F4253A0E92C4D8B3C8311BA53D30CEDA24F025412DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063026Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.385{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_parameters.pyMD5=5949F7A50326E4BEC7E68ECC4FCEE078,SHA256=056D28D5EFA4EE79E487895744A7B18FF19570B8D47018B0FF3A006B812CCCC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063025Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.385{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\MpDiag.binMD5=E44314793EEE9AFFD2B4AE11574554A5,SHA256=E88B79C51333278E9DCE5A824A68094E8BBF945A659C2F37BD2A4687021D1E1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063024Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.385{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-89EAB195F9AEB9F070AB21174B5F01A9C52B8481.bin.A0MD5=AE2A288FFCA509F3A821A98F21A08850,SHA256=2DEB88A92316FF22A05BE6038B87D7DEE4B77B0E34EC2D7C281AA50AF5F67D0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063023Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.385{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_objects.pyMD5=01973E3980CDA772074468BBBF73575D,SHA256=2375BFD846D3F8C50E6ECF87DD4F46A46E8CDABB02CF826FA1B61EF524824554,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063022Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.370{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_numbers.pyMD5=3E6B1F472B29A6EBF36EB149460F84B6,SHA256=CE56D0574523CE5416D09AA77B6F5441E7F2D8B3C6C4E9EED267C97B5CF06839,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063021Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.370{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_memfunctions.pyMD5=5014B7EAA2E90171EAE7DB73C8E54FB7,SHA256=1561C44916314C361F2CA14ED81EA7A01C962DB98EAE36135F552B2698F52903,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063020Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.370{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_macholib.pyMD5=F61538EDDAB507CE94CA5EE7FFFE7C5E,SHA256=5F9C8E2FE6FBE5E46736D84A3EFE21E1AC1035C34DA3A7ECBA603482D2DEDF36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063019Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.354{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_loading.pyMD5=56D960C9820B94873420AF1568C7E6BC,SHA256=8F34FDC30617226B0DBE3488944E4811ACE54245258354280469AED27CCB18CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063018Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.354{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_libc.pyMD5=DD09C074CE7F3DA9732725E4B31E6B14,SHA256=15F6D841475846ECE6B6966301B737E3D9B3069411497B9495FFAE0C81D04212,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063017Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.338{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_keeprefs.pyMD5=796662BFAA2B40506FD924880D9FAE57,SHA256=D43EAECB7CD065B7844F405C533C53992055FAB5C1DF63AE133BA06821E53A8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063016Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.338{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_internals.pyMD5=C2C90A2B68830C1E09EE0D4945DDC4E9,SHA256=447AFE6FF20B6788B50DA10A309D487BBA68FDC90FB7E57C6ACE2746F86EFE18,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063015Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.338{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_init.pyMD5=27021B00477C506079328D3A5A3F78A9,SHA256=9048101E128F49738284A2710D09E8CCBBECD6C775CBFE3A2505D48F20E9EA0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063014Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_incomplete.pyMD5=70968D92E6FAD1BD97BC47AF51996EE8,SHA256=87E2161447711BF74CBCB30A23CB681B334E6F17228243A5520887803E4676DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063013Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.331{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_functions.pyMD5=E13313EA0AEC6CF4640F31DEF31A39E6,SHA256=F4A08974AE2AD258E36BEBACB530131A956D4F7C2D3263F8D0CB9239F4EB00C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063012Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.318{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_funcptr.pyMD5=5566EC49D926F6A7E4E064E7C5F9E4A1,SHA256=E9DEB47B1CE3E1D278ED708823EED058BF66EBB2AE9A8F9896BC6E7566DB825F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063011Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.300{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_frombuffer.pyMD5=22F30ACE20851D2BA79724E6190F25D7,SHA256=148565036DFCF7BB21CD1C187DDD6D2ACB14B4D464F1989582FCE8B55A6AD6F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063010Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.300{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_find.pyMD5=0F624CD55C1A37E759853C6A20834E24,SHA256=AEB34DA2A1AC8668A6CA966BAD777A3602E865044FE861CDEC57A36DA658C52B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063009Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.284{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_errno.pyMD5=D4DA9B407207F65B8B1F9225D7461117,SHA256=B6816BFCF26A4816C334A2388F02BB66BEC7DB3FEF9ACD34B0A1FCB50B1CF246,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063008Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.284{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_delattr.pyMD5=5DF9815304C86ACE6020573F2C3285F5,SHA256=06EBC4D5D019BF56D6EB72B2791CF908900DD7E90156B23DD89B21425A25E422,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063007Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.284{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3BB7-61E9-8A09-000000002102}2444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000063006Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.269{6F5BEE90-18A7-61E9-0500-000000002102}392508C:\Windows\system32\csrss.exe{6F5BEE90-3BB7-61E9-8A09-000000002102}2444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 23542300x800000000000000063005Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.269{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FDCD689BE3794DA3D5BA1A18DA744874,SHA256=5B767EE341DB6FF3368E18F6EA59BBA3686C051091E6183C5D154A2DF97A78C6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063004Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.269{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3BB7-61E9-8A09-000000002102}2444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000063003Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.269{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000063002Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.269{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000063001Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.269{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000063000Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.269{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000062999Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.273{6F5BEE90-3BB7-61E9-8A09-000000002102}2444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000062998Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.269{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_checkretval.pyMD5=5B069F0F2470A6FB5FA0DBB841199996,SHA256=D17F4F281CD0B91A041EE760931DDBCC20040CA0136532BFEC19D23A1A74026D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062997Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.254{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_cfuncs.pyMD5=AD9026C0E907731CBBFDDB6CF9B54BF7,SHA256=9A500004FD764FC1E51C7939C70C2A934B9DD5D4AABCC60ACC741C831FEF0C74,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062996Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.254{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_cast.pyMD5=4E21D156BEFD6A87F0194198AE282062,SHA256=9A6167790D619DA3031F46C47E1E90673417D615E0E51E2AEFF34025799FB50E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062995Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.238{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_callbacks.pyMD5=C8E1C51E8AB7F35EC5EF1C2B60086242,SHA256=33B1B43705113FF4D5D1E85F9A835FF3E44D39A7A27B3740D44406D414C164D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062994Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.238{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_byteswap.pyMD5=0EE8372AACEF4A068D4E54D05D853077,SHA256=B08BAE08D658E415778544E079DE8C3B9C5BE1F0752B50D9A8E41EF0C72167B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062993Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.238{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_bytes.pyMD5=2A38D98F71B4A58FC9B35908E4A99C00,SHA256=27834A2AF2ABA22100F23859133B8F831CF1B2F18CFBC93AA9362A55441EB7B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062992Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.232{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_buffers.pyMD5=8E090D286F89A4227E0C674019C4420C,SHA256=1418BD67F4644C62B171EBC69E3C9C49A59955024303F7EA82C4A53BAFD90AA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062991Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.216{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_bitfields.pyMD5=D40CDE1ED6F39269A180D206D7781840,SHA256=EAEA1B8A347C82D295D58E51AD5C4F44F6934EA1F60D662DB4B6A607077C7ED1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062990Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.216{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_as_parameter.pyMD5=E8AE379E7175932C155F30F2780DD733,SHA256=8225672DF52A662CB66C1B59A8328068C378017031A480689BDDCBD4D964244D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062989Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.216{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_array_in_pointer.pyMD5=7972CD74387DCFB9143CF40360601C54,SHA256=E819FE83514B6A585D6B999901AE949A6C9D4EBA876D92AEB8F1AA2E71D94067,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062988Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.200{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_arrays.pyMD5=BDB5B5B9FB0E9E0D2E1B305094DA1FA2,SHA256=5673E5CF445FF496D4D02F93C3D5C129D2E8CEB62642C26A186C79CB6BFEB221,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062987Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.200{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\test\test_anon.pyMD5=0386EA58C0BDBE99EFDC92A7D4B0496A,SHA256=3EA0C4294653BAAE3AF691C979123E7DA16E5F946D34B5EE9808E7BF7406B06C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062986Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.200{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\macholib\__init__.pyMD5=B4E0F252AC2C050A15FAE8D8D5153924,SHA256=AD449177F69D3150373892859AFF90A1882982E9ABA313B919711B7F38370DEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062985Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.200{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\macholib\framework.pyMD5=0FBD9BB28049B7EF685F3E27DEBA9B7F,SHA256=AF9721872CB633DD93195C40D4404FDFDF1F1B293DFD0956015A22378033A5A8,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000062984Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.200{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\macholib\fetch_macholib.BAT2022-01-17 14:25:12.000 23542300x800000000000000062983Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.200{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\macholib\fetch_macholib.batMD5=B88DFC5590F1D09D550605F3AFCAC0D7,SHA256=7497FBDBB98AFCA4AC455E3A057C59BCDEBAF1280E25C94741DC301F05CB53E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062982Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.184{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\macholib\dylib.pyMD5=CEF944CCD77C054FB37749652A30E9F0,SHA256=144D1FCC7C611A8B50CD48AFBC288DF896E47FD1A1A6A10473811A4DDFF03ED0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062981Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.184{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ctypes\macholib\dyld.pyMD5=57341ED3630EE8675E3F70C89F977280,SHA256=5DAD086AF985C3578C5F1A0C2E8D85BBFC3073624697CDB8E34C46CA9496B161,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062980Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.169{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\csv.pyMD5=CC8985ECA9F01BE5592599AEB491413C,SHA256=D5194CB311061A9AE2D0BF0B6A51C1ECEC011CDC2B5E6EBA91820C91FB00AC97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062979Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.153{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\crypt.pyMD5=FC7E8AA0DDFD140ECBA35E83E223F9B0,SHA256=7590C76C64D91E652C0887E2F262F8DA4434C55F5CA5004249D22F5118CF17C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062978Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.137{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\cProfile.pyMD5=E033728A638E731841FB31E026BF27F6,SHA256=8ED9EDFE153C6A3CCB3F0AAF1EBE57EE506DBDCF9ADC98063A9412B40AD78602,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062977Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.135{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\copyreg.pyMD5=5B6BA7867D653890AF7572CC0AAAB479,SHA256=E5BF33A527D7251F17BFD491AD0F0858E1A3C4C7C10DC5E578FDB6C80C8F9336,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062976Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.115{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\copy.pyMD5=DEB21BD3E14B1439803535C02080CC7F,SHA256=0583559D3252EB5960677D76351CF7FEDC469902C439CC8E458BF10FB973F99C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062975Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.115{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\contextvars.pyMD5=031F54940ABDF481926457972FD90E0F,SHA256=758A96E17249E1E97C5CA5D1EE39AA31E5D439D0922AE7AF0064318E70B59FC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062974Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.115{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\contextlib.pyMD5=F26C810F186A8C2F158EEE1090238DDB,SHA256=ACD2A8C3F86CE069FB43CDE542BA8A8BD17FD9FB27EF5FCF38210D599A7F344F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062973Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.115{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\configparser.pyMD5=D387D183EBD72541C9E5EA93D540B6DA,SHA256=77F0AE3A1581B3D4E9BF2D831AE2C92F457700359E6E82E688E9230EA39168CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062972Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.100{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\concurrent\__init__.pyMD5=F8259102DFC36D919A899CDB8FDE48CE,SHA256=52069AEEFB58DAD898781D8BDE183FFDA18FAAE11F17ACE8CE83368CAB863FB1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062971Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.100{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\concurrent\futures\__init__.pyMD5=D5B3EA2EE977275CB75FA7254050B426,SHA256=954D4FFDEF55E3B4A273DF7CE43DCD4082DC07FFA0B7CC0BF7C5D7971D2A5103,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062970Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.100{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\concurrent\futures\_base.pyMD5=6014E8DA4874AF8E19DC2B9D342AD87A,SHA256=E7AC52B25D159A1A4E321164E43E353B034F404B28FF9375822120430397CBFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062969Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.084{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\concurrent\futures\thread.pyMD5=2896FAE3BBC3EDA99EB9A2715924F3BB,SHA256=F53E2BED48B9828D273F7B7A16ACBA0D21005F5FDD9E3054536275538A70E719,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062968Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.084{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\concurrent\futures\process.pyMD5=25BD5C1D4B19981C4B3BCAA4E355510A,SHA256=D2DDE7A309E9A89D81A604784FC6D0E6DEFA8BCE924EF3001E86C0DD378E8096,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062967Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.068{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\compileall.pyMD5=BBDF56DEEC079B68BCAF8858449738B7,SHA256=5A838EBC064E267CC725913D5011647B41028BE06376EAAB241A7767823D5E33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062966Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.068{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\colorsys.pyMD5=155B90E667001B9A1FAE754CB38AFEE8,SHA256=33885389962DA4BCD82B1286A184367116F6F407F61E18ECEFB09A1D8F17CF41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062965Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.068{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\collections\__init__.pyMD5=2984550B9B07E34D2E20FFC89FD789A8,SHA256=9E72E1D79A31F2BBA0E5757765B6DBC7A380F0BE15FCC1843E274A91DB8B9421,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062964Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.068{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\collections\abc.pyMD5=BEF5A0AF889CBE656D8F36952B66D86A,SHA256=7AD86878712FC6682863F12208F4CED5DAF2DD82B6FF5ED58207DE29D0EFA410,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062963Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.053{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\codeop.pyMD5=5BF7A70D8D1670D7342654143DF72AD3,SHA256=5518BCE33757624DB7A8415E76F38994F81F968D613F01331F9EAF75EA5FC079,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062962Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.053{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\codecs.pyMD5=6DE7381A0EF9F457BA52900B6B12CBE4,SHA256=A4E08D46B6AF70FD90C9EB2D877745877A6F5EE0791A8F3F6C1D6651F3E8BE08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062961Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.037{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\code.pyMD5=FEDBEE2BB47F5372D60AD7EAF7610714,SHA256=1944F39B81A75344487E1B393B948B6EA76FF96E15DA5D2A5D5E94EC000E0885,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062960Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.037{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\cmd.pyMD5=876EE912FD5D3663B4B6E9F2A46ACFFA,SHA256=2AE247591ED62FEE5E0DDF05D97EDECB3ACE71B752B1A3DF84CD5CD7FEA9B37F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062959Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.037{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\chunk.pyMD5=9593CA4791DDE9A600B40AFE78A0A1D1,SHA256=F71F8B77021C6224A772C5F8C56041D5D114E78E099E315754E502257ADDE3EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062958Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.037{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\cgitb.pyMD5=96E289FA4C662E66654E57C8B7BCFCBA,SHA256=F0BC49E9C3410E447635E639E7C925298C063438E8243755084450963740BD8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062957Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.029{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\cgi.pyMD5=8F647F8C3398EF82CCDF1BFF189E5396,SHA256=38088BEE5D627AD53A309DC1E66997DA87FEB238A5473A24E8568589226CDD31,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062956Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.013{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\calendar.pyMD5=A09D4CB1AB6FAB686E9E7A18CF0EE2A9,SHA256=A5A14056B29025A950DA34E10D63CA519BFFF2A8C755A39EC197047271C7C924,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062955Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.997{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\bz2.pyMD5=C7F6B929829D1196DFC6C59BFA8BE4D5,SHA256=A539FC503737C53D5A45272E33A435B8A6B7A8559BA6A425002978038096BD66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062954Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.997{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\bisect.pyMD5=83E7F736E1877AF35CF077675DE88849,SHA256=05D6B239EE3D6114A682AA9A5EFB8F8B315CCE6FC2A5D6F1147192AB5A044F44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062953Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.997{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\binhex.pyMD5=5FC5580386DF83003AD1993BAC736976,SHA256=E2BE54DE2B60C5AE1097FDD617CFFA57543F0C27CBFCD35BED98056A8896112A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031922Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:47.842{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C24432B014384046C58F09E8CE8FA167,SHA256=F31B19D12F0669AD23F0A9DBFDB58BC37881A1CFDFE674FDD1C5CF6ECA9C7546,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063287Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.993{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp424.pyMD5=85667B33899EC661331A9CA44CB36DEC,SHA256=AE6E956B42CF3AE32E988833772FC040F8393DA007048AD2B4E1D621FE6523E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063286Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.993{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-01132018-025529-00000003-ffffffff.binMD5=52C01DAB5DAF7A92A149D4238B2A3C4E,SHA256=71EC6B1E41C3B7F26421471C6B4A317188E204FBA70069EB1A00427758A23DA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063285Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.993{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-01112017-214946-00000003-ffffffff.binMD5=0985B41B6C6EDEEDE3138057E55D6BBC,SHA256=F06CCD4172863301B5B52299E74880BADF86154FB71A488C37A8DCED9EF302C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063284Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.993{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp273.pyMD5=CF85B6224C5FE7C8EA6CBAD1C1BB6155,SHA256=016C8DA778E50CBCF76815BBD8F6D0D33DBF1FAF852726D85A5A47651C371033,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063283Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.977{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp1258.pyMD5=11328D7E1CD433053C29BEC6C739FB67,SHA256=A9E1E891DD1F28DEA5ABB5819AEE1477156D288733EB2342F0696F1E5DD0A11D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063282Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.977{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-01112017-214736-00000003-ffffffff.binMD5=1A0CD204ADB0A65A0130FB2DC4FDC79C,SHA256=71427DF352488048E6522EB737A5CD5536408B115AA7A2EED428EB7A2D7434F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063281Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.977{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp1257.pyMD5=544A8ACE12064E96C3E6A7DB436F9F09,SHA256=902262C0640FC0F21CF85A86456DC33D43E51B07E6C961526BF7F7ED4CE2AB8D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063280Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.977{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-01112017-214151-00000003-ffffffff.binMD5=AFC39141C638BF31FDF7052937E51C7B,SHA256=02512916B4D42CD8683F65519F8DC5FA7F5E01B310CA4BA55351DD5FD5D31ABE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063279Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.977{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp1256.pyMD5=2CCBF9B374CE98453955DAD9848C90FF,SHA256=24A69E11902CC4054280EC2DE38EE836D0BE22EABDB9CDC56D9A7B63C8CDDB06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063278Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.977{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp1255.pyMD5=8B8E1CC22BEF6EDE6E44C4DD2A287FF6,SHA256=C039AD62EE73102915D989CF390F76896C335CA8DBCDD4CA27D5441F76E081BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063277Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.976{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-01112017-210622-00000003-ffffffff.binMD5=6FD502F5415257B794206A82E9D9A623,SHA256=2ED1BF5C2ECD40E8259B547F68B203AE0C450C13EBA847B5111EF7D515E51228,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063276Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.975{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp1254.pyMD5=490756413A61FC0954EFA491244CD487,SHA256=0986ACD9A25FE91C4720C912322253AD105AB951A2D0D364CF0E522E6E52C174,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063275Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.972{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp1253.pyMD5=E86052CD641A07AA72686984073AF47E,SHA256=E0B0AFBD19DB367C34C505F99A2FCCAFC6BAE3DFD4E316F86375179DCFC60A28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063274Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.954{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-01112017-210158-00000003-ffffffff.binMD5=C92DBDF932AC75310C1F955AA8520AE6,SHA256=54F6C3F580A2DFD29A3122057973FB761DAA7ED994B8CF6BD7B95B312DF7F269,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063273Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.954{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp1252.pyMD5=52084150C6D8FC16C8956388CDBE0868,SHA256=7ACB7B80C29D9FFDA0FE79540509439537216DF3A259973D54E1FB23C34E7519,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063272Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.954{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-01062018-001647-00000003-ffffffff.binMD5=89FF4C6A752E2C289253984B958434A3,SHA256=FFA032D4E54AC3BF364BEAEEC997F3758C4548CD66A0B16F0A45F886CB8CDB88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063271Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.954{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp1251.pyMD5=E81DE8E87BAB1DEFF99125C66229F26E,SHA256=46FA091D1822434E8D0AF7A92439607018872598FCDE44026F413DD973F14C98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063270Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.954{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp1250.pyMD5=164A9C1A625524FCB480DBE56076D738,SHA256=3FFEA0100ABEF80F916BC2920B296B2EDDD6ECB06FB3CA07549F95FC92CA1F11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063269Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.954{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp1140.pyMD5=C2F88AB320D40C3B1B6394F57A04AF81,SHA256=0451016F6A4B7013DEA1BA35925412FBAD743DDF46E857BE2C272F2A2CB8D403,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063268Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.954{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp1125.pyMD5=127B6641AE648FF494CD9285BE4C61CC,SHA256=5286E2162D53A6B189D83B242BC04AB59A48BBBC4ECF094C11BC1542C0604279,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063267Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.939{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp1026.pyMD5=F453ED24A766166472B48010C7712629,SHA256=8C1D85BE11A3A0A5E6A40101C68548480D0378DF0414E3C16D9CBE9F923C028E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063266Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.939{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp1006.pyMD5=8E2D801694A19B3A569F383708A5F7CB,SHA256=1FDCD59D3277C3768DE74DD8CE4F5F8BEEA569C00CBAA3A20714500F3508B8CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063265Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.939{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp037.pyMD5=A28DE4284DFAEFEC5CF40EE279C388F3,SHA256=FA3FF4B328C72315EC622CD62FEAC21189A3C85BCC675552D0EC46677F16A42C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063264Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.923{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\charmap.pyMD5=8A14214EF1C47A40C56C08A793FC9923,SHA256=1EA641E7C63C0A022A663F5D2024A71124272E088C246583D2D44CDDDF548A32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063263Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.923{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\bz2_codec.pyMD5=1AA105E7EED39A1B52B24B524B541AB0,SHA256=A0A34436976BB5137403C148CB8B332653F14CAA6CDF102150E82646D5249A5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063262Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.923{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\big5hkscs.pyMD5=DB9A713E27FB20F00437D9DAB32C1FAC,SHA256=7FCF88553A656ABE5E4DC1A8E89D1E279DDEC83DE79E22F971AC04E7632708E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063261Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.923{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-01062018-000825-00000003-ffffffff.binMD5=60FA0CD63BC061DDDF1D7B3DD837CDD3,SHA256=798505AFAD9276E4D276BBDF992F602581FA1D88C2F5D1FFB42F707C285E2FBD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063260Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.923{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\big5.pyMD5=9AE0A356995140BFF35627C45E7DA1B8,SHA256=CADB1C66D355F551E4D99A895725B62211CC5CBDE1F037C61FD4463932FF70CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063259Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.908{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-01052018-232024-00000003-ffffffff.binMD5=7425B116E5427CECB6607DE3841DDE04,SHA256=9DCA27B5A9B160B2960167CF1E34D48CB2C0F3E1CDFB631A6AE069F185E11ED3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063258Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.908{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\base64_codec.pyMD5=46F8E67E43DAC28160F47E3870B39365,SHA256=AC4443CEB3E045F064335AED4C9C2143F1C256DDD25AAA5A9DB4B5EE1BCCF694,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063257Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.908{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\ascii.pyMD5=FF48C6334861799D8D554F5D2A30BA00,SHA256=698C578B9B5DF7BD6F8B2761D114F74CFF854C1396083C8AB912B11FCAE83B86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063256Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.908{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\aliases.pyMD5=FF23F6BB45E7B769787B0619B27BC245,SHA256=1893CFB597BC5EAFD38EF03AC85D8874620112514EB42660408811929CC0D6F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063255Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.908{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\__init__.pyMD5=4A5BEB56533BF0D8B94EE640F866E491,SHA256=AF3DD99D5C82FA7E75A653B813A592A92CF453EBC4226FB330CD47E560395426,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063254Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.892{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\_policybase.pyMD5=0C5B89A975BB78A09F8601501DDBF037,SHA256=D9F2E3A5E277CFE874E4C47BF643497C51D3B8C4B97124B478DA23407921DAEC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063253Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.892{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\_parseaddr.pyMD5=A1DC269F5FD2F3254DE6FC14C1E7E7FF,SHA256=74107E6C5D7E09B4F56CC0EC5B0291C510AFD0BE7065ACAA990DF9635D1E8FE6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063252Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.892{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=030903D011F9F53D0B4E31BF2DEE77D3,SHA256=041A1DC43BC39DE4E020ED38DB1EF93A54E47CF16A53F79ECEA26875D3BBD10F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063251Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.892{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\_header_value_parser.pyMD5=6BB8BE2F50650A63DB2E1255B6BE7178,SHA256=42965FECCBF2FDCE95C3D4F666D9CBEBC08F34ADC845387B4EFAF8798EA0D57F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063250Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.892{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B40AB3F344C5068512CBC5374D8FCFE0,SHA256=8D4694276ABF3EC736C33CB819B709047958EDEB093A75528BDD54D6A26B1049,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063249Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.876{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-01052018-231907-00000003-ffffffff.binMD5=4B15DC97974694DF57A5CEB301AA522F,SHA256=485CF59C0C006B1CB267430FBC6344C24F1CC823FED24F2F56296264002778FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063248Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.876{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPLog-09122016-043403.d17MD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063247Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.876{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\_encoded_words.pyMD5=0EAC7BDE8FCDE7B5B3B1320CF54F2E84,SHA256=3D6380420F2E053871296EE169C30375CDD433B18B24E2369374B0F607883D1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063246Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.876{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\utils.pyMD5=AE01B00B737EEB26F6B1A7F13FD5E07A,SHA256=521840D2F6A4500BABAF7DF27A2B1FED2E05AC0350BAF367D5454C09ACBEE525,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063245Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.876{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\quoprimime.pyMD5=91E0134C7993B62DF821299CBFE9CF20,SHA256=0AC88715C424E80122E3D861BBACC20EE289562F2C685AEFE40B88471515A1BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063244Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.873{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDeviceControl-20210811-053803.7559MD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063243Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.873{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\policy.pyMD5=B50D054F2BAF51C93F864FC45ED046BC,SHA256=44B91E9F5D7B510EF085F426DAA6454FB339EA46ED8AC5302EDF84FFE4F9F3A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063242Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.869{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\parser.pyMD5=733C13463BE8E3E9FF0F7F9580F81890,SHA256=2A4247867376B64EE4FD66952F348305AA74EBB5484BC247E0C1D6AD63781B8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063241Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.853{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\mime\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063240Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.853{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\mime\text.pyMD5=E9B16E7B5E7426500F70C0EC09224EE4,SHA256=6DB0003D37C87360177BA09299D3F4C3AE4D051389D6C6F997E38149C496624A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063239Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.853{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\mime\nonmultipart.pyMD5=5A28752E8A554879414A02D5D648EA84,SHA256=F6493F0506DF33DDC4B6B349BC1280BA374D4DB6E86F43411BC98A062640933F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063238Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.853{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20220120-070444.4ffcMD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063237Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.853{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\mime\multipart.pyMD5=78C5928C8D1C5B8C54AFAFB82EE66E44,SHA256=804CC010C1AB4D5230A6B56E31167421908B9BCA265A7E0BB516BA34A8C1B6F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063236Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.837{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\mime\message.pyMD5=7A30E752AC45C95126D9E4164BEE4DDC,SHA256=4915FDDEFCC2702D8771DAE38153B5FA2409DC65D1B37E1D09D86B9CCFEACA31,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063235Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.837{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\mime\image.pyMD5=9690E485C97C41093A49E6FA947ACB72,SHA256=86CBA200959DD980EC2CFC155BD642A60B8CA94408DFC2717E79314B4906F6B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063234Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.837{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20211215-030539.68a6MD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063233Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.821{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\mime\base.pyMD5=643733D8FE05FDD29E434355BBE37884,SHA256=FD0C74EE4CB66E0AB5F53EF93662C490E7614D25471E70EA5C2F4B8B06B047F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063232Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.821{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20211110-031318.220fMD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063231Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.821{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\mime\audio.pyMD5=54F9537F69910B0D3C6A002AF1C09C0B,SHA256=9D2055919FAD593664D599C71515BFE35D79CB87AD5EB2E123E928058176BCFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063230Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.821{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\mime\application.pyMD5=2DD78C3608CF23E373BC7B700621384C,SHA256=D1799CA656F3EC84E19BF94263BA38ED46BD1ACE932E40AB4C34D9D4CB2FC117,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063229Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.806{6F5BEE90-1B15-61E9-FA00-000000002102}4632ATTACKRANGE\AdministratorC:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000001c.dbMD5=60AFA3BCC15BFF0BDFCA934C5A827297,SHA256=4E700D5F74314740C9DE5A93E774218116707F29E3EFF31B3BA51B1302C32F3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063228Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.806{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20210915-030314.6daaMD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063227Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.806{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\message.pyMD5=14F6A07A274A381C6C16336912036DF9,SHA256=2A132F508CB491F5D58285B4CDC5F58EB5B7E181E5BDA52683C9E37B3CE1FC9A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063226Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:46.371{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52450-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000063225Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.475{6F5BEE90-3BB8-61E9-8B09-000000002102}59925124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000063224Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.256{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\iterators.pyMD5=A8141F0F87485A31CD34D98D9254CC74,SHA256=7CBB33D39388E72C408E8A64C5DDF044EF546092E6EC48BD62926CDB54E80769,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063223Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.256{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000063222Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.256{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000063221Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.256{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000063220Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.256{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 23542300x800000000000000063219Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.256{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\headerregistry.pyMD5=85B66267476C872AD6929809F5A2148E,SHA256=4F35739459852F5165E594974C20077ACE4EDCF2F0C295878255D376BC0ECC2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063218Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.256{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20210714-025705.52c0MD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063217Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.256{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\header.pyMD5=EFE826EE4E05118B050E04FD44DA04E1,SHA256=8989B40D16A74E408F117AC964F0498AC807430FB16E1B41FC3783C8397AE165,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063216Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.241{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\generator.pyMD5=00700DFB5C1ECFFBCE39A275BD8F12B0,SHA256=B3102DE7B076FF21F00B580CE82E1118AA38B607931A2476DC3883398275F3DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063215Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.241{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\feedparser.pyMD5=2D2B32601AD79A67484175EC19C73C77,SHA256=F3B126E9C8E58230B0D9295B69B4940569EB003AFCBA80BA1714CA5E53F84886,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063214Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.241{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20210609-032955.1713MD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063213Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.241{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\errors.pyMD5=8A6EE2E875D87833B092C4FFB1486680,SHA256=AC186C29F471F55DE3099F82B67B8B0B9EDB16E4568CB094F852373A0485D07A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063212Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.237{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\encoders.pyMD5=C5D9853A25FF74DBD71A79494E777276,SHA256=1CEA37BB71B7AAC3C7ACB98CCCC2F17017F7195FFE510A96F0DACAABA856A2C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063211Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.219{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\contentmanager.pyMD5=B0E0936B331BCD3C5D66802F1B280EB7,SHA256=565C226D02B4C500969C3AC575E28BEE7179947B8E0DB6C7343F51A43E57B330,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063210Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.219{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\charset.pyMD5=577B47C57BD7C9AEDB8950E55D0B1690,SHA256=85B3FDA14DF4A17822AB99FC66FE662BEE4A2BD4E52544D29B95DDEC0FFFCC50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063209Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.219{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20210414-025347.3a1bMD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063208Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.219{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\email\base64mime.pyMD5=8AE63186399520CCD61E4776409065FF,SHA256=7E499FDEFAF71CA3DF0CBEB0B3F7B460FDB3CC86CE82CEB5842747DD1687424D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063207Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.203{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\doctest.pyMD5=5C84D6754CCC3B0D06DBDAE5B21415FB,SHA256=81D16B0F06BE7D0ED072A8CB84F1485708B785D8CE788F650B91CC357F6C7BB3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063206Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.203{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\__init__.pyMD5=F11B5E5423DB724F6CBDBBFFFECBEF64,SHA256=D20D9EE98DD7B4A0BD87481D9EDCE81D45D910271D43D17CADA6E2BB2D8C9780,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063205Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.203{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\_msvccompiler.pyMD5=1B2A9F6D1755A9E9D9AA65B7326E19A2,SHA256=7F5BA48551AC8F932B5C3CE6CF00B98756BD47383A07143AFB60807A3C5D554B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063204Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.188{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\versionpredicate.pyMD5=88B0BBEDEA3A48613632A05A0D9E2847,SHA256=C7C544D2513B914C3198C469538272B3445F6FE6C118F0185ADED6232522F073,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063203Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.188{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\version.pyMD5=21486BEBF943B13A3B5600E114742E3C,SHA256=2480D94C7E49EAE510ED9AB9FDAC611E8489DC019F4C8148B17DE7FF347126DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063202Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.188{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20210310-175236.11e4MD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063201Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.188{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\util.pyMD5=FFE1A4C805B8ABA0E4D67243AADF57E0,SHA256=C1529C13D837B9F5416757CBF99C16F5304C4D4B64139CBE162551F8878F34EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063200Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.172{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\unixccompiler.pyMD5=657E466881C481015D6536FAE05E52DC,SHA256=290C6092E6CED6C747FB7B8495F9F76A91BFCEBDE40EF42CD6EDCEEEBBD0685B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063199Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.172{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20210113-201324.858MD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063198Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.172{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\text_file.pyMD5=5B2D8FE58F1E3A50F4306800CD5D5F73,SHA256=6EB413F25DA9A0E0123749386C325A247316B520D6E71F8D70C0E2341B51572A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063197Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.156{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\__init__.pyMD5=A723408A80C610347A528DCBA76CBAC7,SHA256=93DBC76D083308D11463ADF5789BB43442F1FF57ABACDEABEA23349CB9E6F1AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063196Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.156{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_versionpredicate.pyMD5=D93469D3467DFE7F95027BCBB74480A2,SHA256=EE33CDDF0FBF6B13ADC54A08508E4A7407F35EECEC610566727790E5B8E40D23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063195Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.140{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20201209-052029.d68MD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 10341000x800000000000000063194Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.140{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3BB8-61E9-8B09-000000002102}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000063193Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.140{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_version.pyMD5=4C02D380EAB776659E3C2BE7744DA058,SHA256=602724734AD8E4F5FF3592F3E3F7F39941060C21D3F4647ECCCB38DE548C186D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063192Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.140{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000063191Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.140{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000063190Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.140{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000063189Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.140{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000063188Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.140{6F5BEE90-18A7-61E9-0500-000000002102}392408C:\Windows\system32\csrss.exe{6F5BEE90-3BB8-61E9-8B09-000000002102}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000063187Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.140{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3BB8-61E9-8B09-000000002102}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000063186Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.137{6F5BEE90-3BB8-61E9-8B09-000000002102}5992C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000063185Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.138{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20201014-024353.2259MD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063184Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.137{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_util.pyMD5=D6E698AEAEE2DD3C25690355DBF825F4,SHA256=F1ED582FB31246CFEE79BD2C56E796396C80595BF82FD43939F456A9C6C15553,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063183Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.134{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_upload.pyMD5=D10C9A8EC04D06891025D32AB878B457,SHA256=8A39C43D654DE996401B54A41CD879051219D07CB0559A4CBBBDE0E4C91F6FA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063182Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.118{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_unixccompiler.pyMD5=18B6C584615E913142AAEDBBEC1BBC83,SHA256=A0FDDB9FD1B83B54489F28C1C1DB497E9B3DB88A47DD1DD9B560DCF68BDCA8C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063181Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.118{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20200909-033343.558dMD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063180Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.118{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_text_file.pyMD5=558273EF27021D8699D81DB87BD781E6,SHA256=D608F65DA39F39B96C78690AB80043E4B743DC19D73BD0FA7DFD6A0FA6472F03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063179Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.102{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_sysconfig.pyMD5=5F255412B83914D4F8E934E76DCDAF8E,SHA256=CB84143E55025BF39E7DBB869582C99FE09E335C42422D46E52DDFB117DC6EE8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063178Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.102{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20200715-053446.3ebcMD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063177Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.087{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_spawn.pyMD5=E774A2AA9C175F830EDEF2BD52B69632,SHA256=2F946943C004D46F67965A2CB37ED5C275320698DF57F9CD0268960D8EE7C9DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063176Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.087{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_sdist.pyMD5=48DBE6D372BC3ADD464B40D60C30F652,SHA256=80A89BE547ADA607272082870879E2B997355B2816572C326576A7F87597F45D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063175Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.087{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20200610-052915.590bMD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063174Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.087{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_register.pyMD5=F807C016E7954E12A3DE77388EB25C14,SHA256=C48732EE8EF65DEF85AF5A6F7128A17B4D4EB4372C25AB337F47E99324667C87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063173Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.071{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_msvccompiler.pyMD5=60AD1C22DA6FC11F4D36BE9AC5C75FA8,SHA256=F09BBAAE6A72C0E2754F2DF60D89B6C4F58E84C41272F388F129526640E265CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063172Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.071{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_msvc9compiler.pyMD5=02A728B47643FCD58CD7D1C68C4124A9,SHA256=3A87AC1D4D8D2FC8BFFECCA97E740573A9AA142DAA700D76F2A72D577F963999,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063171Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.071{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_log.pyMD5=5A9302F2604DF75F623C027CEA7DE44A,SHA256=90E6BC0FD33CF93C8DC46461B538B9EFA17572E0CEA1C4A0B34D36BBC027E33E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063170Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.071{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_install_scripts.pyMD5=5B5A3E16770A42066D2D1D7A26C002AB,SHA256=7B829F41B9D77B43D7E75F58CF5BBBD3DF16AE133DF537A94E5A4DDD3AA3DBA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063169Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.056{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20200415-052855.504cMD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063168Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.056{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_install_lib.pyMD5=51F5F63C8A15F5E715AF83C67BDF7CDF,SHA256=6B813555CA3AB4FD6F6957847DD1702DC9DCBB81AAFF5138F6A79495AE42074F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063167Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.056{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_install_headers.pyMD5=1E80F50090C057E4CACCDA699AC0EE8E,SHA256=451F0079D14B75E434401DDE5161AD6A87FCE7821A4F7906F2E88906936A93D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063166Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.056{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_install_data.pyMD5=9855671ED0170514D7CBC91C36B83907,SHA256=63227C1AB5499D834FDFBB3EC2D646CA38F95A78B83EF31E4A29E9063457EE3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063165Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.056{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20200311-053305.370bMD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063164Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.056{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_install.pyMD5=FB82E27D738DA83652728C0AEE88C1F4,SHA256=3DAAE65CF39B15C5D51C4C78AAB091EE5746945DACCC5BC13A37F0CA66129858,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063163Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.040{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_file_util.pyMD5=45781A34C9B6FC7D82144493FF5DFD4F,SHA256=0E9C8298AD76A6FCBE1791A57D7C2FA7A4B0169B7C9E2643932419D1F518BCA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063162Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.040{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_filelist.pyMD5=71E30B242459A097A0FE5486C732BFD2,SHA256=3F5F67EA85A98029EC1E5E7F90D856FF7FC2A9C98B350CAA89F61A9DA30009F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063161Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.040{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_extension.pyMD5=695D9DEBE8CCBC662BBE085107F1D1FB,SHA256=E7769C4CE8434FD4454DE3C371ACE5BF09377D10664D19A958C6DB15A82769F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063160Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.040{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20200115-053116.29f1MD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063159Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.039{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_dist.pyMD5=DB67454DED31DD4A42BF396D2D2190A9,SHA256=713F14738F28AB99461BAE5DDA4F07BD72BD29E9E3C680D75979FC9568706AC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063158Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.035{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_dir_util.pyMD5=EEA28AB898BB949039BB0CFBFEE027D6,SHA256=656E8884F840694A859D9BFF156781AF450BCC22489179B4E50790987E73B764,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063157Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.018{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_dep_util.pyMD5=7FBBB383DEAD4C7DB159E1CEE4C9A07B,SHA256=9118D62FDC02D02663AD267158A76FC87715DA3DB86CE7CE8631C20906858D0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063156Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.018{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_cygwinccompiler.pyMD5=0A88EA408D0A5567764AE5D867A4F996,SHA256=FBDD445D94BC57FA0C0A833A862841D6E4A709FA3925D8EFD6EEB1F259A287B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063155Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.018{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20191214-164545.5061MD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063154Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.018{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_core.pyMD5=79BF4E9036B089B12DCC760BE38CF696,SHA256=2BC6B5587C82FB7254351BBCC0598E618C56DD81AA7D1C880AD771885F0D24A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063153Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.002{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_config_cmd.pyMD5=553D6D6E3B929BD65B51E049E3619630,SHA256=BFD56918F4BB8F15CB1D465028DDE5EC45046B2FA2DD916774EC799A1087F0CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063152Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.002{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MPDetection-20191113-052824.7d77MD5=8C5B9DBECE22AD275716062C83A66EF0,SHA256=63C7D8C9D2BA2E67479D5392541425681E548A1317D0074E37C75454D4B520E2,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0xcc 23542300x800000000000000063151Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.002{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_config.pyMD5=F24F9C5EACFD28463C5980D38A7FD139,SHA256=5390ED0D0C2B09E848A4639EDE8D42CC0DF630370D6B163C8F423EB2C199C734,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063150Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:47.987{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\distutils\tests\test_cmd.pyMD5=3E644D8958B0EA4025DAD204DF6A0010,SHA256=F166B78E6F6A04B83C581D87C3A12AD1E19B276F124CB70DE848CD76CAA6D48F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031923Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:48.842{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7AA1B39395AB5D8084975CA3071F9DF4,SHA256=61F88D45C01DA0449C2C417DC79A5A6CF3308B969FB1A7A717152E627BD0B18C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063541Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.993{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-08092017-085510-00000003-ffffffff.binMD5=B08087BD4018F7617585FA0AC04482E7,SHA256=B2A2F3C50865E56426EFD255D439423A56C127E5931293B9053CCA1B71FB3CF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063540Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.993{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\htest.pyMD5=8B95CB1B700C3398F04E3B536CA5FA8D,SHA256=830431FF9812491EB85D91E4380033850469C4E36595D61EC9AA43B1D343644F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063539Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.977{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-08092017-063106-00000003-ffffffff.binMD5=C14AAC494F40EDE80B83FD250E88EEDF,SHA256=AB9C08A95470D95B18CBBB78E837A80EF128CBC3389841144271E36F7B5EF447,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063538Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.977{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle.pyMD5=A9E1D02FD156D2B3E7E5DC770D7035C6,SHA256=4E32DFCA06F56CD261043B9DE10A7901E939436C7F36626DC716E2F435FD1B15,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063537Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.955{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle.BAT2022-01-17 14:25:12.000 23542300x800000000000000063536Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.955{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-08092017-062138-00000003-ffffffff.binMD5=E3391CCD1AD7A0499DFCFE5E97D6BE4A,SHA256=93A489EC41DDDE2CBE2F1BC64EF30C274C46160E341A521975A5EF4C1F19CB2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063535Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.955{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle.batMD5=5DD3DC514DB4843357AE370DA738FE8B,SHA256=15A3977F0D2C6A8E87DB2EF7050EA10AFB3A88B064BF5EF95439924E42464114,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063534Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.955{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-08092017-062047-00000003-ffffffff.binMD5=B3B3E34FA246A24F44E1CEF6628A72DA,SHA256=781CAF22B665419F1E18B3EBBE012307AA70EE98C14AAC0E8E00442B9F2C0B6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063533Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.955{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\Icons\tk.gifMD5=5A07ACA97E595CDA407BDB8A2EB380F5,SHA256=A932FD307C4BDC223AE39165F413B2A530B2DBF6323E8A272865DA6627535EA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063532Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.940{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-07132017-011921-00000003-ffffffff.binMD5=00E368886FC77D4D28C9794628EA052C,SHA256=9E87A03371A056A59FF35A82AFF528780D5132288AF05B69BBA2217D8C783604,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063531Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.940{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\Icons\README.TXT2022-01-17 14:25:12.000 23542300x800000000000000063530Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.940{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\Icons\README.txtMD5=7C3A3C73D3C872FF1958ACAF3A426A72,SHA256=A344541DD13FD028F68D09A00254C385304512B4657471CBC25CE56770B5194E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063529Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.940{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-07132017-005527-00000003-ffffffff.binMD5=7506FD993F0300F19B925861FB3262E7,SHA256=69C2C36244A6141BAE6DF81D6E88B18DC3D87E2DDC16396E91184D0C4FA41E8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063528Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.940{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\Icons\python.gifMD5=3589FE3C728610EE9DC8AC288063B086,SHA256=09878665B07BCB76FB3222EA1B4947A553AD0AF76FC12B31651D1707980791DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063527Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.924{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-07132017-005013-00000003-ffffffff.binMD5=BDA48DC705F71C263662970CF76F07BC,SHA256=48749014DF5D51AC3A3CB62F0B4AB6148C0D2E9B829D4ED9C43B33907062B90B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063526Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.924{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\Icons\plusnode.gifMD5=E7E14AB461627886185554E766D31AB6,SHA256=FCEA17DEE8413652327D3D1F7565AC6B32B392A5E424947EDE2088E276003469,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063525Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.924{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-07132017-004807-00000003-ffffffff.binMD5=0E0FB719DFF28C0C136BDED4F52F41B0,SHA256=71839AB3AFFB8FE862007327DD3E13AC6CE2E4621959C77D473BD0BAAD379A42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063524Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.924{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\Icons\openfolder.gifMD5=E178FBFA06781FF6C0E5A7BFB59A18D2,SHA256=9A59E2ABF1840156E9DB8F85A38822FD56AB79A139EB95EC86F1FBA1BB87326B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063523Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.924{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-07132017-003918-00000003-ffffffff.binMD5=7DFF621B5B8A61BE58FD7E5CCC922CB8,SHA256=604D3A6CD6A7CEBBAA8962ED4C358A152DA72FFCB9576EAAD11D3714E37818F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063522Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.924{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\Icons\minusnode.gifMD5=7154EA5EB2B1DA2F3E306C6F843A5297,SHA256=FC11C3D934F8DE7D3285F616D0A9129F8113B158157501829C2E452101D067A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063521Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.908{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-07132017-003816-00000003-ffffffff.binMD5=284117DC40D8ADDD52B5BCBD9C798025,SHA256=F41ED6B8C40253701AC91041F00BA8FE27EB8952EF832E41CFC4BE105BDF915E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063520Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.908{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\Icons\idle_48.pngMD5=59BE91B17983F2D8DE110D2534075292,SHA256=F9B54F0A6C4A21DAEA6F41263E8DF267367F5B491094BEA56179A9C3B4EBD65A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063519Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.908{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\Icons\idle_48.gifMD5=29C399D2467AE9540E459D333227A38D,SHA256=37484901EB40EEFA846308E1DA3FF6F240EA98F769A2AFC3CF4FDBA00327ECBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063518Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.908{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\Icons\idle_32.pngMD5=068C52EB2659FB8A987EAEA13DCB6D49,SHA256=4A404D5BCB1109A33329F0E099FA8C07A8B02401DA4E531BBC6DE733A90E45AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063517Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.893{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\Icons\idle_32.gifMD5=31490BFDC9E6B5E32D83297670221C02,SHA256=963D5F8D5D1259E9874A263A6621CA6DD1D57608FAA5F28F7D61F349583E0781,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063516Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.893{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\Icons\idle_256.pngMD5=CBD71C9E202BDFFDC74258B56B6CA917,SHA256=8007B797E6251B310F5870B7207209A848E1C9ACACDD2B221D0EC877F7E80340,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063515Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.893{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\Icons\idle_16.pngMD5=13C4B9E9A44385FE669949D5164F64F3,SHA256=26999728E6EEFA83B486188A3AF6900A464741307E7E4FBE4C6BB030EB765042,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063514Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.877{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\Icons\idle_16.gifMD5=79FF1B3FA6B72D81D75F123A650B2151,SHA256=4AD97F34E64ABD93E1E32AFF017FF8914E3204A76044F1486BC9FBEFA07BFDBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063513Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.877{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\Icons\folder.gifMD5=56C144CAA9A420C26A47106A53C9D530,SHA256=7C98D566A13FD599D1C11A375F387FEF69B6C595C4F18C5D88C188A860BE0E55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063512Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.877{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\hyperparser.pyMD5=582539DB5921D474E0E84A80F3F99B94,SHA256=8E302D637D011FF234CE6BFFE2B2319E634E17043C2406DBDFAB0E7A15C15667,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063511Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.874{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\HISTORY.TXT2022-01-17 14:25:12.000 23542300x800000000000000063510Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.873{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\HISTORY.txtMD5=3AC5395513EAAE1C6C23CDB840BF592C,SHA256=A84B2AC9C29304CEB63A7514912A7050F0B54AF7F0EB520B5EC8CBAF009CBAE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063509Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.872{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-06152017-174338-00000003-ffffffff.binMD5=6595569A7CF03A28EE66871270531CB2,SHA256=F3E2F6C8EE4476D595284D921B215FAEEFE1A0D50AEFB741F52F77AB145AA81E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063508Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.855{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\history.pyMD5=22F64AE0624BB0AE4B895B0D672BFEFF,SHA256=55FF8EA2B205782EA16382DB00586612D6FDE3DB3D8248AB296665616D4AE15C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063507Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.855{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\help_about.pyMD5=6C642744999913CD02452AF6BDA84137,SHA256=0C6BD579422C14157DF88FB39F95E952932BC33EF535CFC9196C5DFCEBDA6D5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063506Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.839{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-06152017-165837-00000003-ffffffff.binMD5=C78EA5488BE4ED3B94029108B91C38F0,SHA256=6832958B5BE5535AC6299E3574E45A5336B0057CAAD801287BB613661ED5DB8A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063505Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.839{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\help.pyMD5=33B234511AAFFF278E2B3A7D9863B8D6,SHA256=3F150488CF14C8469E9A3401FBA1C7BD60F826A4C4AA8223916544BAB6F3883F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063504Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.825{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\help.htmlMD5=72AB06F3F0517EF16B3D9AE2AFC511C7,SHA256=54BE3DF501E37D096802B83C6EC1438C5512CA50917649D31F674579DEB95398,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063503Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.825{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\grep.pyMD5=3824352408CDA45F4FA3A435855C2745,SHA256=4CFE1E01D7999A20545205A02F88E8EF51B8726EAD1CAD3ACE21E129329ECE0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063502Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.808{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-06152017-165644-00000003-ffffffff.binMD5=0EB5AE7B5500C19F2695A42344E5786F,SHA256=AE71142CBEAF0773DEE6FD52413D9E6FE270E3768562F8BFCB6F0D6D905844B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063501Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.808{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\format.pyMD5=37BAC954EFFBF63F6828825E49EA4DB8,SHA256=54A083AB464BB220BD30AB3CE6C7BB0DA43CD1B45BD13AB77DC62F2A8A3F7ABB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063500Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.808{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-05192017-213631-00000003-ffffffff.binMD5=22D545FFD3107B54171B74C23227201C,SHA256=58F9EFCA02AAE2FA3D7EF60138ABFCCFF5C50E040C182ECBCCDD3D4F507BAF8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063499Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.808{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\filelist.pyMD5=FBAE1506B2582B0E2981BB0126DF39E9,SHA256=65212799082D56BCF6AC4093455D04B3A4840FBCBE0FCA73ECE06C5CCCA6D5C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063498Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.808{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-05192017-213132-00000003-ffffffff.binMD5=FB11D96A91018ACC4F60DC9594DFCB49,SHA256=2500F22D76E78E3984F333560F9DDE7852D285CBBEFCA25AC65BA83489CAC2A9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063497Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.793{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\extend.TXT2022-01-17 14:25:12.000 23542300x800000000000000063496Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.793{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\extend.txtMD5=36DB447A634E4E3BE1853A945ACD5F36,SHA256=13CD4B284B1EFB37E9B99B1362CE31105EF85615187F470CD8E95817990FEE16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063495Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.793{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-05192017-212925-00000003-ffffffff.binMD5=CEBC86D66FC3D883B760820F57B99781,SHA256=A46A7EB5DE3D985E3C5BBB12FB5F82F6150A1DB077E06ECD7A38A82A908201F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063494Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.793{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\editor.pyMD5=8C7A92C6DA5246A3E7DE7767BFD2A359,SHA256=7491853959707841AC756950E51617F76E3BDC3F230BD5A13B87D49FAECCF0F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063493Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.793{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-05192017-205447-00000003-ffffffff.binMD5=4AAE3ACA6B66AF06FFADF76645FAC754,SHA256=160F68AB0A0B21BA8A76C0BC29830BF7EE7A7EE4B0A0140CAD1D6C43D31D5975,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063492Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.793{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\dynoption.pyMD5=D44433042539543C72620894F87B4B8F,SHA256=0751A3DC8FA872C255039297375DDC916ABEDB048C11D25CFCA50F19E293C6EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063491Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.793{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-05192017-201910-00000003-ffffffff.binMD5=18B1918958F3DACA822D9E991EE52994,SHA256=C2F181504A2AC243B0B6D1228268CD96E7C6FC4154F51F9C24ADB11DDFE383BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063490Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.777{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\delegator.pyMD5=7088FBA9C191F12C93ACCBA53C7921BC,SHA256=C6B0CA61887482E03F21C6C6A22C9D832DF26F96D4FA6C789B5CA82E8CFCB593,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063489Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.775{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\debugobj_r.pyMD5=C10E164177428126C730C943F07BB6F0,SHA256=58B528EA4605D5F039442830286C80B4720DCC23B0339281DAB5DCCC14374936,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063488Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.775{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-05192017-201454-00000003-ffffffff.binMD5=33F7BF0ECC775EDD95791EDF065A53A9,SHA256=4E8899908276A670E74A0C6940D67CD77BA794A7051F23BB09BC874F3133E691,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063487Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.771{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\debugobj.pyMD5=2CC39AF07CFB198EF5315CAB2911DE58,SHA256=63BBEC27F3F89459881669F9A63BF88BE45903B7E488F330C7EF079984DB97F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063486Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.755{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-05122017-011929-00000003-ffffffff.binMD5=880EF9DC7423EFA1DF011B80F2DFE2E0,SHA256=95B666F9C6B95A601DB6298517126D85198B75A27F62424007A1AE7CEDBDF434,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063485Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.755{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\debugger_r.pyMD5=86251E435F9301DCA2CF10737666B130,SHA256=ED211AE1056A9E5D557EDDCAFB5F55B7D5BE5E6FB9BA720E83385E38937003C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063484Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.755{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-05122017-011624-00000003-ffffffff.binMD5=BB4A963E2D27DFB2DED62EDA8823ECC1,SHA256=36CFCB2A8AE5DE6BC3F52593235282795CE4B7CFBC8FF3BFC2F906500302E4BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063483Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.755{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\debugger.pyMD5=AB72C956951FB553688212578564D4F6,SHA256=668D9B270E8334883F858523FF715776AD1FC142ECFF38879A0E8C805BAC12DA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063482Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.755{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\CREDITS.TXT2022-01-17 14:25:12.000 23542300x800000000000000063481Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.755{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-05112017-235300-00000003-ffffffff.binMD5=F3D49396F6116E730822E9131009E4AD,SHA256=6C150BA569043EA6F5C8655B5E4D76D0096FAB09ACF20E8B5819CD388B6B597B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063480Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.755{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\CREDITS.txtMD5=C213E2E8D30CD588D64D94D92B13396F,SHA256=90BE59A898BBBF2B18B8487ECB0CC1FFF351F5141ABD02455D34D853334B6121,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063479Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.739{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD6C395AD97CF4BE3B40A20886B698A8,SHA256=09179472B6820819EA626A37805377A82CBAF90A6AA2C81A165375F66C5C729E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063478Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.724{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\config_key.pyMD5=0A461337214323E6CDC70BFF37CAB662,SHA256=7587055B46A4512886F3625F5695571BE4B3A0E288B0E12BEC023C315829688C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063477Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.708{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3BB9-61E9-8C09-000000002102}4680C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000063476Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.708{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\configdialog.pyMD5=E88F6B474DA68108ABB1885ADCE6C58B,SHA256=7DC1905491BA551DA662CDCA2BA122C2AB10771F17F1D0BD4CECDFD1FF46A23F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063475Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.708{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000063474Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.708{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000063473Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.708{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000063472Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.708{6F5BEE90-18A7-61E9-0500-000000002102}392508C:\Windows\system32\csrss.exe{6F5BEE90-3BB9-61E9-8C09-000000002102}4680C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000063471Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.708{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000063470Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.708{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3BB9-61E9-8C09-000000002102}4680C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000063469Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.714{6F5BEE90-3BB9-61E9-8C09-000000002102}4680C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000063468Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.708{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\config.pyMD5=1E6BBC1380DB96D09AE763E182588BBC,SHA256=8CB11E31285967183A438C79BF3F1F7B827855A638BD682AD26BBA24653F9001,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063467Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.708{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\colorizer.pyMD5=3F050A6BF89605D8C61CD730714FF375,SHA256=DC70413F1316727C58C6CCDCB29C72AD951B2CF67165320FDE0490E56443D189,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063466Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.693{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\codecontext.pyMD5=C02B4B83A2F6AC8E829C500AA6C12AE8,SHA256=8D93DBC7C9C3B356473ED21AE215C0BF372936966B2C26263CF52D0A35252DAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063465Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.693{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\calltip_w.pyMD5=A89D4620AA2347AD2BDF22151639B20F,SHA256=2F6AE0A55938F0C5204A305D47356219D9A29C7ACA61D20839E1B9610759FF79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063464Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.693{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-05112017-235041-00000003-ffffffff.binMD5=511D24287092E41E852C278D47FAF6CC,SHA256=DA913E627B8669DFBE7AD77F4331EEA9839D7187987DC51D4D95F6B9EC589536,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063463Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.693{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\calltip.pyMD5=CDB87B1F5E3DB590CBA8293ECB7E785A,SHA256=7E24FC65B0DFE9B0ABFBB0DEA97AB222098AA978F85F2E79A2AC56FF92F5BB2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063462Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.693{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\browser.pyMD5=16533DE90386FFD227D7E0FAC5B7CB47,SHA256=0F8F12468407B0FD737C8E6256019130B78DB6B6C6252C5075BA6D261A6A6B47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063461Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.693{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-05092018-030056-00000003-ffffffff.binMD5=C3D82E5B7A2442C913FF59062BA9C07F,SHA256=C6ECFF6DBD3B200929C8C42EC06A5BDD5B5F790197CB39166C93709782B915B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063460Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.693{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\autoexpand.pyMD5=3630277C433B2C3C1E20ADD3DCC40D47,SHA256=EEC10FFD8D460FB90AAA61FB286F25F982793DF124A55D52A92B34A0B15C3F4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063459Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.677{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\autocomplete_w.pyMD5=17886D5D7160A3275101BE308A6C989F,SHA256=2263B104CE2E0208987A1D9C2F9E5D6C8366C6E2BE44D267FE1E277253E98686,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063458Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.677{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\autocomplete.pyMD5=24D5CA8A7B072FE0524D2009A422F84D,SHA256=D6863E5703612857B03BC44CE9E5C591B24BBAA02EADE5900664E9D87217DF10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063457Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.677{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-05092018-013757-00000003-ffffffff.binMD5=56251B3B1A68A21EDBEAB4A7728B489C,SHA256=448B12DD1CD92405EC57CA894BFB054B18B1A361EF4106DCDD5D21BF6912F260,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063456Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.671{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\http\__init__.pyMD5=26B5CF5F93FA25440187796DB6CCCE16,SHA256=6297DA88AB77CCED08A3C622C51292851CC95B8175B7342B4CD7F86595F73158,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063455Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.655{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\http\server.pyMD5=B20231F941BAF7237A880FBA252F8292,SHA256=82024B539259FDB3C84541B147B3CB4DDA0737800BB019B133225D9F011C877D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063454Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.640{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\http\cookies.pyMD5=BB19E50B174A51A5972C7DFD8F142ADB,SHA256=D049D9DE921DD9A2D13CD205FC0ABED14691CDDC8BA6F3C174653AF938ECD79F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063453Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.624{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-05092018-013446-00000003-ffffffff.binMD5=D63C5C78FA31E4174BF2C0BE1E6908E2,SHA256=12C478FECF25BFB146374E3EF24F21AD1EDC51405C0844B66F1A1D48DFED2BA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063452Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.624{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\http\cookiejar.pyMD5=C0F3C25AE409F144832993B6C0676886,SHA256=D3DAFDB40CCDE60256173FD67BCA982E956136EF0018817D59DC4F520CD8C4E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063451Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.624{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-05092018-013245-00000003-ffffffff.binMD5=15E2FDFC27A3E622268DD497929FB6C9,SHA256=990998693F1C8A0C97C3976D181BB41C094953ECB9C7715E143E28ED8843158F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063450Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.624{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\http\client.pyMD5=08EEF1E809174A69BFD3846685881DBE,SHA256=108F6851583288B8D37AA0F0EA3CAFA42FF86F2697FFF9988438B62084FF8770,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063449Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.608{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-05092018-012340-00000003-ffffffff.binMD5=E9B89C914632FD55112661FA1EACAEE1,SHA256=1DC85F6E9F3BF5D3888FD33DA64C329972A9A18504826A9D4F340F46CF95CCD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063448Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.608{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\html\__init__.pyMD5=DFDDAE7123B57A46F83C81BF942A86C4,SHA256=485240692D542D312615C78674746ABBD39CC90E580633C56741EEC93DA55935,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063447Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.608{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-05092018-012238-00000003-ffffffff.binMD5=C11C0C1181857D0B14393BA2E93F7C67,SHA256=9BCFB89726DAC0BDB33B36B876648A57A5E6C0AD984F9706D84C5EEB1B730597,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063446Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.593{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-04112018-201004-00000003-ffffffff.binMD5=8A604F046D38216365A63E2765053146,SHA256=58A66347E66685AE7BF6D85759D6D4E285278E2FD555027350EF1A2BBAC1A1D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063445Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.593{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\html\parser.pyMD5=98019173BABE19859F8A4449D760E116,SHA256=8EC76D84EBD69422E81E8971750C3796189E31460A6B3D171F0BA94C41998C1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063444Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.577{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\html\entities.pyMD5=C9C627DEB5A3BA68B1F8B4E1A7AFAC62,SHA256=B23E88EF07E6ADAB526F6DCCAAC27517529EAF5E7070CB76CD9BFBA1AB333955,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063443Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.577{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\hmac.pyMD5=A7308CEE7CED61CEA957D925076FB85B,SHA256=C9FC1D1AC2E1AF1FCB0976E9A7FFBE14B13A4177C0F39AF9639EA341338DC72C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063442Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.577{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\heapq.pyMD5=6D447DCB24E4E6EEB99B898F90736687,SHA256=F140027EAFEF0C3D3FC13D9B393F1A6F24069E5437BDE478E1B95EB47D3EA24D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063441Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.577{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\hashlib.pyMD5=21DD74815051864F290794402768F3B9,SHA256=4F2CD247217F809905C3D7A3178EAE31D697C33CA42F06E9D2217DF86D4832A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063440Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.577{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\gzip.pyMD5=97D3C070D8BAC4A2C8F92F64864C6814,SHA256=AE72AA290F3AA83BDAA337D92C19B39E396F7BE984FB0F9B60F57464AAA18020,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063439Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.576{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\graphlib.pyMD5=EE15C72D9CE4C8AC3566570A1B5ADB79,SHA256=2C618FBEF31D772844057C4CFA74BD90874CE0FD9FAB886E3597E4FCA8AEA7E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063438Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.573{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\glob.pyMD5=9DABC8ECFFFB6F16FD59D418F35E21C3,SHA256=BE68BE3D9A2052A254879D80A56CE69B6E6A9C1C82BBC7B3608CA8BA4749EF75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063437Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.555{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\gettext.pyMD5=FAF4F6D15309F3F0FF72B5250F4A572D,SHA256=0CFE0A76C6EE6A60BE2C0DD259B115AEFF96E2CAFEE3C5DDF108991EDD8CC527,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063436Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.555{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\getpass.pyMD5=0F8B3481C15E6805AFAD8EAE8E770FA1,SHA256=D2B77376A296CBDD0F659DA6CAB047426A4719D3F09949ABA8F334BD01E80593,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063435Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.555{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\getopt.pyMD5=08EF4DCA79267E51C1CB8B9DB09C0CC8,SHA256=42DDAA74BF0B85F684D1C4F40B1C460AEF05B8DBF6FD05FCA68D71D2A07F8AAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063434Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.555{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\genericpath.pyMD5=5AD610407613DEFB331290EE02154C42,SHA256=2E162781CD02127606F3F221FCAA19C183672D1D3E20FDB83FE9950AB5024244,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063433Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.555{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\functools.pyMD5=E451C9675E4233DE278ACF700AC7395F,SHA256=B4698D03B4D366F2B032F5DE66B8181ED8E371C0D7D714B7672432E18D80636B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063432Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.539{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ftplib.pyMD5=B14842A034453578318FD0ACD801A0CC,SHA256=B85739A95BE5A2374013E9892DBFA5AC75312024EF7EBB9BCB4102B0F5BF0F82,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063431Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.524{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\fractions.pyMD5=D79E7362E8855E4216B46F90A2D664DF,SHA256=AF973E4F1A157C6D1AF2F16A63B384A6DFED0D64880A56DB96EA4E0D8D6EB12D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063430Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.524{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\fnmatch.pyMD5=3896E3C740ACC46378187538423C3569,SHA256=03780D31CD94F5B3D20EB951C07F8A340107B20EE429C079F8B140D10DF10298,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063429Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.524{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\fileinput.pyMD5=4036BD2CFC0DB48953F8A0D08D194AED,SHA256=B07784E31F99F34374B9305D3CAA8FD374DB3C967F59E4BEA62B8D0EFBC384B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063428Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.508{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\filecmp.pyMD5=5BFEBC272A65E815586C0B477529A23B,SHA256=DF39A8D67A582E8E4F54B665B7FD5D87E0754982AC5FBDD6CED3E09039CDAE8D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063427Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.508{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\enum.pyMD5=F87CAC79AB835BAC55991134E9C64A35,SHA256=303AFEA74D4A1675A48C6A8D7C4764DA68DBEF1092DC440E4BF3C901F8155609,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063426Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.508{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ensurepip\__main__.pyMD5=B66408AC25B2935927C825261FAE1D47,SHA256=BE2DEE4F4B55958AAB36AEBBE6D2D644065E9C36A6DD44727E955FC590501925,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063425Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.508{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ensurepip\__init__.pyMD5=59BA8077A68F73B1E99A87145F79AC72,SHA256=2A42BFD1F1521EBEBE868D744217981618DCE95A350E3F3644D922DB6284DCCD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063424Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.492{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ensurepip\_uninstall.pyMD5=A924387CC28E1ACF2CBCC6D16A000F01,SHA256=B24642D35A69A8378BD4C8A034C79EFDF0D582D5562ACFCF19F790A90A7D508C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063423Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.492{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ensurepip\_bundled\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063422Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.492{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\__init__.pyMD5=7E6A62EF920CCBBC78ACC236FDF027B5,SHA256=93CFD89699B7F800D6CCFB93266DA4DB6298BD73887956148D1345D5CA6742A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063421Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.492{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\zlib_codec.pyMD5=77C7F92636D3B55460B5E1AFD451D5DB,SHA256=9B660028249BDB7E9B80AF1D5432BF0C90B132A6D0DD205E2DED2A3B3275B728,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063420Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.477{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\uu_codec.pyMD5=C62CEDA36D6B362A2250094DFA2EF15A,SHA256=3991C68ACBB5CE946C6BA71CCB044FBBB449F9EAC9B76262456537EAEBEF9340,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063419Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.477{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\utf_8_sig.pyMD5=99B035D3C80B206F86E525A4DB7704D3,SHA256=21A95BB95448F2F064F08AA2C89E843B87A20A5A13C45C6C47C288F2BE5219A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063418Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.477{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\utf_8.pyMD5=F932D95AFCAEA5FDC12E72D25565F948,SHA256=9C54C7DB8CE0722CA4DDB5F45D4E170357E37991AFB3FCDC091721BF6C09257E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063417Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.474{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\utf_7.pyMD5=ECFD453A49D4C576E4F189CF6B23376C,SHA256=1BE7FC4C85EDAAB33427D3F1230D56B8A4B0D75566F726D9DFC50FACEA36688B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063416Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.472{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\utf_32_le.pyMD5=6647D201D3BAD385BD7897DF02EC45ED,SHA256=945AF03D1DA591640DE7176BEF879658594B399AC7BBE564D790893CA7B38A73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063415Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.455{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\utf_32_be.pyMD5=85519A8598572F85931621ACCB60DB87,SHA256=A3698A68287CC78323117D14BE3B0B40F46289A850EB06AA9A5328D44B2A30EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063414Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.455{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\utf_32.pyMD5=616CF58B40671374C8A7BB69A3EBC565,SHA256=97F6038F368954DD48BE9B5FA41B1395A71FCA0271B0FEA69F8E16F9F6633775,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063413Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.455{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\utf_16_le.pyMD5=E34C5A24FE48A17FCBFC4335389F6C4E,SHA256=6D3B04F3ABD9FB6151FEE5CA0426C2E7ED2677EF1358C269747FF8946FFC02B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063412Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.455{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-04112018-192339-00000003-ffffffff.binMD5=22A40FE60D43CFF1DAE2593D2FD60FDE,SHA256=5E5140AB657ECDECF915AE568BF071626240A44A07D41131668964D06300E0BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063411Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.455{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\utf_16_be.pyMD5=71C7BEDB2761CE2BCD7D4AB422CF4F40,SHA256=16329B46D794F4D13B38A7A2540002E72E176D85237872CA3A24BF3C90D7665C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063410Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.455{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\utf_16.pyMD5=2867E58C229EB66CE2FC8704F1E380D2,SHA256=FD85A9D634B6F3868D6777E2B0367643571B3E61111B87C79F65DF3F57C7ACB3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063409Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.439{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\unicode_escape.pyMD5=C939A021963EDD01807CDF57B08163D7,SHA256=1D1372CF4F46E2F99820070B78563BD3EEED60FFC43A932B483CC7918F3DA5E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063408Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.439{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-04112018-185917-00000003-ffffffff.binMD5=4B54F34A86B14D4BF82E516187920EE5,SHA256=C1EEC976592D01B3D4E95C10D16B9983E3DCD6C7ADE44C831759F7CA1F15DCA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063407Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.439{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\undefined.pyMD5=7C6EF4AB65DA0214127F4E70CB74D180,SHA256=E882AD26197F05AFB20980407787F77D18E234F562E6EC396B7D9DF3C7EEF5FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063406Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.439{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\tis_620.pyMD5=D9690A0F4A8779777A17C8E04C5EA6FF,SHA256=18AFE3A0FD28797D71762EAFFADC9822E0CB8832BE696AF2298F6727AB92627F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063405Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.439{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-04112018-185621-00000003-ffffffff.binMD5=F9AEADFF0E0BB38A2C682B18522D8773,SHA256=C6E0EF3ADD1FF4DD9FCAABC6C67BF8DA2DD8EE2D2CDED8A26E99E17DCB3CC1E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063404Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.424{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\shift_jis_2004.pyMD5=0440951B33F486E65DB5176D5CF99851,SHA256=B806ADF317A9920E69A1DEB14C7F078F0D5A9BD26BD370C89492F4DD296AA52A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063403Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.424{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-04112018-185414-00000003-ffffffff.binMD5=C10E163C5EF4471DB4CFA0DE3448E5A0,SHA256=166BA4BDCA0D70E75CBB7F118144BF94396EC7D2AA9E60B9A3D0D3452B59B9BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063402Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.424{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\shift_jisx0213.pyMD5=CBAB0DA456CE49672F8A5CDB79018312,SHA256=16BE3CDC9EFA7C3A6EC5A683BC03BCAA9DBB41FCC70C92900130175A761A9D62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063401Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.408{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-04112018-184553-00000003-ffffffff.binMD5=99D29E83223C3EA2E741759071DF74F9,SHA256=D6E6A864FDB8A12A09AE9B640CA7FA9000681DC491BC0E036F92B912232230DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063400Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.408{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\shift_jis.pyMD5=9C02A2E9711192F5738426F6E7285B5C,SHA256=195C87BF032904002D5ADB51C256AE14D99F4A69FFC15C989CA34DD51FC203D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063399Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.408{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\rot_13.pyMD5=15F4EDEE2C94C2FB2F07435332C7A25A,SHA256=DC6052650356095A92A8CB3A6C63300B7F51A63B6CD3B6F636350B5F22CDA32A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063398Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.392{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-04112018-184436-00000003-ffffffff.binMD5=38F7197DB5DB51111A34D39F82463222,SHA256=9A5EDF4CF0E9908641B2A1E95C8386E2EBE03495D767157FB3F37180B5DC35C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063397Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.392{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\raw_unicode_escape.pyMD5=7B4C09E92D59EF6722DFCB9C79B792A7,SHA256=2CC24FFC2D06CAB80423ADA94E3DFFC02C010346E17EFC2FFFE86825A6E07808,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063396Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.392{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-04112017-210348-00000003-ffffffff.binMD5=CF086FBD5A09B744587FE94084B3A282,SHA256=2C2AC17AF39B23666017F26FC0290E6BF27B94C03D31DBCD7C769C58CEB60246,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063395Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.392{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\quopri_codec.pyMD5=096A80038FB883522A68E9E6C434C6A6,SHA256=4BF9A405B6F2359E5B931E0D9FB9BD9609B013688CE2E58AEBBD9BFCB119A356,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063394Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.392{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-04112017-203535-00000003-ffffffff.binMD5=2E102E965102C215E6A90ABE762CB6B2,SHA256=FB22B7ABACB6FF8BBA1E1A2E6487464672A3F48C2C8A31FEBAC51259610AA876,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063393Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.377{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\punycode.pyMD5=DB14BE3F7A2ADCBCC07E2A32AD0A7198,SHA256=823D1424AFA9508EA425F667F787567C80A6A28AE9742C66AA90A829ACC19748,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063392Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.377{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\ptcp154.pyMD5=6EE7970BA64A9E17B3246A28C7CECD28,SHA256=F3BDA3C1415D37DD1C314E3F474529913F36F7021279D82DED0D11154EED55F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063391Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.377{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-04112017-203330-00000003-ffffffff.binMD5=5AEFC83EC25F7D4110D45032F4AD6B45,SHA256=41CDED3164343449BE196C69A345B1BF78A707679CE1A92A7142495B5717C02B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063390Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.355{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\palmos.pyMD5=3D512E1AB4D97E95DCEE526F991E685F,SHA256=C9E5D71C1FA128602E2D10E9BED0B271132DF349290F4465CFCA9D5DAA5BA86C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063389Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.355{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-03242018-022731-00000003-ffffffff.binMD5=2C6076A29C66825B45BDA0E6DFC2CC76,SHA256=A5DEDBC344DD4BE2CA4769F0C2EE4397A6DD5150EA5CAB301272E56710CA3ACB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063388Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.339{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\oem.pyMD5=5163EF7B87B6DEE11BC7914E2AB1FF8E,SHA256=991D1FD2F4B815943EAE7F7BFA9F87E2DE980ACB08932BEA3258FB034902A15F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063387Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.339{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\mbcs.pyMD5=0D4DEB48618561417DDE714ACF399AA3,SHA256=B00887A6D93C97D320CBB1C3379BD7C6DE767CCFC34ED13442891E06CC62F148,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063386Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.339{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\mac_turkish.pyMD5=1C214A3F28D2D23CC7FDED7A387585A0,SHA256=E7F9E6C9F92513C69754AEF1D7AB235B09E9EEADBBCED4C86DF6E2AA2D06A1EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063385Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.339{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\mac_romanian.pyMD5=425337635E74A8B98CD770F43848AF18,SHA256=1DE13F2703A62479C4312F9A39514C7691CF7F737958B3915AF395A53A596183,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063384Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.324{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\mac_roman.pyMD5=1F99EDC6D4A3BA200295364C52D6038D,SHA256=6BF6FDE10F2350232DE5EE47D27CAE885362602443B59A924DE8EB6998B18BB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063383Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.324{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\mac_latin2.pyMD5=BAF2B9E09D011F78EA36ED2CC5ED22FD,SHA256=74C9045009FABFFA3E81B5B41D97A85860BA42D109DB6673A276EA8BA9B59E56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063382Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.324{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\mac_iceland.pyMD5=8FF7EE70CFFA2B336AEE3367796C96ED,SHA256=64DE55FD0EA0FE4D2512B2303DCB3D20CC57061D78D08A11D3AA6F19E1877826,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063381Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.308{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\mac_greek.pyMD5=338143EC1BC5F5DDE251657BECC4667A,SHA256=4C67D361F922B611213FD8FEB9FCAAA9FF8CB57CD961F1CA1B5CF4483B1DEE66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063380Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.308{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\mac_farsi.pyMD5=46E0758A4DF808F2649BD6B7262362BA,SHA256=B0F1FA8399AD1844EF5F07ACFCD523585AB576F411D845A008A610FF6A25AD31,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063379Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.308{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\mac_cyrillic.pyMD5=69AF178D83304D0AB6260D64CC9C734F,SHA256=AC11E1F54789AFF782D79FE7D6FD52183EF0F57B6AC4A0F680353FE0113F0D4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063378Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.308{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\mac_croatian.pyMD5=C3FC8C5389BFDF1371B849C38FE1A20C,SHA256=68539CA54FFD5D96C07F3590E720D8A28009CB7CAA13E607AC3084D19DD5A19A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063377Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.292{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\mac_arabic.pyMD5=C269925332C46C7A774FBFCAD74F4B66,SHA256=F5C262F930F3B7D83466283347F8B0D7B5C7CBF18DD6FCEB4FAF93DBCD58839E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063376Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.292{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-03242018-022555-00000003-ffffffff.binMD5=4E88956BDC1A779CE4104FE4ED986B8D,SHA256=719FB2E23107CDBCD695DB012245A4D0AF8E2C911230B7415CEAEDEFD263C9D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063375Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.292{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\latin_1.pyMD5=92C4D5E13FE5ABECE119AA4D0C4BE6C5,SHA256=6D5A6C46FE6675543EA3D04D9B27CCCE8E04D6DFEB376691381B62D806A5D016,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063374Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.292{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-03242018-022553-00000003-ffffffff.binMD5=F4F95DF466C2E00FCD4E36CF9E6B20A4,SHA256=69C874B8DF2ABA342D37941F52D70DA94632852E616C999CCF524AE99049F18F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063373Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.277{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\kz1048.pyMD5=F4729A1242BD140B732D4BEE6E137558,SHA256=DA8BAC477F14620D8AA89EB6CB8963602E1C39724148369C88EF48C95D495011,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063372Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.277{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-03242018-022359-00000003-ffffffff.binMD5=597FE3DA0539379F3E8679E88B9F8001,SHA256=E05951D99A5A7D9B562517F98E19A116C18002937DC40DE6270CFE9E33231B1F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063371Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.277{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\koi8_u.pyMD5=211B71B4C717939EDEDBFD33A9C726BE,SHA256=9F77F72F8A42A1BA97C7D53AFDB6F6A6D4E08707CAA4D4CD57D6C113156BB32B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063370Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.275{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\koi8_t.pyMD5=B2F96B9A1CF37B7C81BE8704D4E62EF9,SHA256=86D922A935AFDE1BD7C22CF8A9F23A237511C92C51509A80051DD2862A84D09F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063369Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.272{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\koi8_r.pyMD5=75872A24381833D8B71D42A66523AA45,SHA256=90A883B291D5F1E6DBB735413D51648C31580B1927500161C16624836D01E5EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063368Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.255{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\johab.pyMD5=161F7EEDD0B4169D0A36DA2E7808EB7B,SHA256=C83AA2098AB15FBAD7EB999C303B27350B0459EE9F6FC2B2BF4004D4285F9E8D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063367Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.255{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-03242018-013953-00000003-ffffffff.binMD5=30DB35360A2E174A02B59790EAD1443A,SHA256=3939EF03766F1161115F130368BA1AA76BBDA31F895FCDE8280C1E6A8B25FAB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063366Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.255{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\iso8859_9.pyMD5=CAD4BC52AF4F5E24614AC8857D21DC35,SHA256=FD0CCFDE95FCFEBF48BA5ED5F697C4799C3303B853077F48FFEF2FD9EF1E30C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063365Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.239{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\iso8859_8.pyMD5=E873B80A7B474B64BA463354A5D1A39A,SHA256=63D11B2592BDB036C8F4150EC1F968D1A6E01D22AF8D7DAF94F6C72E0A8FD752,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063364Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.239{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-03242018-012953-00000003-ffffffff.binMD5=C91E42F8C53CF985CB13D0E00AED64EE,SHA256=785EA5C9C53BA0ED3DAB4563651CD765BF39DA4BB14558BA09C87266E2039B12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063363Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.239{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\iso8859_7.pyMD5=50BFFF8D67F78DF6B9941AD829159358,SHA256=41FEB2BEC72E3F07C0D67F0E421FF8E51A8E1688AA20AF7C8A12CE0DDF464104,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063362Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.239{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\iso8859_6.pyMD5=A69D78A4C1AB4134DC5033FA45821AAE,SHA256=1543F9AD8DCC4AA912C5C901A5A216A4EA3DB62FB19197A0D90CCC0EE69B4538,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063361Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.224{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\iso8859_5.pyMD5=70CB514B7CD7B9A494A55CB257553431,SHA256=4622BB45469E23C852698A6B784B5E28AFD8072FDDB8E319C02D39B138CB9DBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063360Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.224{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\iso8859_4.pyMD5=4C0E2E5478CFC6B2A8134D5C5D3C76ED,SHA256=164C26A1A13DC22A21A7F80E5C0176EA9223111B759D2ED1CD8B3C55AAB63BBD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063359Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.224{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\iso8859_3.pyMD5=79D790F88E256CC8C968456344519BAB,SHA256=E372E25B32E8657DB9B57B3C9B53D68B67F3FC6651C53B071DCAC6CAB6662FCA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063358Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.224{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\iso8859_2.pyMD5=62DC1A7320D0B8FB3FB535E0F2055446,SHA256=D9102AE464030E5A0F4D1712435AC3BDB2FA98ECAA689B5965442EF92B13DFEC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063357Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.224{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-03242018-012206-00000003-ffffffff.binMD5=E747D558F08E1AD7DA4BC12B551A00D8,SHA256=760AB12ACE292E7557C84B8DF31CCA2430F358693FEC2F314EE46CE70B153115,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063356Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.224{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\iso8859_16.pyMD5=6ED16EE5F05DE02F25349CEBA19AFF51,SHA256=F49FFF248546D510F7ECB5FC2C25C9B68925A2F483B938035CD7A54957A560A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063355Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.208{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\iso8859_15.pyMD5=0D2C4FB1B7CCD0D085108F651A041593,SHA256=D703D64AE2D23602E38C2F387EEFFD5D4E5792209BC3CE64928FEE2F99DCD906,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063354Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.208{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-03242018-012059-00000003-ffffffff.binMD5=4A3F9EE2787DA367A020AFEED367ED9D,SHA256=A9F5F607B57562C924C85B1BDDBB21B473F2CE04D6D8C7EC1C461211FABC2C31,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063353Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.208{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-03162017-194019-00000003-ffffffff.binMD5=36F96611F9C52BE52416925B6DCE9EBF,SHA256=8F268528609E17D10A98DFC3394A39DCED85A0388AE35BA1FCAABF0B50D9E979,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063352Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.208{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\iso8859_14.pyMD5=445A9BD974736A30077C9BF14106E805,SHA256=C498772FADF244077B650E468E7922AE1C0DB74ED6984A2A81BC0E088631F0F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063351Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.208{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-03162017-185716-00000003-ffffffff.binMD5=EF7AFFC2DBA6E170ABAD86A18C93F8DE,SHA256=CB8B5CA095F115CE7667DCF64F25C79268AEC718ADDDB279C4B510A933C6F19F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063350Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.208{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\iso8859_13.pyMD5=89E3297E11801E02B40A23B6180DCD25,SHA256=BEE45734B991C04E76C2ABA2BA8C7208F6BA743324D815DE95965945643D8084,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063349Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.192{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\iso8859_11.pyMD5=8BE69EAC235E74EFCA68174DB8EA6352,SHA256=5E346F5769E0C3EEB6B5547B954481A821481A970AA8FEC33BFFBF07B880689A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063348Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.192{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-03162017-185340-00000003-ffffffff.binMD5=7DF4058C7ECA544C99B88A7496DDE270,SHA256=76F588159D036F1DEA5C12635F82B88402AD1171881EDC6D10D9FADB9780D2DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063347Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.192{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\iso8859_10.pyMD5=28ADCF051DD15E45A38CE929864BBD83,SHA256=76216C65399DE88B6D40E0BE3209ED7B14D6DD87AFB9C0A984ADDDD0CF6B559F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063346Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.192{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\iso8859_1.pyMD5=0466703A1EB5752CDD5115B2D738D822,SHA256=CCFDBA207B483DCD38673D85B6E2A773A5BF64E8AE9DB7E90A01F8014E62B24A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063345Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.177{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\iso2022_kr.pyMD5=F907851FF35FB61EB485B2C163A2BCCB,SHA256=FD9EFD7094361F6557D00857E332D7229E922597336A0714FB0FA2402C954029,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063344Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.177{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\iso2022_jp_ext.pyMD5=34E904E0F16F84EC0A001DFFCDE7514C,SHA256=5B4439C7DBE65638166A70C5404CABB72552019D1F497193C6689B86BD3C4C94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063343Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.177{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\iso2022_jp_3.pyMD5=3E98055A4B7D99A49798F3012C4D9DDB,SHA256=2A2AE4368D962C2E7B5DB2F29EE89EFD5A7FDB881DEF523C21670E0D1A1C50CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063342Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.177{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\iso2022_jp_2004.pyMD5=E1738D28D315C80A04908CDB21CBE7BD,SHA256=C8CB592DF0CF38A6B7E8265C02D7784FB32052EF9AD94D0FF369889EDA540273,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063341Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.177{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-03062018-031206-00000003-ffffffff.binMD5=24C3A79EF0DF9AD59D32DB36325893D2,SHA256=AE09C51FFC3CA1E23BDD62A0EA54E50E2166CD9F5105CA9E5D7DCA1850FF04B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063340Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.174{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\iso2022_jp_2.pyMD5=A4798D8B5DEE38BCCF3CBEAD235F392E,SHA256=DC680A0E34DCE73756F0E3B5CBB23DD819022BE7E10F80E55289A5EAB9ED7C2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063339Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.171{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\iso2022_jp_1.pyMD5=4D2B0675DE1A9AFB3553B5D5E894020C,SHA256=627D3BDB5D3BC70DD00E51199B689D1C225EFE747A2DB8D5938E6AF78263F572,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063338Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.155{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\iso2022_jp.pyMD5=0607F8E6310A0B601897FF8EC76FF2C4,SHA256=7169767DD6732A80A0B665315588EF9CFF2DF4D495A86BC0BDD22B5C9F0644B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063337Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.155{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-03062018-030818-00000003-ffffffff.binMD5=6E753062DAB043AB0C4C48E7E36959D5,SHA256=FABA8B4C8B504699C293D4EF55DE22C3C323EC1A1BEA413A9F7A91074AD8F43B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063336Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.155{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\idna.pyMD5=CF5028FBC67B9B0E0803D20EAE7B32E6,SHA256=FED4EC303B42D049CFFAF5C85C840107156E2084AF1168F408CDDDFA213AD735,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063335Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.155{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-03062018-030457-00000003-ffffffff.binMD5=472F8CC53BC9B948C554DC9B44A88B7E,SHA256=257EDB1469D12E3F2865BD6696F628D1D43C9ED48014C1D408DB7F7026474B11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063334Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.155{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\hz.pyMD5=78235EEDFAE419F3CC13044D7890799B,SHA256=2601DC6EF938FF87BD2024B3C4785254F2B3DD4D8D34D8F63E254D7B8545B077,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063333Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.155{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-03062018-025718-00000003-ffffffff.binMD5=194891311A9A53D0F6D2B62DFAAEE8A7,SHA256=23508989368BE56B84FEF9D7CBBF30CB832C046452BB568C1B64D9515D4B8A61,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063332Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.155{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\hp_roman8.pyMD5=1332CCB5750EB756B2856CCAD9E18CC1,SHA256=681FF6A2273BD64450E04FC6F04B2EC63015A91490E30A31E25ED193708C99D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063331Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.155{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-03062018-025618-00000003-ffffffff.binMD5=A8B30A9F075A01BDAB9C25AD8AD0875F,SHA256=73760B61E58A40F898B3B00359A268CC950B633F85417B73F07D1387AC9CC4EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063330Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.141{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\hex_codec.pyMD5=1E55C95602534092B4DB3ED99CB9E67C,SHA256=5881C1AEEEB5F9CD27CE0E0E62AB9D6551F094955DBD52DC8184165DAF78AEBA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063329Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.141{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-02232018-111106-00000003-ffffffff.binMD5=B1ECD777AC4C0E55DC785243DA2F41BD,SHA256=AA653EAFD68EC2B66199F93CDF3574980FF7BB216192D8169DCE2E7D5AB745F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063328Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.141{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\gbk.pyMD5=0D6CF4D6FFFB4B761BEBCEBC1D2C3CF3,SHA256=9C7828E3B9661E39D4D75419A12B9D132FA9D0B4DAEC36F3DF51AD1C3A638DE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063327Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.124{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-02232018-110925-00000003-ffffffff.binMD5=BCD0F61423A8A2E2D6384308D6185507,SHA256=2B3799D06CF6D87719184AAD41CFF70575ED1974801B242FD89D193309E30490,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063326Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.124{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\gb2312.pyMD5=72F02C10927F33B52DF6549FF1F52E60,SHA256=2B5573EBF7FDC20DCF126633ADF0B7283C08629D36DBEFA669C985C9DDB98EA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063325Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.124{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-02232018-110922-00000003-ffffffff.binMD5=7824A2EF89D301A90020B8CE701E4E9A,SHA256=AE35F59A383A422728C9915A19301916191288356D2B24A1D730696ACD6EC026,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063324Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.124{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\gb18030.pyMD5=40B18EE51A3241C53EF5CBC6C019997D,SHA256=0D9C1DB7E2959E60E4F6CB4B97C884585668C55B48F2D9D715B2BDAF5E78C671,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063323Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.108{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-02232018-110739-00000003-ffffffff.binMD5=C43FD2A80A2EED56A8EF3EBCC79B3220,SHA256=3D43FE3C4A38A4246681CAA895B79F58632824D9F18E777D1EE8B3A6AFE17B07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063322Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.108{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\euc_kr.pyMD5=B6EF8BD54861FA5D1E0AFF68F50F2913,SHA256=03AFE0CF8020529EAD00A0EA26A7131D354994CD2352D42F9032216B3748EA91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063321Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.108{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\euc_jp.pyMD5=0F2187EA4FC89DA2F54522EF29F58A7F,SHA256=8927683A4234B936BE1935B8A799BE78520438BB5EA072499D51E7FE3D182987,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063320Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.108{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\euc_jis_2004.pyMD5=F1FAE768C9FF8329D237608533530CED,SHA256=78265BA431395662E7252A9B79BC2A75FFE438DB872B2CF1CBCFB243D83F0C87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063319Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.108{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-02232018-103724-00000003-ffffffff.binMD5=0CE2E3897BA225938B339C4B53AE694F,SHA256=1DBB6B7A627A5DB487025853E75232434DBDFB9CDA95A9865F5CDE6437B95F36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063318Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.108{6F5BEE90-1CB8-61E9-7203-000000002102}6636ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3zus1al1.default-release\datareporting\glean\db\data.safe.binMD5=06687EE127348314EABB529AF8FB975B,SHA256=1A3DB6AE6163F60011C5ED1714332B33C91420DB995AD7F1A95FFC8B0AC9F5FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063317Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.108{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\euc_jisx0213.pyMD5=45A11BD69244CE2DCC3FF49206AD041B,SHA256=12CA22A7DB25D9EEEF9BF5FACDC5594E3165CCF451528D36E3B68A03989521AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063316Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.092{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp950.pyMD5=15D67984C7486D079058D4DBA07DDBBE,SHA256=8FD6E86DFB38006E753B3B0301AA4B377C64C25F4EC9E6333FC99C3F06E90917,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063315Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.092{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-02232018-103454-00000003-ffffffff.binMD5=EDD17C68B1ED981BAC7BC7A83A90ED04,SHA256=3C832EF31AAAE364EC179340C8F9AF1E30244B078FA44A220219D8B713C1A3E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063314Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.092{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp949.pyMD5=D85D0503255F9363D30F7B7AAD7355D4,SHA256=DA13FD6F1BD7A1D3B48AED1FC75F7516D6A33814086CF971E030625590E9DDA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063313Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.092{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp932.pyMD5=70E562A99A8F07255F47C5F3C05518A5,SHA256=F917DB40F96F9F676E45FD9F1A7FA5D9BBB67A703BDF88B546CA4DA84C4905F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063312Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.092{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-02232018-102710-00000003-ffffffff.binMD5=1EF3918737AAB6CC0474619243CB02E9,SHA256=6218493B6EC20AC561AF8EF9564E400239C67EFE9FDB85B4B50C1BA39A62BD41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063311Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.092{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp875.pyMD5=3DAB3DF72E688978781C91CEA3285C4A,SHA256=5C42ADFEC39CF9D891FBB2ED19D882C6160A00B8487B7867F9E2296B9E2F491B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063310Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.092{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-02232018-102542-00000003-ffffffff.binMD5=4376DA5BFB397F80EB38292CC8ED064D,SHA256=95257B6A3733BEFEEA2124355FDC89F149C4EFEDBB1331F36BE1AE017460F256,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063309Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.077{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp874.pyMD5=5E2C1051F63CEB3600F970937C5FC6E4,SHA256=94179E22722674527BD56386B5E9DAC5427B0F55248D1AA63E204C105DA18D8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063308Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.077{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-01132018-033024-00000003-ffffffff.binMD5=7B53663017A06C2C892D984B48922F1A,SHA256=70D75327BA2134B5DF75E78B0477B7C8C75628C478DE2B694E0AE8629D1854B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063307Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.074{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp869.pyMD5=FC295CB9BF854E29A7EAB588DF20A662,SHA256=4322E184D3C1DFA56EDB013E895CBFB71130E7846F8F56BCAFC4C0082373CB6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063306Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.071{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp866.pyMD5=BE6B4AAAD297AE734F59800072CCAA30,SHA256=E3A033B3B790018A0A02E9F67A03530753C7FB5F94B6ABA84F5173D29FB389AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063305Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.055{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp865.pyMD5=FE9E2A87FF8164A9602AF05FE30F64FC,SHA256=0722BBF3A0F93700E99B3816E9E52C75674E14319146F9AC3FD1E17F87E66CB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063304Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.055{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp864.pyMD5=30CBEC79DA2D6565A1C62EF240272223,SHA256=E8879DB3682B0F234BFCF97FE74A3A7DB63CFD5F40281F580E911932DEC4A4D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063303Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.055{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-01132018-025643-00000003-ffffffff.binMD5=367CC533B6EFF0379089E6A0F3709CCB,SHA256=68F3799A0B6954861BF77597C3E47337528D943111E8FE7F155951DB3B0D36EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063302Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.055{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp863.pyMD5=13279C9ED7C1F7AF8722F9EB3A1B595B,SHA256=32FC23645A773EBB3247B3692D0525EA43513B358DD0350EF3A171864E326335,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063301Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.039{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp862.pyMD5=D22ABCA28D2425D802F53021178224A1,SHA256=6D99C0415136CE45AB438C8238772A1A132E7B38212C623467C2170F1A8AAE75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063300Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.039{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp861.pyMD5=83CFB87E2BB8A42739A03DA1D979AF6A,SHA256=D7FE52A55FDCAC4E6E9ECDC4884C793D1FEB345D0276B074214DB1BF4BCF3033,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063299Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.039{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp860.pyMD5=1F0B22586EC65A59C966A709024E35E4,SHA256=E2B8B4B2658ECC3DC53D4B0760AEA95517BE298FAFBFA69574B08933747922BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063298Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.039{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp858.pyMD5=F0B8B1B55A90C1EA058759AD18834A75,SHA256=04A67B43EFA1E0CE2D80791C290BC2C8EA01C3991EB3DF37528B1DD575B12330,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063297Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.024{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp857.pyMD5=DD1F84F2921D49CF944DF4BCF6ECF7E8,SHA256=8AE4CB6989342105C513678480ECBDF2D5D8E534E69704964D0FB4D2A960039B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063296Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.024{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp856.pyMD5=EE5A43420B08D06B0B2D72A49F00216D,SHA256=F0C9DAC1B08D688B81B4F11CA603336FBD5C7FC4C1A30E8B7836283C2AD9A8E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063295Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.024{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp855.pyMD5=7C84762C6FD5251CD237754FEB1752D4,SHA256=F4F47A5CF3FE5A8CD269B68A73C1DC293A75CD3B9C0489CFA600919B47B35A4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063294Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.024{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp852.pyMD5=BB2BA9443AE7BD887BA8EAC3E622366A,SHA256=8B6AD769607B3DB0D60E4BA1A6321A3823AD8460890D48C816220DCDF8CBEA98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063293Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.008{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp850.pyMD5=F5F11DA44C65B2A394A4137E36E35E82,SHA256=DCBE5938D7FE65072D4A286A184046DB211544C30F0C3C370B9CD594CF3B36BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063292Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.008{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp775.pyMD5=CBEF285952C0476BF35BFCD7E7818919,SHA256=00F2A5E71CA98ED656EC430A80FC2E971988A0A33EBDEA77661BDBE24FE2FBFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063291Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.008{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp737.pyMD5=BD60E98CC59C8BD60874F59A06E30F78,SHA256=F2DA9D418B2364C2E1A587B7A6E26FF5601C16AA7993070F2C955DDF2A1F860D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063290Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.008{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp720.pyMD5=9B7E8AB7C2EE4F82BE09E14F3D3AEA4C,SHA256=016BDB7208A0D6BFAF8972C1F6BB4B3DE39C77E026B49ED106866D592BE4810B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063289Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.993{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp500.pyMD5=BEE7333323D2BCA3262F13C59414EDD3,SHA256=A5CAC573ED357CB6C2A672D01696212C25E306936586D94BE0D0130354A4DB6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063288Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:48.993{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\encodings\cp437.pyMD5=A11E9C869BD055D6C91354FFFEB7644F,SHA256=7B0A9AE2E74D370354CC60CBCFB77AF970364818BE2E2A446187DCCCF9E28ACC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031924Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:49.858{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=888F533C0868762E8A35D97A3979E646,SHA256=E4FCBAD120486E042CCA32F3EC858CD74CEE0C348F25845F48D71104F45D61C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063692Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.996{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\importlib\_abc.pyMD5=CBCCC8E431A338F393CCD4D3F244CCC5,SHA256=C4376232DA9464A27B02A530473489486D570F25A063715F3AD5A24D92FFE527,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063691Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.996{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\importlib\util.pyMD5=2B78D189CD0CB5B765B9F19AC18DCE5B,SHA256=B9A599E9047040EC13892BF784BE3C733E5A2D8EFF39331EF66CFBADD6B169CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063690Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.980{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\importlib\resources.pyMD5=D24BF8D3E22BE65665C6B3D52722B4A7,SHA256=5EF2C3E328392BFC4E0CFCE2D2E958DFDD0B77D8C28AB9FA3DB2B615D14E933B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063689Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.980{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\importlib\readers.pyMD5=1DF7A85C79AB990FF6C103B011A7E3F6,SHA256=DFF87F82CF85D623B847DB323E6B202B96EB0081DD38C3FEC105501F61E76644,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063688Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.980{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-11172017-210537-00000003-ffffffff.binMD5=385B1790E3DC7CDE96F1F79583E71629,SHA256=3B9722E7EB32B3B288328B42BAE68A614EF8B708D3ABDB49A5EBF1ABB31F6F9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063687Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.980{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\importlib\metadata\__init__.pyMD5=0F02266E0FC2C1C71CCD7C7A72030FE3,SHA256=38CACE04D1850C376917C6A2DE270698EE1272A4D2A83FC5CF06CEB6DD055367,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063686Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.980{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\importlib\metadata\_text.pyMD5=A6554E82888F65E2D55C209B7FD9125C,SHA256=87B52AB0F393B60FE5D9BFDB0A019A18395B0A127D133847763A873D5D1F68DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063685Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.977{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\importlib\metadata\_meta.pyMD5=EADE85F75510D406899FFA83EB10364B,SHA256=D350F8C337081981259C3D18B292116194D8DF095C7F403EEF0EEE0D52E30166,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063684Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.958{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\importlib\metadata\_itertools.pyMD5=07DBBC13A3B5D33F9F06FB6D0FCF07D7,SHA256=8E3C80F7BDB8A3FBB6E0373489C150CE0F0767D79DD829A0662903CA1010049B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063683Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.958{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\importlib\metadata\_functools.pyMD5=12C37DB10A994824F04309893CB9F6FC,SHA256=7A053B03F86EE1BD326292C22B23BCC14B8B4D406338BEE1670841AFD668D27F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063682Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.942{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\importlib\metadata\_collections.pyMD5=0E214D282C8470C634BBA8872B3DC139,SHA256=4281B8DA21C38B837C93E93916D6BBC0A01F7E023C7D39251E3B80250F7D575E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063681Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.942{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\importlib\metadata\_adapters.pyMD5=A046E808A33BE9907CFC850E6DC30E7D,SHA256=863E49569310894ED3F41F966A4883B0FD1684829DDC4E7694A73E083A89112D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063680Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.942{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\importlib\machinery.pyMD5=AC4151821693C881CEF5C5567EE36977,SHA256=1B8C62B3A0494C064B37D1812F3A67A475B874A383C937665C6DD66FCDC8F7B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063679Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.942{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-11172017-205951-00000003-ffffffff.binMD5=1F0805E8E414C0C4837AC54C737CBF6B,SHA256=A2CABB0DA1C597741EEC527E29C3C07489A6C53BC22E6C3CE6F4C77584D25FAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063678Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.942{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\importlib\abc.pyMD5=1C219A984C22F7CEFDF4658FF6F7717A,SHA256=03060C6B437D5268556E45EC50A89B25FF2DBBB393695611046BE776233BD568,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063677Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.942{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-11172017-194329-00000003-ffffffff.binMD5=4D7D453CA03D6F12686879CB3C4BC3EB,SHA256=1D08CA503525B3DB99B351F7182D56518F2C5D61F5B00FB25F8394BE0740218F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063676Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.942{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\imp.pyMD5=B961B5EA8D2A81594CB59270C55A9412,SHA256=22455CCD2ECA0C0F032603FCEF28684DF795450E402C1E98AC8039AC9E6CA5E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063675Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.927{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\imghdr.pyMD5=DFFC1936F5CECC4DD8901EA2B924BA1D,SHA256=E01288F17006090085CE2CEFB5C8CE94BF0E7D441EEC70BA57BD70034C886899,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063674Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.927{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\imaplib.pyMD5=F26881E2906384DBE388BAFCC0A32393,SHA256=76B464DD9B86B5546E228A310B57C848F8B58533FDFBD19A95F55381192CA508,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063673Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.927{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-11172017-194113-00000003-ffffffff.binMD5=8E436D022CC7910142AF3E02D532E2F2,SHA256=EE6DA9A52C9F41F1BFCB21A39ACC71C6369644CDC14EA8BA7171471C6A469386,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063672Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.927{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-11172017-193826-00000003-ffffffff.binMD5=2BF0448E53384C62F3D0CF04C1694EA3,SHA256=521E20F42830F8D357C981ABB33ED2E66DA7ACA0C938A34F727601AEAD33D936,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063671Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.927{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\__main__.pyMD5=97C076D4B2071D448FA8A2A1C67F5806,SHA256=80B0425E14BCBC3C5C49B0B4D282F777513A5E825D0BCD55A5A9998D4C4D8920,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063670Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.927{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-11172017-193110-00000003-ffffffff.binMD5=6C69057AA474B3B121F2FF771A9B8816,SHA256=420AB10777F44022CB3FD32C31711DD3E4FF253C20B6A121B66F4610D5F6F906,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063669Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.927{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\__init__.pyMD5=0FAA292B2BF8F2039EDAB385B368B5E9,SHA256=4B0FDDB52B5B9C8D3371B1915FE54915CFDC34B0C175857BB4331446F8F628C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063668Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.911{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\zzdummy.pyMD5=14BF96284FBE73F8A04B4FCA75165305,SHA256=CD44C3950F2380FBC654D444D8917CD3A144B88CA523917D522537BFBB41F519,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063667Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.911{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\zoomheight.pyMD5=201370943D09BB9AA42BC66F53934AE2,SHA256=E3A6E578F3FEA8A1F834CBA273C5722CCAB726A394956637EEB02650B7E3B60D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063666Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.911{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\window.pyMD5=C8EEEFB89218A863B90D43F2F614B810,SHA256=85919A4F823AA687DEFADB6716E2B01B0FE74C21E7EBDA950B8CBEEDD1EFB3F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063665Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.911{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\undo.pyMD5=52AC7F33956426A299038A4284102902,SHA256=922FEFF3541928446E01487A68EFB47806FEF8E84659B2F069E06B8A2BC5F9A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063664Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.895{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\tree.pyMD5=8E44C852297469C7AC5728F4AFEBC868,SHA256=722656EAD88D8202E633E3981BA6E4784DEE340A3806B7068E0B01F4B0F82E0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063663Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.895{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\tooltip.pyMD5=F0FD4D4A5DD3C87272B0939B0BDA5A0D,SHA256=AFAA0316C08A75A115195E2F0C7A82F141B1D28575852853201CBB7C4DAD7E3A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063662Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.895{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\TODO.TXT2022-01-17 14:25:12.000 23542300x800000000000000063661Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.895{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\TODO.txtMD5=06B386CBB4614358099B3741402557CB,SHA256=1887D7DF719819D8FE151B28B4B0555EA6E512F7A22DB5A113E633386C1538CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063660Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.895{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\textview.pyMD5=BFC81D111A91B32E51E1719BE72C22BC,SHA256=4518DC04EC0615F5644DEA856F005CE3889806EDD467A017D9FDF22FB97406B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063659Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.895{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\statusbar.pyMD5=6C80B2E1169B27FBCC91F895D979B35C,SHA256=CAF19E92849B704CB5A393696F67E0B7E23D75AE1BAF2BA727FB124CD34483E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063658Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.880{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\stackviewer.pyMD5=F148B03D5866E3577EF7EA34C53E3D8D,SHA256=A7BBEAEAA8E3FDBC9AE9868A65E94C3909CE8F085B5CC32BC62BB3E581520E67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063657Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.880{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\squeezer.pyMD5=E5B38047C54D24A3247F1E941C9A6A36,SHA256=F0CD9C085CF31DE1411066074805BB9813E2916142787B06D23D817756A66AF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063656Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.880{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\sidebar.pyMD5=D19105D9A936E5FEE867FB3AC3733875,SHA256=2EDE762B6C329FBA361DAA3307559B55E126A7618CEA02FE50A48CCCDD6C13BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063655Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.880{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\searchengine.pyMD5=BA0EC399F866978286B8F1A1EB14643B,SHA256=9433DF42B9801B0084BBC76BCED68E9C49749D20EAAC90978CA8504705C03D28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063654Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.878{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\searchbase.pyMD5=BD72F06AE14B226D4983C0E3BEB8E6E5,SHA256=A1EDEA131EBDCDE39C640487822D5509165089BA322B33EE568AC1F3C049BA90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063653Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.873{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\search.pyMD5=59765161DDE823279EF6EE43BE159E02,SHA256=870D0C10BC0D739A1ABD2855C889B240FE613FDCD57D9BA518A3177648C0A15E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063652Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.858{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\scrolledlist.pyMD5=26DF7B8BB4682B6BE27510EDBF3160D4,SHA256=EEC4180B8908C324286DEB5D47A067724C52F7454E2B317589399F2726419F6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063651Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.858{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\runscript.pyMD5=B770323D46AF21C55FE741147CE92510,SHA256=20189DFB2029E2BB18C89A374A4157C36467D4C254B8E0BE4DAA8D9031506E39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063650Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.858{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\run.pyMD5=9E8758C9DFFBF07C8250E6F28D20BCA7,SHA256=43598C1FDC0B3A9F3BF814B7169225939BB424D28EEE4A424B0BE49D39A133F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063649Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.842{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\rpc.pyMD5=5C3E36A353C37420F9C335923571AE17,SHA256=CC0B4A0196B36565EA268B3DCCFE8AD96F6C37EDA90D6D2A4C15385749091C52,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063648Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.842{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\replace.pyMD5=1739C8DD57D09EB36B7F15937B81E6F4,SHA256=432D363980E6A7C8E451BC139CAFD8DFE800BEA245D3F24AB0D050A20AA22E3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063647Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.842{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\redirector.pyMD5=62A7CE23D6D711CB28C5B61086045F9C,SHA256=BE49C0AFC35A57C8E7E210F707AF15D30CB9D571AC90179C1712DE7C03524DEF,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063646Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.842{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\README.TXT2022-01-17 14:25:12.000 23542300x800000000000000063645Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.842{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\README.txtMD5=FE7EDDE296FE5CBFC8EC412BF014AECB,SHA256=8C25B0723531749152B1C9C8C804D0FC08734A27CC3F06EE68FB43111764A1FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063644Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.842{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-11172017-193005-00000003-ffffffff.binMD5=DBC63B52AD9563CE82E2645AB16CD38B,SHA256=CA9F6EE87B02983BA6E0771A33482796B0BC27E4EC3BF40045C9B3AA10AE2ED1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063643Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.842{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-11152016-090148-00000003-ffffffff.binMD5=5700E912A58719EB5910C13E43FC08C3,SHA256=9600F969853FC06746EB6E856C9B34E9BC77B95BFA6B784DB06CD6D26F8CB46B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063642Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.827{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\query.pyMD5=6C4DC8FBEB112DB7CD0E7229BA170F68,SHA256=43947F49C2206B7C9DF49E101FF9E618AE3546A17F8DD578000F6E7CCAD064F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063641Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.827{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\pyshell.pyMD5=EAE6EBB64502C32124A2DD1E797DE478,SHA256=36A73B287FF8E0FF7994CD2150B152872B73EEC7B0D6858A915101E8FB243248,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063640Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.827{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-11152016-081805-00000003-ffffffff.binMD5=0AA4663096E4C8BB35140243EDD81935,SHA256=1C6224A6EB0D0516829EF6191CE18881155A203F08503097A3A2A19536E37931,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063639Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.827{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\pyparse.pyMD5=0AD952985F0881C740B79B00FF32CF83,SHA256=475C51B469CE62E70F152888BF500AC00B436906FD4F5EB50DA59BB8EC215C02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063638Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.827{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\percolator.pyMD5=FACE0BE36C3605ABDD3688F134A5E673,SHA256=4E6201C3037B85BEB31D2B76210E772B010EF19328473C656DB93B283C8550B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063637Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.827{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\pathbrowser.pyMD5=D07D0EF3D32A661F86E676545988FA28,SHA256=F611A703CA3EEEB90943CC752BFC310CD77F440E7D5A209596CC7465FAE8CCCD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063636Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\parenmatch.pyMD5=A53945157002F4511A292C5FDDA5DBCB,SHA256=1E79FCD497D449836554772C565CBF3F31930F8DA0DDFC499096E23A9F96A18C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063635Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\outwin.pyMD5=F045E450E617B5488281A1FC18305207,SHA256=D16A373645E527049C8135E44A616F357EF8D96DB414FD8074729D326EE5FF3A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063634Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\NEWS2x.TXT2022-01-17 14:25:12.000 23542300x800000000000000063633Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\NEWS2x.txtMD5=AD6A559EEDC9B6E21491FBDFC3DF4F6E,SHA256=4F89D07CD95D20D295EDC6FEC7A3663A7E3FDE33D94D3321834F7FB673D508B8,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063632Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\NEWS.TXT2022-01-17 14:25:12.000 23542300x800000000000000063631Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\NEWS.txtMD5=7CE30CC267B321C85BFD7547E50D1AB1,SHA256=EB4FB5E5905B5038D8F24D5B0134D6D4A7705B862910CF6DDF52DDF1CBE94E5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063630Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\multicall.pyMD5=80509FDA0640873BD6AACC128375E0AC,SHA256=B167888661A74BC4613EC8581EAFD80F50C29C886E5A6DCE09CD7ADEF3603E65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063629Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.795{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-11152016-081414-00000003-ffffffff.binMD5=273947303DC26B9B1D6A572DF65766E0,SHA256=9F228B63CA43D78BA7347B49579342A316E947738D52D15715E7F067B22C82B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063628Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\mainmenu.pyMD5=C7C0736D760AA8D594BE518E54E0B01C,SHA256=0306CD2E93A19C91283868AEE89635BD6375C00516B7D86F83D52CC2E161BC04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063627Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.795{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-10182016-183200-00000003-ffffffff.binMD5=C3196244842A336BE78F2073A233B768,SHA256=4E771DCC186D932710F640EF84A008D03DF938788A9537A4C2960B507AA06565,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063626Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\macosx.pyMD5=273A22C503EEFD6C3720EC7063BCC220,SHA256=30F71A4EEF049A12CD264501C40E271B83FB111B4A0DF6B57A6B1FAA24A15775,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063625Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\iomenu.pyMD5=961B395D208C67A0F2C0A963D8B430A4,SHA256=0875B09B4886EE08A61ACAEE39960C5429C18C1261577C6B0DD0C28ABF64F648,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063624Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\__init__.pyMD5=F49EA3952B75C3476165B26A8FF91067,SHA256=0B786BFC4C542B7B6D87CD4FAF7B5F196C44990D4219E41F7B88900DDF52B2A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063623Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\tkinter_testing_utils.pyMD5=45A7D8B634B59D6EA76EB579A06AF8E4,SHA256=FD23AB4162889E63C2240F324CF0CB654B49E17306D0A114CCD7D32C99E636ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063622Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_zzdummy.pyMD5=C4B8CD702C2F2E998371DB71CCE58CEB,SHA256=E7548900207274DF7B7302579D5B15F2DB80443D81DCB3619F2F36FC691DDA0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063621Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_zoomheight.pyMD5=52F237CB98FE67EA12732AB24388C08C,SHA256=2E4DA36EBE1543CFCA2531AD87053188E12764D28A8DDFEE2749800C2DF3A4BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063620Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_window.pyMD5=8796A4EE770B7E5B05C911A548AAF38D,SHA256=A05CBCC546301152A9CE43D537D6B21C2318355F33BFCC38A785FACCC8751500,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063619Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_warning.pyMD5=DDA4E251A2594D78C7CE572A488F7BDF,SHA256=2C47F4EBCDB0FA7670DF468F9E6E7808D2AA1EBCB6A37DEEBCB5FF6D4B4F3F6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063618Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_undo.pyMD5=6EE8DE74FCACA625F726D32BCAB1D3CC,SHA256=FF7DFF12D672FD67D763456EA3267077BFC8EAA6C46C1DFCD9185CC61E5615FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063617Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.777{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_tree.pyMD5=7E0F964F0DDE0952EF41052AA2506A5C,SHA256=266AD30F2F7A299A15AE7F2222568FB318276FAF74BE49F08B8B483692040931,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063616Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.774{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_tooltip.pyMD5=6B7D9233BB4566047E5D6B7D862A9908,SHA256=B2F02F500266A3EF9047F631AC8AA2596F9FA59686A691F2C2E6DB4788BB0DDA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063615Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.758{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_textview.pyMD5=76DFE6B6F8303C183DA6BA22BAD7F0FF,SHA256=06DA4E9636798407C88563A0B734B8E68E1008A48333612406DAA4D6B0EA6382,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063614Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.758{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_text.pyMD5=07BE05F26D5B2A8560B0754EA62543F6,SHA256=4FCC34200FADE62EBD63D99DE262D1EC6D1A1B116D716D87D2BBD58934EF6B6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063613Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.742{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_statusbar.pyMD5=7ABC742ED9E6EB1E3BB47E012A692B53,SHA256=D2760DA19ADD51C076B561934F8D6DFC14F2AA1459DB22EB56341A06659D33B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063612Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.742{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_stackviewer.pyMD5=99FD6FA1546E56F161FDC4C589145DD8,SHA256=F1A792DA700F21BEBD3A725FC6E721C0894EC5DDEAFDFCA6C1D3B3A99871F1CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063611Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.742{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_squeezer.pyMD5=196E0E73FFE5D2D14C81264970113914,SHA256=C3FCD3087A680837EDABD847768B4B9C9E49D07B717E8A35A6E081D00CFE5A3E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063610Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.742{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_sidebar.pyMD5=1B9DD5A47E628989A410AAA61EF36A78,SHA256=354B4B8044CDE89643E18C0EA00F4F3F8320B297D35229A36A46B305C3BD568B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063609Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.742{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_searchengine.pyMD5=2784FBD31BE29423242C6ABD3799F612,SHA256=CD1CA903CF5F79683BEA784DA0157659F0B12BACA04F5D54EA49957F2089EF5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063608Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.727{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_searchbase.pyMD5=93827D8D2682087E0803CF425ACAC7F3,SHA256=A57AAC6C593C3FBA1FD99839B0AA8B5A064143BFDF5771E356583877026DB204,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063607Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.727{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_search.pyMD5=7AA63B4AA5002DB21314F0115C86F6DF,SHA256=CEFE25B6190417849C1B47CBA06D47EC1BE2CC7740BE00D03DD8AA5D68970A7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063606Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.727{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_scrolledlist.pyMD5=D681A059805CD3913F3E68F7609F8DCB,SHA256=7B63939B3D15478A401E9496991D75BE3A7ED8A4414858A08BB277206B0620D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063605Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.727{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_runscript.pyMD5=089CF1F5A5E55A269A99C71BDDFFD89A,SHA256=C39FF558C4B3DAA525FBBBF1AA21F9DDBDF85B8EC1F8A9B70DC5B23E3F787809,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063604Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.727{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_run.pyMD5=A66C77DD9118B73CEED25CF7E40DDE02,SHA256=C6FDB83AE7B08B9A2306828D628726979C7D9B49C6A4967B62A6944A318400F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063603Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.711{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_rpc.pyMD5=E5126FFAAC83318469D687670470B909,SHA256=38E3BB1648CAB509BE226A34405F1BB6FB477EA215BF1121E08C745469FB9A0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063602Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_replace.pyMD5=646DC5C35073018DA41B1630C41DF4A2,SHA256=A39710F9F13103BCE5E9A31A4C968F26F77943E886A21EC8DB385911CF6AA959,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063601Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_redirector.pyMD5=4FD9C7E842E0FDBC4DDBCA1149080C46,SHA256=A44739A76B90077C3649192293FBCA7159CBA8A0FC88C6C09E39A92A565BDC58,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063600Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_query.pyMD5=3D7F5D30CC6AEFAAF0A69FBB3D190178,SHA256=18C9E88B30136AB683DAE039DAE45E6BBAAE36F046CFD3A0A6A6CB8F278C2C89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063599Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_pyshell.pyMD5=6016EC47319908CA883766932B6E8370,SHA256=E42604612BB73083E184CD79801B2EE7A24DD11F0BE0242E88B7CFE0F392B7EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063598Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.680{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_pyparse.pyMD5=FA8A1DD6FE8BD377B135BB048D0E2440,SHA256=232FE6760557664952185C669A444C0E16042FA28BE2D293D595214E011562A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063597Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.680{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_percolator.pyMD5=63576CF82D16BC8FE9A2DFED627956D1,SHA256=348ED04617A2937915B9C594792D5DBDB3EDAC826380DA206FD54FF1ABC556B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063596Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.680{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-10182016-182715-00000003-ffffffff.binMD5=D4ED956C7DC6A0B096E279BEF4CD70CD,SHA256=A775D30C37ECDEF2C8BAA6749A5627EE9A41AA8EE5F99A592DFC7B66F475C1F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063595Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.680{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_pathbrowser.pyMD5=CEADEED30F1A4566330E1742AFCB0635,SHA256=7396A4069A03423F2C6C5AD62D92C742D17DF0E3F2E7F66839FF111958ED1BF1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063594Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.680{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_parenmatch.pyMD5=3910EFBA558F4B99122BC2F23D96D50C,SHA256=526B6C3C0FC9DB318582F9E1AD1A00D10851BD2441F898B5CE32892524C7632C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063593Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.680{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_outwin.pyMD5=FF66A58F4B8C4866FC83025D07CEA6A7,SHA256=B493394786C8D671679142D5D708DA15764B405C247B1BB97C290DBCF192A99E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063592Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.678{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-10182016-024432-00000003-ffffffff.binMD5=6B6D1305510A7AEFAA88EF4421272F88,SHA256=CD42B30FC06D1B598AAF8EC04CBD95DB7FD33C323E374400C1095E2154DBDA88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063591Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.676{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_multicall.pyMD5=320F0D0C1BFE5CB13AD808C29AAFE634,SHA256=8B3A166FD7EDD5DA37F5FA2E7D078BAC71CF8A2D6BB51DF17878FEEBD1C5EF7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063590Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.658{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_mainmenu.pyMD5=B117A570858CB6C08AD7D14D5C25F605,SHA256=E3C6BFCCC93C9C0469BB6EAD80EE552699871AB85ECFD3002241DAE936CA7BB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063589Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.658{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-10182016-015944-00000003-ffffffff.binMD5=0937F3CEDAD31FC9747780DEE6C85E5E,SHA256=ED28207E9041BE4818EF19BF735A3156D0B41519C76496A3F5111ECE947D4C0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063588Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.658{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_macosx.pyMD5=BF484DD8323544B5D452993F81273C79,SHA256=6FBEE21ADEF8F95F9BE575F6058322D66A66775924AE594F0D9FA2E98D8D688F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063587Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.658{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_iomenu.pyMD5=1D76F328D629C89EC3973D8629894D23,SHA256=2D5452F0FB16DCA9C8A42D778CE28294CD933140B8E1EA4E3FC39193F0BA7232,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063586Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.658{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-10182016-015400-00000003-ffffffff.binMD5=1C1028251C5314809F38492E820712B4,SHA256=2F8278C1C2BB6036559CFBE89537C745C26438A9351CDFF31779A6505C1A3660,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063585Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.658{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-10122017-070831-00000003-ffffffff.binMD5=D249811490C007168C71BF3BD9B6B470,SHA256=049D3C2E1892ACEEBAACEBF2B71F6898A66EECE44F2C82EE7A5FB38A723E8359,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063584Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.658{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_hyperparser.pyMD5=A0175297E64A1D8BC5B68461F6A8BA74,SHA256=166421C087BDACE4BBF6CB1FD8B8BBA986B0DFB485762521C9A7AE5618EDC166,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063583Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_history.pyMD5=E0E7DEBE6E58F6AC0A93B3F077B57911,SHA256=CAC6C984CE34456D4AEFFF5721B8D4C6FBE76286BFBBEF8DDACF61D5D36071B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063582Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_help_about.pyMD5=EA5E8DCFDF4268586206813F6DCA174D,SHA256=2E66D1238EF46B170E15FE23CE6F184E1E5C4DBAE349E94B4FB523DC96D8637A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063581Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_help.pyMD5=10AC2CB0566838EA0332495F7B31ACAC,SHA256=062F3EBADCB361056E88895778D437729DC00926F1156FCF23F133D8E7F97FA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063580Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.577{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_grep.pyMD5=A1EC3E90E28CBABED4D204A75D9C8ABA,SHA256=18441B4F0F2095FBA843EEC48293D5ADC8D62F30A6BE843D1B37F784070ACCC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063579Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.557{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_format.pyMD5=4E36B5972CCD0230BD4287E81C933DBB,SHA256=80A2E9DFC0E7CB896B1E9BD61ABE68C6B15F74C7349E393C3AA1EB05A363651F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063578Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.557{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-10122017-070527-00000003-ffffffff.binMD5=32EF1389DA0735714C2D380BC27DBF52,SHA256=22FDC84C3CC70B5F5B2F3542F9F009F84B79A9259063BB4A7C73DB45C7906347,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063577Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.557{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_filelist.pyMD5=91C65697FD96A05EAC03EB1F52E1D0D2,SHA256=9E8240FD5B08F2CF3D5DC16E39AC19F23737FB401CCB461FBBCC99BF0F481BEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063576Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.557{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-10122017-050730-00000003-ffffffff.binMD5=63A98CD81F76A23E1EE129D74D12EA9C,SHA256=2EE804075E1BEA70872D9942682AA2607DE67126985ECA638C1FBF10C8AD70C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063575Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.557{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_editor.pyMD5=37909239E73D79551CE80158D4094970,SHA256=7749347AC6380177514F817BA7C4B2968A0C1A7A1FEE1B8A6637ACFDF6C3AEAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063574Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.542{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_editmenu.pyMD5=75AFF43E9E27B04038969E0FEB810E38,SHA256=93F790D07D34F2C80378D37BEED57FA25BB250F5812B497D34E788105EDC57AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063573Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.542{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_delegator.pyMD5=1A0F7B379699E69B58D8DFD066D6F20C,SHA256=2ACBE98D9DB036BAA7DCD46AC24B5832CF6B716C588C267365558BADA2166387,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063572Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.526{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_debugobj_r.pyMD5=E95B514D3E356580A9DED30409B9DF72,SHA256=264859E8DEFF2F9CF3F81045142A09D3BF925F350DD48DB5BA69368FAF2F29F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063571Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.511{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_debugobj.pyMD5=1A702EB784B7327D008EC269DDC30024,SHA256=24934DB59F7F4302E8C0F4078C1E9C798900474586BFE6E8777F2344E2B8B596,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063570Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.511{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_debugger_r.pyMD5=84BE645FF0B3067054C46600C0A07082,SHA256=A69802ABBB14046BE99332F24FA90ED83055CF32265239B3EF5833BA3F2C95B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063569Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.511{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_debugger.pyMD5=FA1DBA03B185094BBAD32484FFC94749,SHA256=6DF7D4F4AC8D9DA95C7D97D8CB1315D1CEF466DC935FA6A0E3EF583B659F63C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063568Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.511{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_config_key.pyMD5=0D9A47727323435B6872AB5D8D4C42DE,SHA256=230C01699B4254183078AFD49725451FC3D0DA6512DDFD8945166881E24A4B70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063567Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.511{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-10122017-045946-00000003-ffffffff.binMD5=4BE78E4BB33F46BA83D904AA4540BCAB,SHA256=5F432C29A3184BC487EC2C70BD051DBF5372D28C8C97328BB3B7C76F7B57FF6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063566Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.511{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_configdialog.pyMD5=962ABA34E965E429231673E20CA66454,SHA256=6ADDC32B43B4ECC590988BD14ADC931E7FE25AFD6C92EAC74B670C269011AC72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063565Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.495{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-10122017-045841-00000003-ffffffff.binMD5=D3BC73F3E6C92F60887AD050F0BBF7EC,SHA256=EA68956F4A552E92B835696FE6359EC644DB8EC7FE3F6C05C829C1907F9E47FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063564Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.495{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_config.pyMD5=A1F0BA742DB6756C88A9A4036B943C34,SHA256=B27B61205780D7654CE2B5A9ABDF18C72E475C49485BCC84223274DF348195FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063563Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.495{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-09132017-121629-00000003-ffffffff.binMD5=E3ADB3337EF224AB79FD3D61F34EF6E4,SHA256=6E9AEC60A86C3169E5B217AC2161C51F7F515D843B80857BAA518A231A18D5C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063562Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.479{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_colorizer.pyMD5=81F4BE0F48107993E664E8B76776D07A,SHA256=C3A3791C536A3C5DCA2F8274BA9BA38834F76D98CC6CCE15758684ED881449EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063561Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.479{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_codecontext.pyMD5=DF16484271033DC093F9C553B0578A7D,SHA256=E5D19B6CA7F2E86499F8FE61A99049C9E4A7484E6808D68D32AAD0DD58973B5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063560Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.479{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-09132017-105826-00000003-ffffffff.binMD5=709CC0DB1A24CB8B61470A1F019F0C11,SHA256=191D4B2FB1241A12720109D31AE16874A35BDE457A7A17616231DD984F2225A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063559Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.479{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_calltip_w.pyMD5=5E7A281BA1F806210C3A4FE6C467C2C2,SHA256=F3BDC45A886D5805FC30BCCA5BF893344C215F57F285FD7AB834DA3EA3A0876F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063558Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.479{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_calltip.pyMD5=79D3613BBD307A5B06D3247CC9C01669,SHA256=62740860FD0AEEA9930863317EF97385C25BD2F262E18228C85CAB59E28BF007,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063557Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.477{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_browser.pyMD5=C0D451B768E541FBFA9DBDC56400C64D,SHA256=90F26136EEC529E6766DD51156D7B7CAE76EBAC707E79C86C6C4F91D11AB453C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063556Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.475{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-09132017-104919-00000003-ffffffff.binMD5=9BDF9FA8EE16952C93119DF0CC9A36E9,SHA256=D7DE214FA13927BAF2F02847EEFEBF0A34B68941DAF3787074EB1E278E703F4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063555Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.473{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_autoexpand.pyMD5=FF2B195CA5476B7A983410F5D47E8182,SHA256=5B6866D92D66A1F70F529BC8E32C689DFDBF39C34E8A01B546371F8D92246E07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063554Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.457{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-09132017-104813-00000003-ffffffff.binMD5=9A059A2E09DB28CFA4DC77E3E69441D5,SHA256=37942AD1C4ADAA920DA3E941B131DEB2A098DE72AFEE6D70C734E33888522B5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063553Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.457{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-09122016-043636-00000003-ffffffff.binMD5=0B6AF9F8FDE7E6F50D69417E3AEE4613,SHA256=66C7343175ECF99B4409E062F88FB75E9DFDA60F7C33EBD63D45127486391C53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063552Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.457{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-09122016-043540-00000003-ffffffff.binMD5=09BEA0011CC99409283395DF3CBD091F,SHA256=18243257D4597AF9759646C621B4EC1141F03DF759772DC94F1D87AACAEB594A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063551Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.457{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_autocomplete_w.pyMD5=FFD9A24C66D7C4F486016CF002832CFC,SHA256=B8D2FA36733F7C5ABFB68BBB852DB0DE27A55142DBD888EF201B41A855D5E87F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063550Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.039{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-09122016-043451-00000003-ffffffff.binMD5=9915ED531178A1D4A8FB5D78E7E54C5D,SHA256=FB6B5E8D21F2F188C37ADB88ED7A8821DB2F5343F9A3D968A05562A0A27DAB8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063549Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.025{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\test_autocomplete.pyMD5=CDD4F817E9AF45EEE99560EC854BE463,SHA256=C6F32BC7D37B1460D136E6A974D893F4562EB2355B2CE16E6F57E7EA1E92B259,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063548Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.025{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-09122016-043403-00000003-ffffffff.binMD5=8977979A009BCFC9C8A9CB7A7F02342D,SHA256=DA63C751AEACB319AB5AB4E2EFA4B3D6614DE6861E29538E7D12C7A35075FD6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063547Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.008{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\template.pyMD5=B54C65B3CB7CF1BAE767BA77EA52762B,SHA256=C389A44988D62D4D32438A4ACB081A40F8DCF450250D4E09651D8F7BD21455F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063546Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.008{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-08092017-090032-00000003-ffffffff.binMD5=93B5E2D98A497CCC97BFA7FEAA8BB845,SHA256=8240BAE4465F4C2D3E83BB2AB3242EA1C0659BCB0A3D2AEF4F1733F43E99FEF4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063545Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.008{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\README.TXT2022-01-17 14:25:12.000 23542300x800000000000000063544Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.008{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\README.txtMD5=0B1734D435151BCCF9ED0C22E6384A7C,SHA256=279B2ED01C6AD1BF2215DB5D790C59263C79E5AC10514F3BD6FB7D50F6198863,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063543Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.993{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\mock_tk.pyMD5=C9B316FF3178F233838E6D630C076F48,SHA256=679D19C85A426A888B76CAC538A6FD7225F281234D0017C08A14305FC70ED57A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063542Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:49.993{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\idlelib\idle_test\mock_idle.pyMD5=F02E0BD4F8E9296E0EE338FB518DA4DD,SHA256=576AA5C6ED0B5A42A1474FD90D54B97C8F2D9ABB408FA5E3F3E4D374A5D427DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031925Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:50.858{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=28C62295C4CB8D78C554DB1A84118F22,SHA256=F1D660C1215803538BDDA243384B0E66B76DB0553AE1FEA8ABC37FC4B135A012,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063915Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.995{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\queue.pyMD5=CAFFD0B0AC6C6F682DAE1EC87F135D5D,SHA256=FA9EB06D061525840DB12A2CAB48417767EFCAB1181CB239BA493E8CABD7AB68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063914Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.980{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\py_compile.pyMD5=686E650CC5186DF740BB778A11376241,SHA256=BA4E5D1AC94FEC03BB7EDE8E1B7E4D56C8F165D9B3CDD130E16902D13489FCC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063913Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.980{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\pydoc_data\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063912Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.958{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\pydoc_data\topics.pyMD5=458BCF053876073F7A019119A6201A80,SHA256=9B6651D3BA1022B5A800C03B748D1942269F59F232E3D4F94683E4E8A06FFB7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063911Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.958{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\pydoc.pyMD5=4F29FD8BCB59FA1D91A48E27C6503277,SHA256=4ABCFDF716B358BE39A1B2E6F7F86928AE95CD62CD6650BCEB396FB10F16A796,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063910Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.942{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\pyclbr.pyMD5=67EDE4D94842456FA89ABA6B55AA448C,SHA256=E87683A58D47E7E7C49BD1BB83BEC01BC8EDF803DEFF289AC30C2C5FCC8DA979,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063909Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.942{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\pty.pyMD5=76D45ABE784519B8C8552EF253C46F85,SHA256=32F429813D305FA49201E761F11AFAA9D9AED79016F4980C2F01CC90AB8BA48B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063908Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.942{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\pstats.pyMD5=AF4A60C534D0E48931BF2EDDC417E6A3,SHA256=B4FA14B23529E85C3D4FD80AFAAF5AC146D9AADA1A45ECEBE2F0EFB650FD9E63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063907Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.942{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\profile.pyMD5=5B9AA68D3E57EAEA89D8183F2A0C543D,SHA256=3307B50C8E87ED3508340B455C371BFA6B148898D66FF8F0AD3D47EBF27E869E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063906Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.942{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\pprint.pyMD5=2DC4035AC114107D8B13E39958938960,SHA256=0905D7CD070A291A506B1B2CC46DADC85007C2739D9BF2F1DCDE01A9C1679821,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063905Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.927{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\posixpath.pyMD5=ED9F37FF07474A0E2C0095F443E911DE,SHA256=075401DAE4869A6AD3143D057F10E6F1FE099B143D918113EC74E820DA280972,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063904Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.927{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\poplib.pyMD5=8827240702694AD5C2A064103157245C,SHA256=FCA47328C848D2517B797C303910F363CD118D4A57EAFC699EA9BD07E3555DA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063903Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.927{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\plistlib.pyMD5=2E46331A658597767F6CFB3FDB90F247,SHA256=6E8F1C6D14DFD8A4CBF96ACC83702CFA675FD9755B26A807EA619298BDE02776,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063902Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.911{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\platform.pyMD5=F7448FF7885F041EF1FA74621F03C117,SHA256=95801E4FDE8F28A7F41397551EB417D650FA584D780029660610700114EFBAD0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063901Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.911{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\pkgutil.pyMD5=1EEEC51079475A5A1337FC8C5DF7889F,SHA256=1C97E98D400D61B3F894A1B014A1E1252EEC2F3D9A8468636A661208E4A7BD05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063900Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.911{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\pipes.pyMD5=A812BEB990E7B1DA92F3F62C529CBE61,SHA256=2C1DEC7CF7DE19B9BE20982F5EA36B3DD0601C1610AF4F07E8F8D4F987CBFCAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063899Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.911{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180711-031939-00000003-ffffffff.binMD5=9122C268F7B34A1DE189161DD6D4637D,SHA256=D0B8929B7DA4303ED0802E03ACE72E6267E3D18983202BC2347D1439500BC9F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063898Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.911{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\pickletools.pyMD5=BF481644934BC14B72C7A9CFAF9C0A2E,SHA256=D9BB042BC26DAD7A99D1A1ADB3ACEE7C3E93D8B6F5068B55D9B55B6FF3CCD620,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063897Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.898{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180711-031937-00000003-ffffffff.binMD5=37797B8356E86D9A5426D4351F709205,SHA256=74D26461EDF465918076627928334422F48AA060C5231FD4B8AFB1A1A929DBED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063896Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.898{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\pickle.pyMD5=A99A7EB9E17D661DE0516FCF60B4819D,SHA256=26582FD3645305DB18DA6BBB1B840D2F3D9A44CB74744792D79B4DE02C946F27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063895Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.898{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180711-031808-00000003-ffffffff.binMD5=7DCA0DDA2B1A4D0FB8ED4EED565C48F1,SHA256=9D53392301B427ACDF91BFE0A2ADEA15A82E4206B92A21341F4881EC300E1115,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063894Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.898{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\pdb.pyMD5=01555B7EBD81F176EA8CA6C75611AE06,SHA256=303D534BE1EC6EC6BFD2863D1653C4BE83D79C12E05CB22B8766C6CB5AF29C47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063893Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.898{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\pathlib.pyMD5=D56DF8D11714E404A1420784856D3003,SHA256=1A6C073CB1BC181484BFDC3A5632849BBD68D77B5D33EC0D3AE04B6ECFCD64A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063892Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.880{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\os.pyMD5=E654AA03EE2C56B13BA507F8D62FCC71,SHA256=06648014CCEB10F5ED3379F3B280FF2A4DD13DA8173C186591372A8D392DA881,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063891Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.880{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\optparse.pyMD5=847CC0387E4999C3B43BCE251DF2DC18,SHA256=5C46C1CCCC32E7778E3AE4F7018D4D713AAA1DBD13210506472C2E6DEE2D4F73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063890Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.878{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\operator.pyMD5=5CE128B0B666D733F0BE7DFF2DA87F7C,SHA256=4B14013B84FFE4BE36FC3A4B847006BA1182596612D2A2AB42A6E94FF990B462,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063889Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.875{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\opcode.pyMD5=456CFAE710FCF7EE289077D31D81C422,SHA256=F352006FE369806030FB7A3BD2EF770BE711AEA0C0C4B6A4D983839BF20910E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063888Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.858{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\numbers.pyMD5=65F3E26EB56DCA00C1D47285DFED6630,SHA256=23E29DB19F349709A58AD758BA4B49BA8CA767522313F7EFF103CE5F64687C6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063887Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.858{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\nturl2path.pyMD5=1E561E1AD3FE73F57D902D66C695658A,SHA256=AD86C5B0A9D8F82E9129900F69765AD079CBEF670CCFD0B463FBF608E79224AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063886Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.858{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180711-022632-00000003-ffffffff.binMD5=858CC2D0EDB2F75406EAAA0F3464A401,SHA256=0249A2CD0393011849356B28E5C5CED863D680AAB0B3BE813310496F641E4CD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063885Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.842{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ntpath.pyMD5=8F06A8F5541141ED092853ADF7B9C471,SHA256=C2D2AAE57F490786FBDED651E1220413570EB1E98FEF2C1F0BDD6A0F712400B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063884Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.842{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\nntplib.pyMD5=4D192F40E33C404168DDF0E1C27660AC,SHA256=5AE0C8F0379E3905D5A7A7DE6716C4B48DD7638D02870AFC7C5542231DE2E001,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063883Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.842{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\netrc.pyMD5=C58FE7C3FE3A0411A80C2969CC3D984F,SHA256=F25C823F35566AC08A0A16D965A2D73685A29328976E27A7B95F2EE5E90491F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063882Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.842{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\multiprocessing\__init__.pyMD5=A5340549E96CE6140AFCBD4A4AB14D5E,SHA256=8EDE1EECE1F33EE83F41D50149113271EDE6AE549451BD81A3480381D16A1965,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063881Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.827{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\multiprocessing\util.pyMD5=B086648B6BE2287BDC93B0939A8DBBC9,SHA256=743FA2E0F5BA97C8F65C890862EAC9846BBF0FA8AA1FEDA1B9C67A10F467E5C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063880Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\multiprocessing\synchronize.pyMD5=87AFD1634E8B69A3983DF79DE2D66642,SHA256=166A11D8604928E6214188EE701A7A980A1325F9A6E6FD4C4FD9282D12971FD3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063879Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\multiprocessing\spawn.pyMD5=532A6B9F68C53CDC811B59874AEC5EA9,SHA256=C62AF746537D42C31546BCA338F280B82E6C4617C21FCA88C28309B20B619048,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063878Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\multiprocessing\shared_memory.pyMD5=951F4DFAFB4F949C9ED9958B66D8BBEB,SHA256=0300F0EB94C90CC41185418CC11FB67C02578D95F0F82B46012B96456721341F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063877Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.811{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180711-022304-00000003-ffffffff.binMD5=D5D7B41B4F78F12C0C454EB71133573C,SHA256=B7977187C37C4B5F55A91FC8E713A92CFCCE176D49A820603409CD713F4F4826,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063876Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.796{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\multiprocessing\sharedctypes.pyMD5=05D8111299DE2EB02F1CB00E5B4CD8D6,SHA256=4BD32BAA2CCA0ACAD00027B800C851EEFF4B2463F2330765460A01751789272B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063875Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.796{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\multiprocessing\resource_tracker.pyMD5=8DB2A358978E0E1703E033302D88942F,SHA256=F9E01C70AA856BC45224E5A6E2959427729DEB8310213A3D831F2BFAA3A091C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063874Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.796{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180711-022004-00000003-ffffffff.binMD5=61B4A9AB5091B6810FDB616D153DD606,SHA256=6E02BA1C65E4DEA7C9C9845EC9D4D1F3A573A53D69DC48592AF0C76C190B0CD1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063873Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.796{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\multiprocessing\resource_sharer.pyMD5=E4AF137455ADA6F5E056914097586E03,SHA256=829E9F71B3A4544ED136522EC0AD921CF509B08CDCEB5C27B887409065AD3E5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063872Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\multiprocessing\reduction.pyMD5=423F27BFA3D8C2E57C22A395B5A35265,SHA256=5C902343F58B184E0071592408CABEB8DDC0622D107A325361E6546F9AA7C5DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063871Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\multiprocessing\queues.pyMD5=B8A96C52D36ACC654C24BB9770E3A092,SHA256=74C55E0F83B775500408D72B557174DBE6B497D4AE328EF8DB1511EA4DEABFAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063870Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.780{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180711-021806-00000003-ffffffff.binMD5=B1B948CC53A4BFD2BAC7C33C7FC237E3,SHA256=60286C9C7C4634666CB4B618C7FC39B339966EC325B1F6F31B719181B81FC5E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063869Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\multiprocessing\process.pyMD5=3918DC2E5DBC04AB7C21ACB736CA03A0,SHA256=302D24CCDCD0468C101269706ECB9292A95F10449238498CF8A9386873B8DAB1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063868Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.780{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180711-021105-00000003-ffffffff.binMD5=4F1B78D77C3FB72E1A5BF813C8E0C649,SHA256=3F42AFCD53E4946CF1E96EDC215EF6EBEBE83BEE6F075AA8E2A832787D8579C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063867Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\multiprocessing\popen_spawn_win32.pyMD5=8791F66370CBECAF14A9341FD53915A2,SHA256=FFE7AE1FE533B475A8B5E80527F156220F76FE1FB232E57256B09DB131E32113,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063866Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.778{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\multiprocessing\popen_spawn_posix.pyMD5=7764E6C4815A832C92EA7CDD242D64DD,SHA256=E04A50C8627EF4B8531395A56F0755B27BF91D9BA634A570DC566DFD85EAE830,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063865Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.774{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\multiprocessing\popen_forkserver.pyMD5=BE326FC3D03F6AD40F70A313E65F0D00,SHA256=101B13A3880C6EEE2B25675CD3BA318AF5AEA0ED2B3AA66C2FFDD3E4633E363D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063864Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.758{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\multiprocessing\popen_fork.pyMD5=3606E62F03A79722318311A8FCE9F670,SHA256=D7CF3E6019F6F74C305DFC103FF5B69BFBDC5EE546945D483C2380572E17AF49,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063863Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.758{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180711-021000-00000003-ffffffff.binMD5=0E4436C9D770F48C046D872225853BDF,SHA256=04F439738C49AF906D407C02374E718756FCFFD22E77A99ABA106F70BD50C19C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063862Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.758{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\multiprocessing\pool.pyMD5=9EE719B87022753120A3E593345D574E,SHA256=92110CF7522762CFE3BC6E33F09B23BE3223D16D26C3329C30977A815E9306AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063861Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.758{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\multiprocessing\managers.pyMD5=5E9104AF89E11AFF272D2D39535EAA34,SHA256=15E0861AD25AEA8971A1815B9BCA51A00A7DF8DC8531605A9755A84B746DECFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063860Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.758{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180613-083420-00000003-ffffffff.binMD5=74F0BABFF87E30C2F2B0C3910840A586,SHA256=7A6110871E6DDBEC5305CD6D3D10590527948051685E5859C177F425AC0362DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063859Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.758{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\multiprocessing\heap.pyMD5=EA49FFA8DF01C39C225C3BCBD64017E0,SHA256=6DFF70E88DC22167D78039E656567A3BC3FE350B099FA383EEF8F9E9D31187AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063858Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.743{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\multiprocessing\forkserver.pyMD5=FFD8A29E6C96570BB6CE0CA09F4CFCC6,SHA256=0D0DBE1C2088EF9D45E42AFBB39249801270A61769BB54EF13ED418939334564,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063857Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.743{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\multiprocessing\dummy\__init__.pyMD5=0C521B198A4BC36327E122DDE5CAD0B0,SHA256=D6958460A9ACAE3D80CCBAFAA8F84AEF55D51312AE102BAB4861411212F1FCEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063856Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.743{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\multiprocessing\dummy\connection.pyMD5=3C93E4CDCE761DB183CC4FE537612611,SHA256=FC1154AFDE7815BAA6DA7738498C26B07C07A02EEB908B86D2EEC10731E3F4C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063855Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.743{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\multiprocessing\context.pyMD5=79A1EC01C4878DB0B2F95910898FEFE8,SHA256=E274D9736760F6D2913707845A28161D983DC198806DF88D64B169083D351A20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063854Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.727{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\multiprocessing\connection.pyMD5=EAF654886DF902C95603913A53E07445,SHA256=4EBF26997977075F9B23835773137A3479253B72DB801639841F405672E42FB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063853Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.727{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\msilib\__init__.pyMD5=068BCD956FB3869DE3CDF4DA739DBBF3,SHA256=E39A79861E5B64D3FF0372280CA9660B3DA5A9B5334CCDFA7C2F62FA33EBE9AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063852Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.711{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\msilib\text.pyMD5=86CD362F8E1F0A9665781AD2B6690A74,SHA256=0C6D03E02CC182BF912E1207F71080D8FE222C437B6B1A612CBFBB51A159CA35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063851Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.696{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\msilib\sequence.pyMD5=A25C47A84A9C16D01AE25FD7CDF189A9,SHA256=674367D4838CA8ED301D55552C7ACD4F87397F2CF7F0DEBA6FB5C51C8ECA4155,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063850Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.696{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\msilib\schema.pyMD5=557AB5894790ED2978DE5C9D9137395C,SHA256=FBF82845488BBE29FB0D4FC5568DEF6333F35BE025ADA802BEC86D56D184AF2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063849Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.696{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\modulefinder.pyMD5=D696D103E7E451FFED860940CD1B06EA,SHA256=92C6A7B834F56549F389C9C9924C29CDF6B2BDA10B43629B0F288C6F1B55C008,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063848Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.696{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\mimetypes.pyMD5=6A7B34231E5984F759A310333BD547D6,SHA256=283EB0834026D5F63056FFBA6136A074528877C510426D7B360D5B081467E1F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063847Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.680{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\mailcap.pyMD5=A54CA6CC4F0FB10CFE23990A66BAFA56,SHA256=4BA01504478281B98ECEE75A6A9A6CB2743F1A5B63BF7EFE5B1E9C1380E42F3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063846Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.680{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\mailbox.pyMD5=6F58186862F4DD316370EB2426974AD8,SHA256=1D5A2E2D2AA10962128083F200C3188B57543F80B6D9FADA3E0DB2BD3B4A8265,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063845Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.680{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lzma.pyMD5=FACB9DDF63AA1A9A7BDA31E8B5D5D227,SHA256=DA46FA7C6C554A0705CF9A7318279B56FD5F62F71A55AC28E9579616F11129D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063844Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.678{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180613-072329-00000003-ffffffff.binMD5=D64BB168571D2A3EE871633B64C1574A,SHA256=0A993253427E124074647BA3A23A506B7B5FEFF6DA4DEECE1CBE1489F1899BCB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063843Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.658{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\logging\__init__.pyMD5=9F222062F4735817DA799B7BAFFB6328,SHA256=243C6B4F9771B35EFED3DEFB7D4905BD36B4CDA53FD8A914A09A26179E801BCF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063842Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.658{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\logging\handlers.pyMD5=4EFAF44C7A740824837567761F528060,SHA256=2C559838AB896521591E7759971C447A70C5802CEC2F9B0056E7563F39B7A21E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063841Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.642{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\logging\config.pyMD5=A71674FE8936F56A37A67F455737EF76,SHA256=1D1088827F999DFF5083759552325F080AE7EBFD68194835839DD9DB22F71ABA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063840Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.642{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\locale.pyMD5=374B0F166F2FC787BC59D71555F62378,SHA256=91C791F7C41C23A8C64026A92AB276DE5D3F2F0661430D44596054F40CFFC66B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063839Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.627{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\linecache.pyMD5=7361B144B5060C06E5BA4A889589F1BE,SHA256=7224AEC6B73E8EB8323724CD0126EF113EDE9AAA29B0A9C920F052054C4FC62C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063838Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.611{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\__main__.pyMD5=6E63E558657EDF8A52EF723F1FAB575E,SHA256=E34BC92BC4A3A20A1DCB7FBE0FF28E7888C9BC5199EC192DC0E763DD5F050D40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063837Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.596{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\__init__.pyMD5=CE03A1284283DDBD8A3F83F8A2A479E0,SHA256=1B86B47DD9046B60FABEB26A1DD686E3EFCB1359D6057E072D5FFE71BA760BFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063836Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.596{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\__main__.pyMD5=47878C074F37661118DB4F3525B2B6CB,SHA256=B4DC0B48D375647BCFAB52D235ABF7968DAF57B6BBDF325766F31CE7752D7216,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063835Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.596{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\__init__.pyMD5=37E867C194AE710682FEA90ED8EAB767,SHA256=EAC38A3A5C8857C73200B71E36906192890B1D48D619221F1F2D4B28E098B1AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063834Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\test_util.pyMD5=0072389179F00881BF8863F6495987FE,SHA256=AFF4F51F20165541536F028DA152DAB5F8BBA7B889B1BE203FE05ABAE0788558,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063833Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\test_refactor.pyMD5=0A86C4D36CDB1F9FB37CF3A8A6834F6E,SHA256=1FEC925602984A96A02416B4CB314D685DBD3BCD18798BFB968D62708A2CCC70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063832Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\test_pytree.pyMD5=056D491AED9FBA8392D9D5DF2E4FE926,SHA256=6674F36F8EEB971C92C554EE4B8CDF0E9D72579237D3F0BD64EDDE8FA573291B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063831Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\test_parser.pyMD5=F9D25E9691E03CFDC185521EA5C869BF,SHA256=0E90527BEBA38682C7AC2405423A40DB56860B82771CAEE3F19843035A167264,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063830Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.578{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\test_main.pyMD5=BB64C2A79DAAAEA9BCE53607F68860A4,SHA256=1F4F617967134B7644D9D84926A8C4ABBBAD6CC580F5A27BD866B69AD90D534D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063829Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.573{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\test_fixers.pyMD5=F9440246A4749FDB3BC459D8F2CCC506,SHA256=F30E9438FB207927B21AC6E8AFF981CE30D108653CC35CEC10F1F6050EABDF9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063828Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.558{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\test_all_fixers.pyMD5=4641AB1EDBF9A4F7E0EFE93BA5C7E4C9,SHA256=5DB69CA0028C57EB6B86471D32DEF5A98478B28E5E8282FBB1E8CD437D0F0829,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063827Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.558{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\support.pyMD5=9D6208364A4431CC90BDFC3C1B73114A,SHA256=097B70B00E1E6D95F624770BDF7F313A6B35AB3D7261C64DF279F3C87FABD2C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063826Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.558{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\pytree_idempotency.pyMD5=D4F0FB977785A0AF66E6A6FF470AA90E,SHA256=7CE2FD72D32BDC34FC496C0478F5BE378171BE2D833D6FE13B4701EC419DD978,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063825Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.542{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\data\py3_test_grammar.pyMD5=7775A6251A8D716A674328C8A8D19F34,SHA256=385FD13C1BB211F397E1DF974B4DE41BBDF6D8AEF48F72B73F2F570F5AD117D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063824Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.542{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\data\py2_test_grammar.pyMD5=B09BABA40B0F159D43B5A61F7997BB2C,SHA256=FF16DF380F7EC78472FE15D4B0E3A447E129293ED243D8F18437FA85D9232466,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063823Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.542{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\data\infinite_recursion.pyMD5=140419CB4BD0EA14FF90D67AD184F4A2,SHA256=E0D03DC31DC79492715D194C7887BC5588C0487DB477E9BA9CCF86992649E3C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063822Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.527{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\data\fixers\parrot_example.pyMD5=2D74FAA1434ABFC8654119529CAB5F98,SHA256=BA3B24F267A75AF85BF4D96DAA12BC86379D474EE5EAC94516E00D7851981D56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063821Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.527{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\data\fixers\no_fixer_cls.pyMD5=3DDF2F8661C973EFE4A6A5C076C6B952,SHA256=DB0634D26142E6CD7EB00C39D9EA25CCE5FCBD3CE478902A3A4D3DDE6EEFECA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063820Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.511{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\data\fixers\myfixes\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063819Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.511{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\data\fixers\myfixes\fix_preorder.pyMD5=B350FBDB336FDF941899FE8710377D9A,SHA256=1D49480DB8BE928298E0FFA2F8FFB73A6F3738284FE785A8903F6C2976ACC902,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063818Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.511{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\data\fixers\myfixes\fix_parrot.pyMD5=B817F6351D5BBDB45B6D183990818E5A,SHA256=B58DDCEB2582FA7FA19ED723785530749B0BEE896DEBA3E80842157CA5BF804D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063817Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.511{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\data\fixers\myfixes\fix_last.pyMD5=A66AC4ADD959F0BBC8221727B9D38F7D,SHA256=5CA463AA2E8E7F14C1A923F40158A99D4306CD5A400CC2722F6B0F29A3B5AF36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063816Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.511{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\data\fixers\myfixes\fix_first.pyMD5=8BE2A0A7C6A518E6B15D8253B9118C40,SHA256=030BFC1925543832934F8A5814F3F0E587A398C4D714D42A40F07132F56C8F49,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063815Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.495{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\data\fixers\myfixes\fix_explicit.pyMD5=B9339978074978984A62CA73F94E8F12,SHA256=8AA946B58060A2A0C6F27D94745D6D2882797CCA700B9D01B0AE228817752EAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063814Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.495{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\data\fixers\bad_order.pyMD5=BCE7D04356F9D87B40A44843BA6453C8,SHA256=5B78CD4CC067150624F40D4B9367F021F67A8AF77DBCFF2320C095F012F4681D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063813Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.495{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\data\false_encoding.pyMD5=5C048D0A6DF24579026EABECAE79EFB7,SHA256=AA3383007E7EA7CE963F6887F527467006F9A5EA72F06B955E8AAA6FDEF378C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063812Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.495{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180613-062833-00000003-ffffffff.binMD5=D98135FDD5E69E777D33246ED75D78EE,SHA256=90DCF804EA3B42CFADEAC0DEB6095FBE76EDA900C7855A2F15031DE721697B34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063811Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.495{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\data\different_encoding.pyMD5=FD672E527255A639A5F6085EC2FD5A98,SHA256=9714115EB264736B9539E983229F1BA39DECA43378754B62E3577EE233314335,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063810Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.480{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180613-062830-00000003-ffffffff.binMD5=052F70C4F612A0FB21EF5651BAE0D25C,SHA256=3671DC6C7F7555E8654C28DB85CDF293B73B4A2D6772A301CE984EA383ED14F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063809Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.477{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180613-062445-00000003-ffffffff.binMD5=FAF5AB66EFA8C827BD0511726D3CB037,SHA256=8FAB8C3E1BD3E0CF1FF826571AD74A4A965F2BDCEF9A2A342A46E874C43238D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063808Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.458{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\data\crlf.pyMD5=B7476586672E89430721782B7C816F98,SHA256=D910AD886333ABF3664A4FB4290D3B81307A16C6D9CA14356B3644A9AAE6E714,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063807Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.458{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\tests\data\bom.pyMD5=54712A305F03990006AEC0438BC61BD4,SHA256=D713C13AE829CACEA6D56417E7E602B21F7CAB3A461CA9B5280D1C163F986B8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063806Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.458{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180613-053000-00000003-ffffffff.binMD5=7A482733CA6808AA45108F97B87652D3,SHA256=4508D5246A443F01F4BB3407DA2FFDB4BCF8D256D0106669FDB27CE829C1D813,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063805Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.442{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\refactor.pyMD5=A454FCF9AAB941F07B40A7BB0C7565E6,SHA256=45D1539FE02B2386E8B1AF0198576365F597AE55C5C96A5D418A67100FF4822D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063804Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.442{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\pytree.pyMD5=87FBC9678EAFF35FAD91DA16278F8A82,SHA256=168987E892008A21115D54F74AB0BDE50AB2B138D2CBAF708CD42D81BE91C250,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063803Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.442{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180613-052641-00000003-ffffffff.binMD5=1111CD4DDADAB69D436B3EB8E0018B6D,SHA256=8B5F23E02881A2C17B4D22B474238973C383962E72614EC2A9EF69CF10D32E68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063802Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.427{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\pygram.pyMD5=9E1674673591A94A97BB3EB7D2713F41,SHA256=63F1390D71D871E1C6FA009CA822B6B7F9EADB09924146FA3C384056B013AC83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063801Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.427{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\pgen2\__init__.pyMD5=645D7D4EB7CDD04995309D0EC18DD60C,SHA256=CFC35E9AD36D01A201A1C3CC97468C2E0C5A40C79DB0A392FDD395032F1CDD32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063800Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.427{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180613-052308-00000003-ffffffff.binMD5=2205BCBF6BB0983F1CFE0AD7B5D2BA9E,SHA256=847F0A018F727E2350F3F5ACA56359A9706B906EDCD7283B9109B5E744D2D04C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063799Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.427{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\pgen2\tokenize.pyMD5=AD467CE925CD12C1388F0A26B8ECB333,SHA256=CA0368766938A9E43F2050718411DEEB63DA2397A7C995EADA6B287BCAE9D04B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063798Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.427{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180613-051539-00000003-ffffffff.binMD5=1B409BD26FEBA4C20464C88DD8A45481,SHA256=F85AADB1C81C4E0C7B8D56B9FC8C95B05310ED19AF6EDBEF7905D887E93154C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063797Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.411{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\pgen2\token.pyMD5=4CDF2E3E307B2F84A17357910FFA01B1,SHA256=8DAC0AA08EE14E6663AE147A6A5DB99E5857AF27E1427BC420DA423F1168072E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063796Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.411{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\pgen2\pgen.pyMD5=CB0C432C450E8227E320EB0364C4DD3C,SHA256=0B8B22578442FD5CDD35530E7345E6991CBD0C8E4167BE7A921AC3763E7113DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063795Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.411{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\pgen2\parse.pyMD5=72EFC9D8D5827F60D46F99A12DAAEEC1,SHA256=146331E38A725B2DA2FBC156EC001437C8CCA1E176CFF9DA0FDD17F64C0CF181,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063794Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.395{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180613-051431-00000003-ffffffff.binMD5=6CEDC0A798788EDFF7654096CB26737A,SHA256=2E7E31CB9C1C915E9A5D8A6E15795DA290F6B31988EC22C57790D48729B2EB06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063793Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.395{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180509-035754-00000003-ffffffff.binMD5=CF1AC05EFAC518E213BD1BB08C17430E,SHA256=C295DFD181F966D07F3DFB7BA76B8AC5E476A9BC626CBF91D935D5029F5AC098,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063792Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.380{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\pgen2\literals.pyMD5=45927F68C20AAB3037D7653975E2BC55,SHA256=211244D439917987BFA75775D05279F4BED092438E2181C03BF546DA7A76EE47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063791Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.380{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\pgen2\grammar.pyMD5=C48E533D198F67DA171B36964C542C48,SHA256=405979A74B79D49D6B68DB26670D6A67545448C221C646029F566CD1CCEF3569,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063790Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.380{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\pgen2\driver.pyMD5=80F4932B022C77F3E829C6731C13C4C3,SHA256=7F6DF6637984B8AFEE4C8510AD6FB8D7E20A7D257B1E73BDE24F38EA0CD5110F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063789Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.380{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\pgen2\conv.pyMD5=F3D7DA02C18A59DD7B536C6B9453A176,SHA256=D35C326723B3A0A09D8E9BD10FEAF4FC0DD13589528BE1FDC818AD8D2E0E612F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063788Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.358{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\PatternGrammar.TXT2022-01-17 14:25:12.000 23542300x800000000000000063787Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.358{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\PatternGrammar.txtMD5=979BF0985B9B796D53C07BE40F02B132,SHA256=9BAC1F5A4EF2DFE428DF9AFBECD59D250EFC5CBD42A93FCF9B4C6BE9E08E7693,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063786Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.358{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\patcomp.pyMD5=20406E95256D4ADCC8128179C53EB99C,SHA256=68102FE52F65581C9C3EEBEA52BC1912710466D5FED1F5A9DA4CF5AE08E49AF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063785Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.358{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\main.pyMD5=10ACB3755E6CFD1EAB2851987AFF6C24,SHA256=0CC7B32F9F1A5B9C8400E97248FCAAAFF55BA729F34775B47FA322D0A4882F4D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063784Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.358{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\Grammar.TXT2022-01-17 14:25:12.000 23542300x800000000000000063783Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.344{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\Grammar.txtMD5=0A88C3B5566AED4547D21C95E38A8A85,SHA256=6688247A4ADB2B38F18EF1C293482A394FA7E041110131F5F515A966C41E0490,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063782Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.344{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\__init__.pyMD5=3D02598F327C3159A8BE45FD28DAAC9B,SHA256=B36AE7DA13E8CAFA693B64B57C6AFC4511DA2F9BBC10D0AC03667FCA0F288214,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063781Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.344{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_zip.pyMD5=730BF702C5BAA2B535836FBAD55371D7,SHA256=5CFC37D044160C03D5E957031B4097C40EE59AB1B50FF3BD1DF3A12E648FC77B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063780Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.344{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_xreadlines.pyMD5=CA40B8E545DDB024A00A87B5387487D2,SHA256=AF358006155E5575577F216AB7D4A06C2EE8639466360A918545CDF748106288,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063779Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.327{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_xrange.pyMD5=49AA616B89E6FFB5138DB169285C2B32,SHA256=C2AEE5C6F03FF89E46C8DFAA18C5A47E1D935CC822CF6A74D54FC950C465C353,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063778Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.327{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_ws_comma.pyMD5=CDC500CF69839A32B1BA8FD183097EAD,SHA256=7F1A6D62CA48A22669BE98766A4C7ED670DF01EFBABB1EC4E5BC71022C88FD94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063777Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.327{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_urllib.pyMD5=AE6F7EBD8B3B4180B2579A9B2E1BAC65,SHA256=63C89FA9E60B006926CBF353BF319646AFFC9F1382713881959E532FB94B85F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063776Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.327{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_unicode.pyMD5=6689501B2D7B6AEB4A5206FF95A2021F,SHA256=18313E149C2306FB0C9DB833EEC6F86A16A103A565DF4B0E45AE49A4FFA00AF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063775Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.327{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_types.pyMD5=5F85F434AB8E223EB2CDF0D35CC104F8,SHA256=E60463C75E338B466C489756ED269554950A8A41E103190422D3CF9CF2DBBC4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063774Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.311{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_tuple_params.pyMD5=8518D2021497FB736D96578C438C2DB7,SHA256=5CD38A9653B73E0E6D4EEC3E597029E124BD4FF708D13B8B23500BDFAA1CE1E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063773Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.311{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_throw.pyMD5=CB4D9B7CBD9BA08D3AB0958E548561E4,SHA256=6B44ACE7653328E3598A0AF03C55005DB15719328BF5C00F9B9F66E7EBDF6F01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063772Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.311{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_sys_exc.pyMD5=4096CF2AE2BB0E38944E31BEF2112299,SHA256=79ACE20B3CA95643EDF00EE3547E16AB7811E382CDA395ADD3052EC721BB5262,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063771Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.311{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180509-030836-00000003-ffffffff.binMD5=518989F6F145D9FF856860B0F20DCB3F,SHA256=19F67F05AE40B9EE0B546820953B540C2E432929AEB67E0E436156EFFA897A11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063770Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.295{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_standarderror.pyMD5=D7BE8B7F1AB9ED5A643246FD6C38CA1D,SHA256=FE2FE587D984783BA39D5555CBA67B7C8D3E7D14A600679C394DDD93A5BBD0F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063769Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.295{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_set_literal.pyMD5=DB13BE262965E1BD5FAC3E13AEB6F233,SHA256=C0CC557A8A4529F796C54B3AFEAA91746189D264E1342D9699A703867D96B49E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063768Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.295{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D626674BF002FB1D026BE875B04723A3,SHA256=3C626FFDFF68B656E60035F5FA0A00E1D96EBC903783E7CF227418DE04A1F264,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063767Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.295{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_repr.pyMD5=3044F5225ADEE0D00642357A4937C0AA,SHA256=32B21DB4F3B49EC4F3934E37B254DE1F581CE7D50F11CBC147E3FD196068A9B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063766Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.280{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_renames.pyMD5=D52724D8F1A816ACDE23227D724E7B1E,SHA256=10874F6AB33FDE228A8E040580D1DE657E3C4B463CA44C96BAAB6FEBE76F03EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063765Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.280{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_reload.pyMD5=A687B28CE6067F36BC472D0EF4CBF94B,SHA256=5EA04F238824758779B96174C74B0A0092451F24CDEF7749D3A4CF645457DD46,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063764Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.280{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_reduce.pyMD5=50CA33C24BEAD7223AE6A23D9A8C0A5E,SHA256=D477D21B26EBB721D14F2E61754F7FF7578D5E4066CEB4E714F2357FABE42BAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063763Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.275{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_raw_input.pyMD5=7565940B6C1175DBE4309E392CD969D6,SHA256=9A94784036C068D0A2B350275816DD9A3B84BA1E702F5CA88D261022A081964F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063762Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.258{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_raise.pyMD5=2EC2D255B88D4FFC7FC70B43C75BBD9F,SHA256=2C0076FBBCAD7C22D274C589176963229128AF3F2E02A24AACE074A8A0B6520A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063761Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.258{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_print.pyMD5=BC1CA8DA445CF8BD3E72E7B8460F8974,SHA256=949A3E543C1B2C54FB12E946B6D3495EEB18658BE4FC6DD63BE0478BA3D91017,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063760Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.258{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_paren.pyMD5=DAD3A6A8DAE9FF09B2B84F44AC58EB38,SHA256=52E4FB86C90685BDF090687C2EFD51D48C3A6DDA7CDF9D6614EA404389954836,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063759Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.258{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_operator.pyMD5=63FE89A8A5728B6BEA35DFB07101C4B6,SHA256=E0DE6D510BA21D4CDC1CF95FB1653860DB56536F1581D42A70B3FF970CE6707E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063758Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.242{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_numliterals.pyMD5=A2E9362D8DA7391A0BD98226C6C39FD4,SHA256=3E03F3D04B8E48C5A1D11BCC4EA852E55158964C5F560FB0A1AAD030ABAED9F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063757Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.242{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180509-030634-00000003-ffffffff.binMD5=C0FA0686CE087BD24A9453D2EA4A4DD6,SHA256=200D88EBA4A82E734DF7F5977463BE9D97F2FAE92BED9D7268F83613F83F3857,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063756Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.242{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_nonzero.pyMD5=2A8DE1B52E76AA90420A495FBFE4404E,SHA256=47B5E21AE3F78C75BF68ABBF208DF08F2983227D26A3C971A5900F64227FAD15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063755Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.242{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180509-030250-00000003-ffffffff.binMD5=3110074677F6FBA15D7EE7A52D877F75,SHA256=1DA102D3E2497201906501AD64454E2D104AF020F08C535D043496F929698678,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063754Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.227{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_next.pyMD5=30F62F9532BB5773680FE1B9CEFC0073,SHA256=48734127883EECE0F8F0E06D7623352CAE78F44934FECAB4121699970009DED1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063753Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.227{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180509-030247-00000003-ffffffff.binMD5=9EBE55CE6FF5A9D68E7B751402BE1935,SHA256=87BE77D2A21C54D157A0333CBAD9E8B634BC90C045D49BA0F4F6A52ACAECAD05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063752Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.211{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-12142016-181714-00000003-ffffffff.binMD5=DC7F9802925E599A427D0A00BE1A6EE6,SHA256=D43037A0E594855E53D313A4D6CBB7A66C012B79C87F947E3DC48BC7A2C73E29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063751Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.211{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_ne.pyMD5=E70C6A7B1BCBD5832746838464A19403,SHA256=50835FCC0BD6927339D35266DE5BED171F5DE1B91C693DCFAE6AAC7C1B50DBC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063750Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.211{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-12142016-181500-00000003-ffffffff.binMD5=738739E4771AB4F09E72004D773912B9,SHA256=6A0B87581A5C54D702CAE61AA86947AB5DD04491F4B89CE29897F4E4A0BC8FB4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063749Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.211{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_methodattrs.pyMD5=6EE92ACAF5A0A3B4C54AEF77F235A25D,SHA256=2B9EDB6FBF2EC9BC25C8FD5DD77B9A63DEEA5F052D05B91081E51097B8490D1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063748Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.195{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_metaclass.pyMD5=37FAB77A76D8F7006A5F63C7504A02D7,SHA256=49A612E8252B4C305C5238D1DEBFF68D6F1A76B3AFBEE39901541E0D70C090FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063747Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.195{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-12142016-173946-00000003-ffffffff.binMD5=27A3D03A6A0455E69296503D7CE237D9,SHA256=0806E3CB9D47324A45042BB8EBFD8424CBC61A6F1F58ABF126C6E1B2B3A2CA80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063746Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.195{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_map.pyMD5=8FBFFA5C38F7010AFE964C52735A2C02,SHA256=E6C0058DACF58333F767364CD740B940A4FF0F322DCB76A87BFEFE1D0BB135C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063745Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.195{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_long.pyMD5=9A80F098043577F51C528811154D8769,SHA256=DC68C8F34C0C667763B029394F47F5B248216F8D75130489C6065D46CACE307F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063744Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.195{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-12142016-173524-00000003-ffffffff.binMD5=EB5BCDD8ADDD9437C10B5DC0B24A6498,SHA256=A18AFE7CCE48D888359FC1B75EAB1613098DC7A8CE8995B09870F1B10FAB7DA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063743Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.180{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-12132017-224010-00000003-ffffffff.binMD5=37BB9DAE53595D373C3742A762592117,SHA256=998A2133AA19EBDBFB71611D6D4678421ED2550359850EFB8FE18FFA29CDFD9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063742Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.180{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_itertools_imports.pyMD5=DE7305EDFA2A0C2CF5063EA3A0ACA65D,SHA256=D45ED56241F16A6D64124394AD9A8DCE834755E490FEA1644DC09B45F1FF0CF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063741Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.180{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_itertools.pyMD5=77AE5C884C1845BF0ADCDFE5FCD881BD,SHA256=BFCDF64E2DB7AE031BBB5927D41802B8AC51D2D59D425E8DD0841BE451B24E0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063740Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.180{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_isinstance.pyMD5=CB764F2D832EEE9411484C6672CB4A05,SHA256=6783F95FE41C83F0A1114FC73023B66899A09EF403ED6C21888254B520822E6B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063739Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.180{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-12132017-210244-00000003-ffffffff.binMD5=73A9F298EBC41FE3754EEAC192B277A8,SHA256=7D0650437A36777E3A3599D2A27E009ECECAD8A95EBC9D8B096952990B6C67D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063738Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.177{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_intern.pyMD5=0A212E127D51D01ED6B972D17158D82D,SHA256=1457F78F5CF13C87FC6655F0AE8C322C7F155F0BB28389ED1A1881EFB487988E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063737Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.174{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_input.pyMD5=5F6CE237BFD734213DD840F0AC5ED508,SHA256=4F45711C6E4809F87C66E39F68B436EC22B713F96EF73E263CEA8F585DCE0953,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063736Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.158{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_imports2.pyMD5=514CA896E60CDE44AB159F1DEDB305D7,SHA256=7A30CD499DA0B2C9D9E8313D8A1E30FE49A8DF4534DD718EFA997197EA90EE2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063735Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.158{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_imports.pyMD5=D5DF3DFC5C775B0406A702AA4A488A89,SHA256=9BFDF0AA34516D0728BCB2F4BED0BA8E8B37E88C7E9C1E9093DB40B97BA3FD72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063734Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.142{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_import.pyMD5=EAAB967744118AE445A60A9C6DB32C46,SHA256=FB0B8A86D1473A869CA50D0838A5145239049B26EA3E7A902C8E077CC440F2D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063733Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.142{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_idioms.pyMD5=B37F4AFABA1068B6EED89E48BC2A5DF3,SHA256=9E8A4E017BE549D8A24CE13C9EAD3D41E6B115619E991C66075AE90CAB786EC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063732Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.127{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_has_key.pyMD5=59C92EFC8F63081D7A0A26CED2394B63,SHA256=14625002DC3F848DBE0A284085D29AC89DCA62C567D8C15B69169D84552F09C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063731Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.127{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_getcwdu.pyMD5=C5F7B6D234F7A18411EC7C4C72C0D47E,SHA256=BBDCFDBC1371229CC2CB539F8FEEC26D85B218ECA8D35EE198024E23852F732C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063730Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.111{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-12132017-205652-00000003-ffffffff.binMD5=5547DA268C3E826D728FD9874B8FA7FC,SHA256=F6472A957EEBA682FC185F764D088AA81B33852FA8474FAF5C28A492E4E62196,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063729Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.111{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_future.pyMD5=DBC82D42D486845227C943DFBC95AA6D,SHA256=B874701B6F1B01632F9AF2CD146646E947344D651F05792D3C64F30B4B733A0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063728Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.111{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-12132017-205548-00000003-ffffffff.binMD5=BD698502D2ABADBA7C8D8490FA9CA67F,SHA256=0A238BF5668D1E349DD762DD7FDC23A3A4F0D391BBB112EF91F1A0A281E9DFA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063727Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.111{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_funcattrs.pyMD5=F1C287409A4DAB2D550A115A6FDE0DB8,SHA256=A822F3CB97254F2372FB53ADC912E57FA08A4B3B8098527D4A701D3A9B306492,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063726Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.097{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-11302017-224229-00000003-ffffffff.binMD5=A182190F61F21FD2FC8E65EA6C86A05F,SHA256=D8C58FD156FE549B14B518CD23F68F684363FCC15477F50394CC8F00E2930B3B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063725Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.097{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_filter.pyMD5=7F6AB4B8D8DAF02D51B6F21FD835D53A,SHA256=175BDAD98D2FB8F3C7217155D314DD66FB1E0D3E7A0B73C8733FDA922B0E559B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063724Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.097{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_exitfunc.pyMD5=558A89B212EB235263F4ADDF07897F17,SHA256=944D48B6D4AA4A6D4BFCD2931D46344E4BDF4285DF1BBFDA74A8A0B2D6EF0F7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063723Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.097{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-11302017-224110-00000003-ffffffff.binMD5=2B20CA6B63361B46AF05C174EAE738C3,SHA256=771786D8ADDB05B4C849D3EA86B9B1585BB1EB896E8DCB92D41A61666920D12B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063722Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.097{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-11242016-001636-00000003-ffffffff.binMD5=0978F08A35EF0BBD7482F0AB102BA86D,SHA256=AE05D4EBB85CA8404192F7018D9E19F0C990FE49107CDD3F5D1A28AF18E69997,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063721Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.097{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_execfile.pyMD5=1DDFDA0FF5CBA9283845C739A1E50010,SHA256=6FEDF5B70115D815D633724FB03271A080ECDD7D9D197CA8246C62709EA3FDA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063720Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.080{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-11242016-001024-00000003-ffffffff.binMD5=D8698EAF7E83D33E80F10398E6EA1DDA,SHA256=D35A8E1089DDD4202874D35F6DAF4471EA9CAE662B9659EAE24D17B60319B27F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063719Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.080{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_exec.pyMD5=22B9FA2E21E470ACFEC1FFE4F3A7ED43,SHA256=C0FF0849F6A1FB671A829BB951BD4497E5E9557191FF429F49F0AA46D1151DD6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063718Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.080{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_except.pyMD5=812E7FC2F7BDD76D5408D27A6F0B7F83,SHA256=15702617A53D58BB27D25CD282BBF257B45E178BAD4737B3BA8C82575872A3C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063717Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.079{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_dict.pyMD5=02638EDE38CAE4D2903533AFD10BED2B,SHA256=88E4D802FA886DB68A999D5520A9B71B24B16B8C0E8414E93C1ACA703971373E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063716Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.075{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_buffer.pyMD5=ACFAFDF61B0554E56264EA2082C103CD,SHA256=8F549781E6C39F1550D8A0ECF2AF6A1DC9E90B56BF3AAD8D77172AD732C8A0BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063715Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.058{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_basestring.pyMD5=983D120325531C2CD802B6B3BC62A360,SHA256=B37496E760810DB956513444A71894773D331C99CA6469D7879D2FD0A95502E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063714Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.058{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_asserts.pyMD5=7E1972403A0498C5AC3D91DDA3B99773,SHA256=F26C79304FF9BE6CF45BC163772739FE65C14425F9931B56BDB6F4B26D4A901C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063713Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.058{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixes\fix_apply.pyMD5=C402408DE85D707022B0910BA6E326E8,SHA256=376D428ACB3067E0514E7C32D54F71BB2FBB806DD202583E97EFC16FB00B3E46,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063712Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.058{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixer_util.pyMD5=09E8FFF7E6AF7C2CFFE608EC2985A7B6,SHA256=13F97833E856E26B7E77D1051D7E75B7971CE4996F05BFCCAA146C98C8732A49,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063711Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.042{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\fixer_base.pyMD5=41D14A8EA6887DF17A9CAA4E37C9AD98,SHA256=1195366080AE5114EF41253B9FF6AF99A75555FF0764BEAF390FF89213D94FC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063710Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.042{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\btm_utils.pyMD5=69E6E0013ACBBB1E23C81CEF029D079D,SHA256=C7148025EFD757D8EFA8148ED5A229CAE7F67B2845A46561E9302AC59ACC3DB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063709Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.042{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\lib2to3\btm_matcher.pyMD5=9FEAF597DF4589DAF018E8A4D9DE23AA,SHA256=344AE77CA1E51F6919D34884B6CDD64849DDE851ECBF9F4D9EFC8C772545977B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063708Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.042{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\keyword.pyMD5=DC5106AABD333F8073FFBF67D63F1DEE,SHA256=EBD724ED7E01CE97ECB3A6B296001FA4395BB48161658468855B43CFF0E6EEBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063707Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.042{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\json\__init__.pyMD5=9E174AB59527CC3A4698ECDC5A67923B,SHA256=B149B42F7944588DA87747A485B09D2C43FD0ECDC98E0EE575165C47A30B587D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063706Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.027{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-11242016-000542-00000003-ffffffff.binMD5=399C5EA4744F7092704271A821DB47A8,SHA256=56A1C3A7AA10157EBCD4AED15A6F95A171D36C10127A20B51AF4CDDA521B0CC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063705Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.027{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\json\tool.pyMD5=04BB41005A34A0439354779391919F36,SHA256=E4940A58DC30B05A4D66ABCE80C8FF52712BD9EAAAAF50B526ECCB49185950D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063704Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.027{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-11172017-220559-00000003-ffffffff.binMD5=CB89567BB8B1122D144C847C97E798A0,SHA256=545E1ACD4B2E826440B56F1DE75246A13F0E93B006BB75DEBEB9C3255B3CFBFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063703Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.027{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\json\scanner.pyMD5=83EDC258CA5D89378BC86FE790CBF1B7,SHA256=9841566FB17315EBDD40A1CA9CB214F02CDE7171B187D4DC821C80120EA853C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063702Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.027{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\json\encoder.pyMD5=724522460172CBDC8CDE8EC4FEC80DAF,SHA256=B3697BA518E29EC2B307463858CEF8B20D6703CDC8496783B0380B9BAB749C8D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063701Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.027{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\json\decoder.pyMD5=597A5F7B2F2E7E08EAFD6960409DE0B6,SHA256=166898917CC796859421929B821AAD3040E6E19C973F197BCE4741F75381F6D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063700Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.027{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ipaddress.pyMD5=472A5CAC96F7E0C2A9976421D25C9E32,SHA256=FD17FE3BCF66A03F1AD96F85A9FD7BCC118D18C50A3245F273764EAEE662B4C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063699Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.011{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\io.pyMD5=99710B1A7D4045B9334F8FC11B084A40,SHA256=FE91B067FD544381FCD4F3DF53272C8C40885C1811AC2165FD6686623261BC5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063698Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.011{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\inspect.pyMD5=0C36D1C13B6A288047DD548E7783B429,SHA256=ACA453C48E0BFC279D0E1C6A85BF0E7E2F70AF99D6614D0A59AF87B6C037A2A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063697Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.011{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\importlib\__init__.pyMD5=DBE317F92FE33213AA2410A2479B9C54,SHA256=6D4AB4726790393388B483A56966276861EB3353731646572774FFA90B68289E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063696Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.011{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\importlib\_common.pyMD5=49C0DFB6A567585B97CDB254DEBA08DC,SHA256=8F21A1DA4CEAEEEA7DCEC82064FC39E55405B85C6115A30E9DC28906439079D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063695Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.996{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\importlib\_bootstrap_external.pyMD5=C61ECAEDE4DB1D8F4057F61A989CFEDC,SHA256=5E660A264082C150E59A7EB94163FE743434BDA33886D8AA18B560047E804CA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063694Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.996{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\importlib\_bootstrap.pyMD5=03A827AAC6D6D4EBEA01D384EAA30F32,SHA256=B300CE18C15FD539F099883AEDC24B1A91E5C35B581EFDBB9E21D638A4EC82E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063693Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:50.996{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\importlib\_adapters.pyMD5=5C775988B17A8E77726D985B2FE1284C,SHA256=F338A91DEEF0B819B408D7BAEA338D637B817A69B3270A6608ACF79EF9ED700A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031927Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:51.920{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=272A6580E11EAD513A20C1A1A738852E,SHA256=3C4233F3FB0084BC3ACE32A032184900C14B090B33DE87619CA635BC1B188155,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031926Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:48.965{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51389-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000064139Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.984{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\langthaimodel.pyMD5=7B14988C1B61A9D8D8521C28C3498F53,SHA256=475C171E750CB5E8E9C342671FF24EF177586AC304EB08D5AA9D733FB4CA2E08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064138Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.984{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\langrussianmodel.pyMD5=0430BB5F2497C1F5E35E529A605B0E0D,SHA256=4C7A893A14B189341C1DBA03352739CA87DCDA4A175D01471728EDCAE9ED51F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064137Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.979{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\langhungarianmodel.pyMD5=2266FEED3AD586A6C14A438FE85A901F,SHA256=46D247EC365DB26687AB22B8E8A9269E4E70407889C093CF252AAA225A5E6517,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064136Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.963{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\langhebrewmodel.pyMD5=E65D36A1D33A173B691E6EAE1B971E22,SHA256=0F33CFE933C61BFF8F57BB6AB29BBF77C76EB9EAA6EEE37EE5E434687530D468,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064135Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.947{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\langgreekmodel.pyMD5=56D896E03A51D54AAC81505EBAA3DE15,SHA256=4BEB8D4358A10BBE72841BD2BB1DB880B159BF743272D3300BA3B12C9757F9BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064134Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.947{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180916-185626-00000003-ffffffff.binMD5=69FCBCC7666823491BFA644A7C2D13FB,SHA256=BB60987797890597694090D11CB680F1F35F96709E031BF3E5190E453F0A3767,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064133Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.931{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\langbulgarianmodel.pyMD5=80E704637776BF1A6B28E20CE272FB0F,SHA256=AE4F42269BB13B46CE6DBA0972FEA03605AEA2C61999DF2A10476CE72EC34BF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064132Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.931{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\jpcntx.pyMD5=09BDB0C4F23A05CFEEB4F498F8B19D96,SHA256=3D894DA915104FC2CCDDC4F91661C63F48A2B1C1654D6103F763002EF06E9E0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064131Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.916{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\jisfreq.pyMD5=34BE526E85A890AF4C0C38DF38D56B71,SHA256=BE9989BF606ED09F209CC5513C730579F4D1BE8FE16B59ABC8B8A0F0207080E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064130Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.916{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\hebrewprober.pyMD5=EE487DF69E219E2AF034E50ED27F6E99,SHA256=737499F8AEE1BF2CC663A251019C4983027FB144BD93459892F318D34601605A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064129Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.900{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\gb2312prober.pyMD5=E9B4EABD5CDA31D434F10B7299B4B47E,SHA256=806BC85A2F568438C4FB14171EF348CAB9CBBC46CC01883251267AE4751FCA5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064128Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.900{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\gb2312freq.pyMD5=855D0A3B3FE3F931EB7D4A3F77E9F349,SHA256=257F25B3078A2E69C2C2693C507110B0B824AFFACFFE411BBE2BC2E2A3CEAE57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064127Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.900{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\euctwprober.pyMD5=BA6A1374A470177EC21C4E1528E23F5B,SHA256=D77A7A10FE3245AC6A9CFE221EDC47389E91DB3C47AB5FE6F214D18F3559F797,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064126Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.900{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\euctwfreq.pyMD5=F22F9B84302F594271169463DF2C2ADC,SHA256=368D56C9DB853A00795484D403B3CBC82E6825137347231B07168A235975E8C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064125Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.900{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180916-185355-00000003-ffffffff.binMD5=A29DF6210952C5F2918CDA4D1A8372CC,SHA256=35B7CA7FDA50841749E7A3A578B0C8D8E275DB79963B38592302CBCF0DE552A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064124Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.885{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\euckrprober.pyMD5=35C9C358A1F2554B15382675B680CB38,SHA256=32A14C4D05F15B81DBCC8A59F652831C1DC637C48FE328877A74E67FC83F3F16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064123Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.885{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\euckrfreq.pyMD5=FC74D266C33CB05F1ECD53EC517EC462,SHA256=FBB19D9AF8167B3E3E78EE12B97A5AEED0620E2E6F45743C5AF74503355A49FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064122Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.885{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\eucjpprober.pyMD5=7FCBC25522B5FB00AD88D12E86022F16,SHA256=883F09769D084918E08E254DEDFD1EF3119E409E46336A1E675740F276D2794C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064121Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.881{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\escsm.pyMD5=9C3BAAFEFA516EA1EEFCB03593C8CB1D,SHA256=46E5E580DBD32036AB9DDBE594D0A4E56641229742C50D2471DF4402EC5487CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064120Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.876{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\escprober.pyMD5=A43AE497CCD0D98F53E4F2E7EF5250E2,SHA256=924CAA560D58C370C8380309D9B765C9081415086E1C05BC7541AC913A0D5927,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064119Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.860{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\enums.pyMD5=754EAD831ACB9BA0C2E768243ADA5DA2,SHA256=0229B075BF5AB357492996853541F63A158854155DE9990927F58AE6C358F1C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064118Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.860{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\cp949prober.pyMD5=EAC9F36E937956F46F3E4C37F9CD7D76,SHA256=4D9E37E105FCCF306C9D4BCBFFCC26E004154D9D9992A10440BFE5370F5FF68C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064117Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.860{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\compat.pyMD5=EBCC3FE46560E1E5C7CA6E347780A828,SHA256=E34CEBEB0202670927C72B8B18670838FCAF7BC0D379B0426DBBEDB6F9E6A794,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064116Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.860{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\codingstatemachine.pyMD5=33C5E712BAD7523F996BFA09D85EB5BF,SHA256=558A7FE9CCB2922E6C1E05C34999D75B8AB5A1E94773772EF40C904D7EEEBA0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064115Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.844{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\cli\__init__.pyMD5=68B329DA9893E34099C7D8AD5CB9C940,SHA256=01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x0a 23542300x800000000000000064114Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.844{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180916-185126-00000003-ffffffff.binMD5=945CB8A9AD01B2418BF87B6D1DFA2BE2,SHA256=B2C9436D861ED113E17934AFC0D11F8B9DCCDA7BE0C74DE755AEBE507709CFF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064113Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.844{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\cli\chardetect.pyMD5=1DA8C6E9F7C2CFFDEFB63F210AE88B54,SHA256=5CAE73AA3506D9AE3ECBA78B1D9F13858729E96594ADD96610BC4DCA971CD921,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064112Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.844{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\charsetprober.pyMD5=A257430E4394E805107C519BA417C3D4,SHA256=2929B0244AE3CA9CA3D1B459982E45E5E33B73C61080B6088D95E29ED64DB2D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064111Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.844{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180916-184759-00000003-ffffffff.binMD5=D67DE0BE38DEC402CD586842C2A94586,SHA256=DDDDCBA4740522D56737588AE51F436C3B3B9DEB34D1748131BA9AB78DE0B769,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064110Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.844{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\charsetgroupprober.pyMD5=E7F08780A8FB42F77C61315AD721763F,SHA256=1992D17873FA151467E3786F48EA060B161A984ACACF2A7A460390C55782DE48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064109Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.844{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\chardistribution.pyMD5=1348267FC095CAE77B3F24A48DD6ED06,SHA256=DF0A164BAD8AAC6A282B2AB3E334129E315B2696BA57B834D9D68089B4F0725F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064108Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.829{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\big5prober.pyMD5=1A45BD1F7CE22E30EEC32D870AB02E44,SHA256=901C476DD7AD0693DEEF1AE56FE7BDF748A8B7AE20FDE1922DDDF6941EFF8773,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064107Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.829{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\big5freq.pyMD5=14C69F7CCF62A473CAF8D24A85302168,SHA256=0FFCCAE46CB3A15B117ACD0790B2738A5B45417D1B2822CEAC57BDFF10EF3BFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064106Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.829{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\certifi\__main__.pyMD5=49689CF432641C277156F1B5E119BB03,SHA256=D64DC2AFDE6F0B1C464460E58EB5B7C0C76965D2F73617F4BB59FE936A9DB026,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064105Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.813{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\certifi\__init__.pyMD5=4F961600CEE113E248238664EFAA9C02,SHA256=F9BEFCB5789B6E5D2AB600B3BFDB5CF6FEA8CF070D5FDD79953F537F86BD95DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064104Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.813{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\certifi\core.pyMD5=C6049E17CC2D9BE76AA6F45535147C62,SHA256=80E15DD331D8971E24AEB2C49FDF367AC3AD9B3DDD8E21B40454838608E5BDC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064103Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.813{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\certifi\cacert.pemMD5=3DCD08B803FBB28231E18B5D1EEF4258,SHA256=DE2FA17C4D8AE68DC204A1B6B58B7A7A12569367CFEB8A3A4E1F377C73E83E9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064102Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.798{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\cachecontrol\__init__.pyMD5=E3E73EB5E363077400B40F43003A708A,SHA256=A49B40694C4EB0C3E7CAD2350378EE009917603AFC92B7529EC838620DCE0448,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064101Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.798{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\cachecontrol\_cmd.pyMD5=BC0ADEA2769C743D6F88F2259900D124,SHA256=511184D0AAC0F3B41E9021B74863DAB6548F4F9EF57594C38CD6BE6575F7A437,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064100Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.798{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180916-184535-00000003-ffffffff.binMD5=FB1AFC0D3D2BB55C96C40F6FAC351743,SHA256=70DA21E73C8FB20989957C776FF79D98DD8F9F6E16268822B174566CA9E7AC7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064099Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.798{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\cachecontrol\wrapper.pyMD5=C08B34AF68D7BC55FFB6C7B07B21B2D7,SHA256=E4B5F4B89C2435052D612130DDA1A61AEF5663CC068A977CD6627C946D1DD0CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064098Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.782{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\cachecontrol\serialize.pyMD5=E8486E48B081348A4265286695B289DA,SHA256=BC86B88EFAB8C7F29238B74421E7689275F669760742E8CB0C5578F85DB50E7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064097Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.782{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\cachecontrol\heuristics.pyMD5=D8978A4C3CEE99FD30F03F8B6C5300B7,SHA256=045187277C90731BD98B37E8F742CB674E13FD9E574825EF168B6BA7B52CD2C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064096Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.782{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180916-184321-00000003-ffffffff.binMD5=7D9E473B09440CAB911DD07E42BD2990,SHA256=F75F5618359F1D577978F91F28A8521A2DC293EFA0BA8B88685294E6A4A08F1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064095Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.782{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\cachecontrol\filewrapper.pyMD5=B9AD2B26822F199F30A96FD03EDABD4E,SHA256=BC008A3BC2E5CEEFD95B28D5D45C67D4C0384C653AD0DE4DDC64AB0057406364,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064094Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.781{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\cachecontrol\controller.pyMD5=4AD4B9741324E27BB944D9E9F7C0BE39,SHA256=096117DE979D20CF6CEB4B2E7F8CD93ED9BF26F5609EFA203062BF3A2046E45F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064093Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.777{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180916-182646-00000003-ffffffff.binMD5=1E583AB018B909389A1338473ABF3956,SHA256=B45CF5DD40179BD251F41B919E9458680D818252D80FD2B91C2FEFCB5F503D73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064092Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.777{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\cachecontrol\compat.pyMD5=79816562EAA066C6A62B1EC796100E27,SHA256=90736F31176DEACFD7C2AABFF6A266AFDA2EDF060C38C50CC4F3DCC0DC53F0C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064091Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.744{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\cachecontrol\caches\__init__.pyMD5=D701625642C107D45585A59770E2EAB5,SHA256=FA01CD298BDA783D243A4E4CEF878EAEC4A020A52D0BA8BA19F6E6BA01B0784A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064090Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.744{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\cachecontrol\caches\redis_cache.pyMD5=3908DF2A953761687424BF13A0646993,SHA256=1F17A5329342A3E758AF67E2243C0CDE1861466C5462D079B579B51A90004F86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064089Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.744{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180916-181911-00000003-ffffffff.binMD5=4C671D97AF51B223E12328199EE9531C,SHA256=E736C4E316935852B66AA450B3E591273B16E5E5E492E699507E2DE76380F455,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064088Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.744{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\cachecontrol\caches\file_cache.pyMD5=52F2DFCB0252B36CC64A980F6F17CB49,SHA256=9D854AB09B5787A8095EF767D625B2AE1C6F930A50ACAF9E2A8311CEE8B090A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064087Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.744{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\cachecontrol\cache.pyMD5=4F8FB4E0C5A2DFECED775161D9D1093E,SHA256=D5F738C093FC1D8B75C9C9C95DE130E690A97812F60AAC71EA0F456F40180D64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064086Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.729{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\cachecontrol\adapter.pyMD5=3CBAF21152505DD76417624B17890655,SHA256=B12C1A49877DDC821F085538B4E3204A8E9BD8B0ADFE0052690523F24B4914E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064085Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.729{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180916-181813-00000003-ffffffff.binMD5=CE6CCFDBF2769F95902534BB1DCD4E47,SHA256=20904389E85F9E7F5710C2F1C0FB855D2694174C43C15534FB32D6165EBEC8E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064084Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.729{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\appdirs.pyMD5=C8FEDC011ACED38EE2CC3052E7519006,SHA256=33A218449B5D6609923C25C248C051074553DCFF0C7456D60836D22EB07611B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064083Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.729{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180815-005433-00000003-ffffffff.binMD5=C81778D7E0B7F3FF1F0CF269FBFA0807,SHA256=DED3E5D281654BD43A0CFD456380DB570FFCF61DAF336B66394C5054D93465F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064082Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.729{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\__init__.pyMD5=8D88EEFA768215E92C51B38E261DBE93,SHA256=9E7142BB1ACF32000BAC80F14A8CBE1FA663E16E1463AD03FAE2F5689CAAD297,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064081Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\wheel_builder.pyMD5=28058C57B7FA3A720424617B9A22613D,SHA256=856EB7666001AFAE6B3A24910475EED63054744670E4B662C342DA4016F3D252,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064080Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\vcs\__init__.pyMD5=EBA6BD4ACA847FBF75D548FF07627DDC,SHA256=500AAFCE96E2D156D9A3751BEAC904799030FA8A08651FB35FF5A909BC720A85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064079Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\vcs\versioncontrol.pyMD5=19991E34435CB878EC69741F7FDAFE2E,SHA256=8CC2A2B701386D0E398CE28AA26071801CA99B64DCB8319659D4D498F6BE3144,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064078Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\vcs\subversion.pyMD5=2D48E40F88FDFED25ECFF8E71BC2886A,SHA256=151318C7BABE6FAB245AEBFA214EED2720BC266F0F3DB94C9C7ED637FB9C5D65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064077Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.682{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\vcs\mercurial.pyMD5=B532D89B822E0931C43116BA2604CF19,SHA256=5B0A1359941D40DF457144C836F21E6F456DE3A509FE52DD7F604075E6BD4E27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064076Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.682{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\vcs\git.pyMD5=89339AB9DE393D9F382AE52F30B1D746,SHA256=5434B3425921D77F74C70E8F321E9F9DE240672735B3DA87660BA6DF03B70CE5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064075Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.682{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\vcs\bazaar.pyMD5=C0B006A5825B826239578BB1F9D4CB46,SHA256=032FEF37EF3BBD8484CC1A974F7455C25E34BE5939EA3DE3CBF01F41B323E2EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064074Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.682{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064073Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.680{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\_log.pyMD5=D525AEBD855B84182950CA3E13B6FD7A,SHA256=FA31CB384FD31DA673E4115C0A7A122FD11802D2749D77A6E3DB3DA1FE23BCAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064072Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.676{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\wheel.pyMD5=89E3735229E8A65D84EBB7375546D89F,SHA256=0CE21565A5CDEDB30E01E304AB320E6471A5E0E14EF8A1AB12A05407CE3C0CFA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064071Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.660{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\virtualenv.pyMD5=F51C40CDE124F63BEDD8B01CE44DBA95,SHA256=8914CAFAC0FA6D6A47A97719D0409F76914B59AB4C3871545422116B42FA1AED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064070Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.660{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\urls.pyMD5=A8EAB0C03BEB45A20E6D1EE919275E30,SHA256=3B97F855E289F5C5ADFC22AAA8A9A20D35B8F2E3B3A3450D6F54163D0D27D932,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064069Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.660{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\unpacking.pyMD5=8D823D818135C393B20D1C144E345AD0,SHA256=FEA619826ABC6F4AD100DDACC17B1FF557CFA20AE34A196C4EF85123685E0582,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064068Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.644{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\temp_dir.pyMD5=F3784F99B1598A7DCF4CB0845CFFA0CC,SHA256=F60B3737D1907955D15568C921A952A47D6E8FCC905CF4F36AB6F99F5FC7315A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064067Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.644{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\subprocess.pyMD5=FAA929C623CC3B9EC8356961967F7739,SHA256=ED03903C98FA7B3215B32A4926B732CAAE3E98933DA94B0E74E2EAD3FC148800,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064066Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.644{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\setuptools_build.pyMD5=1E954E7E895B519EE611640400A2791B,SHA256=C64F6C4418D4C8D4C7B3F4EF11679B556B3519F2CF376D3C333A525EBF4E93F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064065Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.644{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\pkg_resources.pyMD5=B87C94D8D04930B1E9756233F3985891,SHA256=8F01F925588F7BE2655CBBCB0B4F8049F4D309162F9B4BBD0B04067168F14AD2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064064Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\parallel.pyMD5=463B7025B9577E7AF661F98E2D42B8E5,SHA256=45917825D74F11655B9243C29277EFA6A68B7E6DCF9AA77F001A021E6578957B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064063Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\packaging.pyMD5=A3ABFC7729E2F02A90E0315A290F1122,SHA256=235F77F0007B169ADC54925DE82D2F4A232E0956A39ABC59179E6F5F98F46CCA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064062Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\models.pyMD5=75BB983D1A5A4D14FFF5E2B466BC9087,SHA256=A82818C94C369881F5A6899BB09DD842C32D38D660C89E011B03B93099D20B87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064061Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\misc.pyMD5=5619D0A02CAB3D69DC0C357C9095D1BF,SHA256=5A158C29BB68056BC6AEA54C68F7A428C2FEA2BB0B9C3D9ED0DF376AB8E9610C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064060Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.613{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\logging.pyMD5=98BBEBB50AB516BE9DCA1466428FF60D,SHA256=139544D67FA9AA075DE436A33D03CAA66BBB56925577B7408617633D936C6231,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064059Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.613{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\inject_securetransport.pyMD5=F49226A3B8DD4E4681F1B965745BB7DD,SHA256=B4697D060CADD881CAB41DDBD01FBAAF75B6C981773A0F8F05ED3AE3B4B7959B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064058Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.613{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\hashes.pyMD5=9BDEC12CA76B8548D3E8EEE0DEC01C15,SHA256=A35A90124A9ED80AAC466FC984BA0CE21931995B5EC07D1966943A10139B1EE5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064057Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.613{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\glibc.pyMD5=4E0A963F68A8B3CE193E4021D4618622,SHA256=18CD58DA15A439FFEDBA6C9218583E88D6DCEE88A505042B8DCCDBFFBD39085F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064056Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.613{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\filetypes.pyMD5=AB82758CA4FA6CB37CD45E9CBE0E9491,SHA256=C1EBE255B6A91D6550FFCF8AF8F4D0FD39D82FAEA4662E12AD50539916195CB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064055Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\filesystem.pyMD5=CA4E000CD50DAD4100C6502134F1631C,SHA256=AEB97EAD8D70F136322989DD53266513D7DF910C80E3E8C8F71FF9F735E49F9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064054Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\entrypoints.pyMD5=5005BED9414000DBF936802F4CC959B2,SHA256=68FBC29D0562F47764DF92A5A30C3F0F989B8D4A6AC60A9C24FF0EF55B8C65E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064053Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\encoding.pyMD5=7C05251813A68BC4D206860B0AAF08A4,SHA256=6DD67762052968E10123930FE3E0C45E241AAC25B7574AF1C35911CFE4DA5354,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064052Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.391{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52451-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000064051Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.582{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\distutils_args.pyMD5=2FEA699075033B60120070DE3D6624A4,SHA256=99C02C732A7CD2F4EDDF10064E2A67A6073CDD5FBFC02BF274D10B5572EAEC92,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064050Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.582{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\direct_url_helpers.pyMD5=7AE1202C9655453E0D6BC4495928D4A2,SHA256=E5F7C1F461E8A9A954BD253A0B9DE510575481871601B5C919FC82C06C8896B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064049Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.582{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\deprecation.pyMD5=763C3CE5A5CC39BB839C8A22BBD80292,SHA256=D1B762BAF9C070064CA75743AF0C4AEEE0E09894031D57DBD7BF74FF2A4EF54E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064048Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.582{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\datetime.pyMD5=913AB688B48547F157B5D13B3E854813,SHA256=9B6D58DF002D41CFA38BA55E6FA93F33983A034672148E1E81C853767C21FA94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064047Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.582{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180815-003321-00000003-ffffffff.binMD5=041F12576B02ED32C95B2BF3CD182D93,SHA256=6B3EF2BBB61894841D90ADA7F15E60BF26FF0C269672DF7D48167EE92106B994,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064046Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.582{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\compatibility_tags.pyMD5=3AD2590DC4EF09065C7795E326F6FB5C,SHA256=8763F85346429161F03D8BDE07315903BF62B7A6A01254619BAC9C8BB4BC302A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064045Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.579{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\compat.pyMD5=AF88D940B9DAABD00B97A3CF427B26E6,SHA256=002C817CB823DFF5C6FA2039A26103AD7A833347102B38BC87C1D10489F31BA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064044Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.560{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\utils\appdirs.pyMD5=AB4B1CC2370A8F297D285761097341A5,SHA256=0B21F46AB8E17D1E2469EC9B5ECE41D61C5EEBA29E7827ECB09862445C691499,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064043Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.560{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\self_outdated_check.pyMD5=7E6EEEF301F5AACD6B8E5384A1684816,SHA256=8AFA1461A1AEABE45AFC3BE566F3ED1E181B63DECD28762E3C6CEB80DD86D40F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064042Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.544{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\resolution\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064041Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.544{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\resolution\resolvelib\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064040Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.544{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\resolution\resolvelib\resolver.pyMD5=9E18FAACABD226D29536BFB7716FCF3F,SHA256=46BCB7E9DD2E08AA1B7C19D23D8330F164ADC8D62D8C0105CF78FA66D06C6C64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064039Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.544{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180815-003101-00000003-ffffffff.binMD5=CBDA29ABEF8D061B770EFD9271853C05,SHA256=5A50E5F1176AE461317177D759C667CBA48310FEF7AA7C9722C5CD55AB37A16A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064038Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.544{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\resolution\resolvelib\requirements.pyMD5=8AFC95A54EFCAC61D2DD0D66D9F7D7C5,SHA256=A5CB27C33EEDC720CD65410E58939911F8AFCB708E5873DFFC3214EDFC19F8A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064037Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\resolution\resolvelib\reporter.pyMD5=BEEA5DC416948B017E6DDB4BA1509A8E,SHA256=674E976B877D75359B1CDBD7201B41C439F80C77909A5C96F4C240A23902FE25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064036Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.529{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180815-002924-00000003-ffffffff.binMD5=289B48B4621D50D18B1FC937F82ED3EE,SHA256=63596450C909C8B48C26A152FCF3EFCAC677F8D9986A9B1D6E40881FC077E30E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064035Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\resolution\resolvelib\provider.pyMD5=6067170EBD9C6CD8DF5D892D2875AC38,SHA256=7F2D77F510F13EBB0F98D2E7E98AEB8EA8413A678B63468710477366A4B7E5A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064034Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.529{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180815-002921-00000003-ffffffff.binMD5=4B5335040FBAE083D5BA19865A46A015,SHA256=90D759EBB898FDB647D5EF205EC3D846BFF4DD62C674795B3EC9977A3F3CF9B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064033Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\resolution\resolvelib\found_candidates.pyMD5=CEF7B6F4D61A876810B07CBBF012A5C7,SHA256=112DCF3400A1DCE3701808213E2A7655B832CBF7B86DA2A67841075508AAE3B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064032Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.529{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180815-002756-00000003-ffffffff.binMD5=F6E7BB5C42EE9764B60669E0C9FC0D8C,SHA256=64BE9351E11BEE9D902606802541C4026DEF694BCA251639203C87BCFF1DDA58,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064031Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\resolution\resolvelib\factory.pyMD5=5E8DC91DB37D393FE9BBEA9D538F4401,SHA256=37DB5E94D0756AB155FB84EA746761F4A30BF337C059D31BA9448D8A9E877847,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064030Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\resolution\resolvelib\candidates.pyMD5=8D5019C3A4CD743A769EA02AFE8E1E18,SHA256=4600AF2DFD6678379C9B0F657E11BF014E6D37DB9F682D040EB715391DA18220,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064029Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.513{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\resolution\resolvelib\base.pyMD5=548CCF366A16E27BD5BD514DCD29EB44,SHA256=62F81BDA37F497A4B80B6AD701B8DBA5445817ACA352009DC034AB9E989903C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064028Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.513{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\resolution\legacy\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064027Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.513{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\resolution\legacy\resolver.pyMD5=7E193AC82EFE9E57AF84E2ABEF383898,SHA256=4D99C651ACBD58CD949345B70F8F0E03BD14F5C2D86061F195EB3587D10BA928,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064026Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\resolution\base.pyMD5=CF15AC84EAD5AEA9F9C064DBFA83F343,SHA256=C804F0216D556C9930905248806DC941A7E77450D2679D2C99CF80A3DF92A312,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064025Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\req\__init__.pyMD5=0C6EAAC1A55761C0202A7DBA77D7B8EE,SHA256=973E0615FCE6E60B26D1EF07F7C5A2E883C8D7847625D0CC05CEB5FB817ED026,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064024Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\req\req_uninstall.pyMD5=7CD37E0849C4D6E51D0850D99911693A,SHA256=C0170629AC1E2328B94463CFA41AABAE7EB6B7CB8FDDFAD99AB509FAA0DE3B46,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064023Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\req\req_tracker.pyMD5=393D99112B8ED49BF84FDAE2101A1F07,SHA256=749DEA9760B757268A51037D9306C5BCE3CCC40BDB4DD6E507484A4367FA2E7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064022Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\req\req_set.pyMD5=D22017A24F04F4981543BAE5EF7B7519,SHA256=3683D0CED2F56791D9101DE7D96B6CB7A295E7584C0C03DEF407DD0145A624BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064021Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.482{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\req\req_install.pyMD5=174408B3D83AF1105E208CE25E4A6B0F,SHA256=8CF7D23EDFACDD1A110A3EAD62ABEF1DAC71216D72AFC29B88F4466C0C85DE95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064020Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.482{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\req\req_file.pyMD5=1F90D406CFFAAAEC315DE588B246AA95,SHA256=4EC052AF42CC548605EC0AA4C2C9722711CF2ECB4DD1232A29E571722236227E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064019Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.482{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180814-232140-00000003-ffffffff.binMD5=A2F53873D6D701696927FBA912A5FFA3,SHA256=0FF235A04B1F3FF951A30A8B48D32B349E791C7FCA6907F11BAB37E003BF01C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064018Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.482{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\req\constructors.pyMD5=5085E363028639F4190D3F24D3D1252C,SHA256=DF92D16FE89A2F4D4094A04E3BFDAFADB2A297A288E53978E74349C14BD49E19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064017Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.482{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\pyproject.pyMD5=1E21BC708CA04F6CE3BA55C9192304C4,SHA256=4A5D5D39061ACC6F40B2B1344D758ADB355C0D1FC544EB21093C23281450B0F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064016Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.482{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\operations\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064015Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.480{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\operations\prepare.pyMD5=6FAD05A776D3BA641A847DBF4CF382B2,SHA256=8E09C7EC221DA008709D8392A64112BE1AC9D72AF94CBD99639A238D2CD1319A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064014Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.477{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\operations\install\__init__.pyMD5=C6F771F71FE2E186FB048050F4D2E467,SHA256=997EE1C83D863413B69851A8903437D2BFC65EFED8FCF2DDB71714BF5E387BEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064013Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.460{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\operations\install\wheel.pyMD5=6D625432CC336FF03D6992433867EE19,SHA256=E18EABB4EA4F9E396F1A4CD85CFF075F3A89BB528712E03A13180705D6670FAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064012Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.460{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\operations\install\legacy.pyMD5=84243C8A085E5B2E9BAAA582E1D0B684,SHA256=5A4FF8EAC47BCC3B21EEFA788FADC791AE0D4DEBD0EB5ED676A24AB7CFD3B944,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064011Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.460{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\operations\install\editable_legacy.pyMD5=5D3AE52697B9B97D6A62A17FBC4E0C85,SHA256=6E304E6DF13AB33DD498623BCB8F860A029AD969938275A514553B6FE8B4B10B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064010Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.460{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\operations\freeze.pyMD5=9F590E4E7B70CD02D042BA8177AE6830,SHA256=4F22EF5D3E19AA9222F31F17FD34EC80127BE881B9E0289D265C4620705B9813,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064009Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.460{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\operations\check.pyMD5=CF10D164386EF711D2628A07B759E15C,SHA256=CC421DC7244BDEF73B090D69F2A90B146FA68ECF8B8E76890F13ABD56239629D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064008Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.444{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\operations\build\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064007Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.444{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\operations\build\wheel_legacy.pyMD5=B488F4095CD70842483DC8D9CF8982E9,SHA256=34E2614D831896375B8B3168FD68E468A1961B548467A681CAB05D0ABAEC641F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064006Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.444{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\operations\build\wheel.pyMD5=EDA6B3F964C737004C0E726F90108347,SHA256=5982CCC6EC6A3776A1253424D8C23D85D999281A45CB11DE36951D3B43F26F15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064005Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.444{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\operations\build\metadata_legacy.pyMD5=8BC916E81FD492CA56894955D0034E5D,SHA256=10230184B10F110BFA3D4502A4F0975BEC0DF50457758E393CD5C9BFB0592935,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064004Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.444{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\operations\build\metadata.pyMD5=014CB5B2B4038C62EF781FDCFDEC6AF4,SHA256=8C9A74E51AE9D0032C41BEE2CC35DB3460B52ED3CDC0E847423EDC44CE77DB87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064003Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.444{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\network\__init__.pyMD5=3893F116D94097C4AE72769A5F7C21F7,SHA256=8DFE93B799D5FFBCE401106B2A88C85C8B607A3BE87A054954A51B8406B92287,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064002Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.429{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\network\xmlrpc.pyMD5=0FF15B3FBE23AEEBF6D4A2A6FD14A88F,SHA256=0334201B81A04B5E76FDCAA61ABFCECF63085EC09A97EC5FB22B3B7C0EE7994D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064001Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.429{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\network\utils.pyMD5=60BF5D264EBD92701A16F2B889BA80E7,SHA256=8A02E54EEFFEAB42E62FC15D24AABE523EC04FFA30AD0F93F457F26AB9212B95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064000Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.429{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\network\session.pyMD5=04DE191FAE118D58E228B843E133EC80,SHA256=DED2473500A8A0CEDB8CB2B558FFAAEAD889F388EDAA4CAB21DAD863CE164750,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063999Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.429{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\network\lazy_wheel.pyMD5=298EE98EC58737209F6ED88B1AC5CF4E,SHA256=E2CCC28545B623DAAE820BE312822100B7B39A2555B5E7AC70687A4C352C95A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063998Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.414{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\network\download.pyMD5=31C0263321EA46320C802EEEA77C5281,SHA256=566891F8A28806E8128594B82650FB37C9AADE112BC7ED1F2BE0FC693614DCE8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063997Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.414{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\network\cache.pyMD5=A264F94D174DEDE5CBCEEAA1D3BC2E66,SHA256=1E8A6B30279CC1DE084B6C03668C1CF41FCEA5A065163258265E313B1BEDBB05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063996Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.414{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\network\auth.pyMD5=DB79B7A51680BB17956D8F2FEB594363,SHA256=CEAF9FBBE78AFC4C22AA34F449598CC6ECF2BE106509D046262FDF9CE99C6ABF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063995Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.414{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\models\__init__.pyMD5=F4122DF11215E5CC0F203F0C4B9238E9,SHA256=DC31D477FAB1A4FA337F3A2EA2A6BD83DB6CD42CEBE6A6877C5C5B9F1AE27A93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063994Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.397{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\models\wheel.pyMD5=1E8D4A1192412F9670E961FB9957CD58,SHA256=11CF1FBCFA1261E057F5CBC1BDF7CB33B80D471DB70AB56E77574DDF32660637,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063993Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.397{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\models\target_python.pyMD5=290610435F06A5D1E477A3A7083BB6F5,SHA256=EE24F895B46DA0D464C2C98B9DDCAC27821CEC8C29FD8C88208DDDA1778B0FC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063992Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.397{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\models\selection_prefs.pyMD5=4C84333B467C35E93A895D48CBE8C6B2,SHA256=384A223FCDD6A66EDC5308C7EDF9DB468ED3CC79790F8CB6DD6D099D92D793FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063991Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.397{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\models\search_scope.pyMD5=14F6BD7C92909A64C78C4E76A2B263B1,SHA256=9B290479ED300CD0B1F71666401B6481568389055C0CDA9B8C0646A88D679BBF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063990Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.382{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\models\scheme.pyMD5=40D84FA07291B6A0DB67750014BADB15,SHA256=8B6406B7927DEA030A0BF5A6EF13B9F3B9226E184285442850B8401603D1C641,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063989Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.382{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\models\link.pyMD5=50CEDB19FEBA8E1F44F050C2964A8A0D,SHA256=721451B86A9E139C355EA89D0ABC3A8FE8FC3BE79E0A6C3E1D4758091D7C1E64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063988Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.382{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\models\index.pyMD5=E1C85D7BE35248E339A61AB7F8E8C04D,SHA256=FD4DA29845A081EBEF708EEB85008564AD1D8EC13E22DD770499AF5BD1239A28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063987Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.382{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\models\format_control.pyMD5=012CEFE9FC01836E046CB6035FCD59D8,SHA256=B799E6143E3786E2058F455C855E85BAF95A4477DA313A2D6C139338F06C29E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063986Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.382{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\models\direct_url.pyMD5=784BF1A3FE0E21AF989FDFB1F73B1D7B,SHA256=C76FA4027ACFD7C5C074E7ED6014AD0CDB7765F77CB22A5E7F987487F79F1AF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063985Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.377{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\models\candidate.pyMD5=9E831FB9C15C4E40D079185035CC10A7,SHA256=6F66A2B9F843E63644234CE111A327FE8D5546575513627E30FB2A3E9718D83B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063984Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.359{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\metadata\__init__.pyMD5=0C879B22E5D11687FF09D46E1DF6654F,SHA256=D174034D6C1E60E57B91C32ECF0A220A082EDF025E6AB04D70AF0957D2D703A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063983Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.359{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\metadata\pkg_resources.pyMD5=26C42B427FEF6DC48B547ADD72B67142,SHA256=C4E62DE8896E203BD5320617F90A190374856D3A099590CE54F44754F276524E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063982Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.359{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\metadata\base.pyMD5=268FD5BFBECA6840B88AE5C9C869D8B6,SHA256=A118F9F1F286BAD64A642B257D094A7EBCEE5C8FF4338C35C553A5B93DFEE934,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063981Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.359{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\main.pyMD5=982B80829EFC15D9BD7909004DA4F12B,SHA256=059D2F91DAA0A68B5E4E8D40D50F28BC57BC13380A14958E5233E621441F1826,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063980Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.344{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\locations\__init__.pyMD5=5BE0A4874D7BE5A9B54403F85204DB88,SHA256=F07BC09CF0918B62E7E728A6A4746AF0D56DB089A1D4A12FAAC3E18B81F9EB2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063979Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.344{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\locations\_sysconfig.pyMD5=6F02A78E4270EA663B9C8D0C4954F83F,SHA256=2D034A4C92B28D5AB15DA3E7B65070754A931B5C7061FE8654228C6F2449C793,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063978Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.329{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\locations\_distutils.pyMD5=9260F34F27CE84DEF106819EC41B50EC,SHA256=4A4EEDC3C64FD4358C609F0C89B001B1AF08304D848EFD4F29E1A56100814D97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063977Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.329{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\locations\base.pyMD5=745A76291C81D805A3586D6E9671057B,SHA256=C790F538D92D98F25DF279D44E1F842EC009EDF89703E93ED1AFEF85F8B6FD4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063976Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.329{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180814-231815-00000003-ffffffff.binMD5=5B4833B88A18A7CCE704ECF90725A1AA,SHA256=D7020ABEE85BA7E04F5A8AD50BE9473AC968624339F0D6A7C44DAC877FA8EF1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063975Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.313{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\index\__init__.pyMD5=8B1D3A4A3D674CF9F227B7DCBE69552B,SHA256=BE9B7E25E4D979F87C6BE142DB665E0525C555BB817174868882E141925A3694,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063974Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.313{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\index\sources.pyMD5=5BAE5D33AC0BC0383E1D9555F69CE27F,SHA256=495C8F8ADBF4F3E41A961DBF064E5D88027D18003F77E6BDDE4A28B90A1D006D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063973Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.313{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\index\package_finder.pyMD5=F53569B0EDC02570E3AE9336BCB2C977,SHA256=673B68FCFD583DE4E506325394F814F308E87100C99CB619C54491F09C557F51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063972Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.297{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\index\collector.pyMD5=CF1ABB502042ABF5A9149B25FEC4C42F,SHA256=A07E179581EF18C5DE3DB8CD84A64FA4B23E34B0535F1A4745166043CE6678D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063971Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.297{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\exceptions.pyMD5=C10A5D5AC5BA66BC3A4FBD5143D9C19F,SHA256=D89409492EBCA20811FD920E03E8755360D10035116E4427F4D7F8119599F37E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063970Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.281{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\distributions\__init__.pyMD5=8FBFE6A40E1F2AD53E483516EB995753,SHA256=1EAEA4B7A8170608CD8ADE614D358B03378234E2A807E374A46612A9E86B962F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063969Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.281{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\distributions\wheel.pyMD5=6EDCE64A3A26A821BED237AD4189790F,SHA256=27B0CD42F292E74A577F05ED7AD299B4B36063390473C4806DA290E6FE891ED0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063968Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.279{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\distributions\sdist.pyMD5=4D5225633C6201010CB86AF4CF5A74C8,SHA256=54199ED543650AE1FFC08A141D366AF67828D8DA455905E626A9F051BDD9A539,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063967Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.261{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\distributions\installed.pyMD5=816237529A437643920D4690DF46DB63,SHA256=813DB45929E279C3AF286300FA70B2ABEE0370996B223BFC8D3F89116C843A70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063966Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.261{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180814-231446-00000003-ffffffff.binMD5=6A73A7065003F30265190A5A29156909,SHA256=654510ED3BAFEBBCEBCD856708F021E6F6FC2EB0EECBDF5613669EB60362AE5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063965Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.261{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\distributions\base.pyMD5=864A062ED147E77C6E87C85B68525B16,SHA256=1B29E59D513740BBCDBB826F9F13CEE83F08412B3F18094551A6C0E94F86F9E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063964Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.243{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180814-230814-00000003-ffffffff.binMD5=8DD92A518F4CC210E334A39D78E36F7B,SHA256=A792265A4C6200D0C92C14F86C1ABB33B8340CCADB568DA4F1D2A61E85747F2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063963Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.243{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\configuration.pyMD5=511E228E6ABFBC339117DF4BE75ED2B3,SHA256=4012DF86FFAC6CFFA8474F0D1714989EFFE62C1F9282D34EB165C017DB4311C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063962Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.243{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180814-230709-00000003-ffffffff.binMD5=F920E6E4C53AD659865D51DD6A505DEA,SHA256=B88A83134F6E39346E9F924DA637E715C96B082EE1483E322777532B1096E0A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063961Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.243{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\commands\__init__.pyMD5=CC3DB13C2C14D4D43DFE8AF58F0C644A,SHA256=DDFD595627440DF826CC01FB6B2A592CA39952F532EEAC6FE17D42888644377D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063960Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.228{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180711-034159-00000003-ffffffff.binMD5=A642437C77EF6A04CC1F656317CEBCCA,SHA256=5F00235E1D6C5F78830D6F3ACC27755309E81A065E7F4CA4DF659F91404A0D9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063959Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.212{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\commands\wheel.pyMD5=C8B9141FDAD3807B0D7455227610A4BB,SHA256=5221F5E4D5DFAC9F69885360DE81E6E27D89CA4F4E8EFE6AD0CBEB59B1C1DC07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063958Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.212{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\commands\uninstall.pyMD5=6889EC9411EFCD51E43829D725BD37F3,SHA256=D1541031F3C14C64A55899F545182F62D2614A3EED40561CDC7D643A3AECB511,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063957Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.212{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\commands\show.pyMD5=8F08414F239DC51ADA1FE60D58CDC8EA,SHA256=D93C56689DAC6820D2554541A1162E7A28CB8AE7A27760CD3A166E33E8E119FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063956Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.212{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\commands\search.pyMD5=7655595DB6E2955FECC8ED1CD47E1283,SHA256=3FC198D3BEC9994C32EC588E81827508F0EC04F826A3B8ADF9BD7896EAAE24DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063955Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.197{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\commands\list.pyMD5=18A872DF7983EC527F645793E18E67C8,SHA256=7E91BAFCA62AB4010157CB9296DFE57C5EE8D464EE4B851DA1BB198D5A99B294,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063954Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.197{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\commands\install.pyMD5=537137F04518AF4DCA01F8338E361949,SHA256=155FAA05B439E9350498B0EDB964CC78DA43E1A42D3A98C1122EDE3EA944B523,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063953Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.181{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\commands\index.pyMD5=65C95A1D890BD84D4AC770921AFF4C00,SHA256=C40E4B495CB592FF8802FB23217E969E4E591C0D18FE6E803FD4F9668506B3DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063952Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.181{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\commands\help.pyMD5=F0A47B4EA4297ABF8B3E7D116A32E648,SHA256=17F20990446FF6019F182E98A413589BFAACF31981A615027CEBA0B8D452A8BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063951Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.181{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\commands\hash.pyMD5=1CC6069F9DA29550394A7291503D649C,SHA256=639150FD681BB84167271C8B65D3583FDDBC04658DC8D9BD963214AFDD11EAD2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063950Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.171{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\commands\freeze.pyMD5=909DEFC87C4CA3D7754F2B8EE14526D2,SHA256=C74FA26BE305AD5BDF62A7B9A7AC805AACDA2B90088B74AAA9C5C124DBF15E48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063949Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.170{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\commands\download.pyMD5=E3E2EEC7E635E831C759AA326439D0D1,SHA256=546C90E930CB8AA26A2577C9C2BFC3E99B879D87E19B364F424D66452429DED4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063948Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.145{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\commands\debug.pyMD5=DE7A239BD20ACDA8B1E585B23A71D610,SHA256=7FDE377DBAC052E7D0EDF940476CC77C8D288BFBAA8491045BB163FC48B00756,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063947Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.145{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\commands\configuration.pyMD5=841057C60803781A1EC74A63811B9F1E,SHA256=4CAF554D7349E616951F40DCFF2961AA8E80F50FC670DA0DB0038C25F7F83186,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063946Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.145{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\commands\completion.pyMD5=14292D4667102EDAB61DDF3B9B86A772,SHA256=E1487F720D38A839AD9A02E38BE278549299F01688059CB6FEE4D62E2F2D8959,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063945Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.145{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\commands\check.pyMD5=DB2A44117886EBF4EE30E548DE7B13F9,SHA256=80F0BA193A7B4BD68AEF721E6405BB67ACB194C9D674CC834EAF5EAFD9D7A486,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063944Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.145{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\commands\cache.pyMD5=6EA41376732EE07499F759D7FAE75D22,SHA256=3B582B4234E0E88445B3FF03C4C1F4D39F37B66091D2E8EA4CCBFF819D21D2E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063943Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.129{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\cli\__init__.pyMD5=F0AC37F23494412689AEE309275C45FB,SHA256=1641C1829C716FEFE077AAF51639CD85F30ECC0518C97A17289E9A6E28DF7055,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063942Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.129{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\cli\status_codes.pyMD5=C28210E327C369C51DC0B66A3E5C04B7,SHA256=B0414751A5096EABFC880ACBDC702D733B5666618E157D358537AC4B2B43121D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063941Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.129{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\cli\spinners.pyMD5=E6F78BA7B4C40B1462D2510767642117,SHA256=4C5863C6D3A72DE349E58991BD09B878A3E03DB24D9198AA3BC8CE5EEC516985,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063940Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.114{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\cli\req_command.pyMD5=0CFDC77546B0E4B8C7221D94367FDD94,SHA256=665C4A152F4BB446C4D48441E89C9E51E60C7BB96F2B1548CE976F6A0F811E89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063939Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.114{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\cli\progress_bars.pyMD5=EF6F496A135E988AB0AE0D6D65D6AFD0,SHA256=85AF30A3072563CFCF6A8334733E06EAA2B7EF38E7CEEC50FB274EB73C7810C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063938Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.114{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\cli\parser.pyMD5=0FD6F6036F7D0F255D76BDE83A9F9E86,SHA256=0835D3B85AF6503F28CCE95961FD4A0F3890768F7E5FF21A60E894732250C2B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063937Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.098{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\cli\main_parser.pyMD5=53F09F2FBC7C0204D5FF7AFAB1B723DC,SHA256=43D4E7CAD7EE0B96762528C1156546B447582C5CBBAEE90D21BD389A8BC7740A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063936Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.098{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\cli\main.pyMD5=F83F2AE93A2F06C8ED5278D875B103EF,SHA256=8A827C21595BD8AD6A2CEC51FAD5E479EF6551185857CF420CCEF530A6A0ED86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063935Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.098{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\cli\command_context.pyMD5=CE2EDB67679B63F533755BDD207A0907,SHA256=6B5A4106FBC62C3899D4AC3AE3FE2D4FA1E6453C180E8632F091601B90B39FBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063934Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.082{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\cli\cmdoptions.pyMD5=2BFBBF229CEE1EADEB0B2AD5EE02FA73,SHA256=C4EAAF80335FA64317563CB4987DE12341F2733543EB032E3FC2B8E2AB2F6DEC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063933Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.082{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\cli\base_command.pyMD5=7EEFE6BC3818F5811ED64ACC085387F1,SHA256=0EAE685C15D8776E06687B35BCFB7A09F6200A5DB657FE2D2C426A7D0C81ADD1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063932Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.082{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\cli\autocompletion.pyMD5=0D8A6323817F0313DC5A573104ED9409,SHA256=34AE72A9EE3D4A013164E085544513E417F4415D82B884C62B6ED64A8D8C5A0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063931Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.082{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\cache.pyMD5=6CFB0135964D1963182553A47F5FA947,SHA256=E9538DB6845E1996C177BB2A6359FA87091D582E22CF7B665F05F0663A6364AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063930Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.078{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_internal\build_env.pyMD5=52604D49C7EB90954BA8B4B64A6183EE,SHA256=BAAB6DD45D35F3972DCE67B9517E3723A6C51D578E458EEAF9DCA1A649393431,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063929Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.058{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\signal.pyMD5=0DCA73844D3B73C9802F6210C70DD4DE,SHA256=D470D65C87914AE671A202B8987437A6918AAE477942E58BDB1D0056528115F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063928Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.058{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\shutil.pyMD5=129967A1630B88FC95799CB41C14BAE0,SHA256=4B02FDD86B68C0AC95C98EFF7AE62FBBCF406950E9164A17513ECE0081450102,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063927Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.058{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\shlex.pyMD5=618BD4282F39939BF6F935F67D4107C7,SHA256=731C1374ED3D47C53C0C38E4898F2A21DF0B7984E730C7FF3F3B26B96B25FAC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063926Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.058{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\shelve.pyMD5=D72FAB00C3F5E7AED0B707D03A30CB02,SHA256=0C8AC8DCB31AB0E9B5EBFD1CC99A827BC78DEFF9966BCC7F7B6A3AB08388A9AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063925Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.042{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\selectors.pyMD5=01BBBA21BD0235FB164A2ED722AD6D04,SHA256=28DA125E058CD0E535467B214B510EE4B1E666BE57EDB183404C09EDF935EBBC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063924Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.042{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\secrets.pyMD5=C603DB6D1DC7CA53EF4EDF99ADE55CD6,SHA256=8B91B370319945770CCC838EBDF438313212129EB1F7E1938DD0882688EC7A18,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063923Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.027{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180711-032114-00000003-ffffffff.binMD5=E07FC6D0A057E3C9AA92D890CD2D5566,SHA256=4A73212D136415512A1D0AC65A6B61B1B2C8BEB73CA0B90FAC6B6FD0C973378C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063922Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.027{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\sched.pyMD5=BBC46866A07502770BEC1716C4F1CEF0,SHA256=D337D7DDBEB4852D806AE3D29DD73C0F2E0A332C8CE4BEADDF7173C34D6849D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063921Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.027{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\runpy.pyMD5=D77F6131659AED988C9D688A97C47612,SHA256=1FB6034679202E0C78A99E41FEE527003D568CA3FAC2E1EAEA255F4AE5A70312,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063920Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.012{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\rlcompleter.pyMD5=FE0FF94FFFE2562374E8A375642273DF,SHA256=F06D3AFBA28DE908AC91EA1361C66D5F567D4755EEECAF91740019B7E64B25DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063919Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.012{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\reprlib.pyMD5=E7C51384148475BFFEB9729DF4B33B69,SHA256=3BE6CDE6103319B3CA44BBC4D40C60E0BCB14A53E93E2578E8E4E850F4A8C66B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063918Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:52.012{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\re.pyMD5=F04D4A880157A5A39BBAFC0073B8B222,SHA256=5AE8929F8C0FB9A0F31520D0A909E5637D86C6DEBB7C0B8CBACC710C721F9F7D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063917Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.995{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\random.pyMD5=D9F1783FF1C70E418F49EB5862894B8C,SHA256=E2F9C9E08EE7A922D6AE50FED25CB4EFCF833B86D857D846A2BB6C55600D3C25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063916Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:51.995{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\quopri.pyMD5=3B06A77D6A302CB952C0A488387F1624,SHA256=72312E4C1815E29A236D62871D313A9A2393A424A3E04AC3A1393A09C032D22D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031928Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:52.936{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7AC2A5E3CB19344F08E6AED04D80D26E,SHA256=13E8E7AA923C44BF0A8E12EDDF6026D15F50AA8577CFFC60C2AC853B19755F41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064285Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.632{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\requests\utils.pyMD5=DF9775AB04E2C5DC1AF29642541493A0,SHA256=53FFA2E96C4BC3EEBB2848A3E37C476DCBCBD0375E43925B77885F89F589CD06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064284Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.616{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\requests\structures.pyMD5=6704E7E48FFBA962D36E10E836B45AC3,SHA256=9AC02DAFD9AAD49C4777E251CA220B7DD165A5B270BEF16E3F7ADF5104FF4311,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064283Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.616{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\requests\status_codes.pyMD5=F5BCA2603D8660BDFE7F156557B9811C,SHA256=813EFD3DBB3F7108C1829F9FBEB520835767D8340EDF66C38F84C89E39CC3D27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064282Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.616{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\requests\sessions.pyMD5=0F44AA6E022131E9172E7FC2E0C9B805,SHA256=E7B3B8B9DF7244BE9E2D887E76D15BA82D643B877F13065C0A0617124BA395FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064281Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.616{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\requests\packages.pyMD5=4F61660BE0B646E3C7EA1C4DB16FA8C1,SHA256=9E32665627D8E1A49CB6E5B73CFE441510B18C4C0C4433BA27F7DE1B674A5AC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064280Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.616{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\requests\models.pyMD5=33C180D52DC6D65077817B8DEBAF977E,SHA256=F7F2D2FEDD6DE876DB696144DD99311A698737657C060C738A2394F38AEB439D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064279Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.600{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\requests\hooks.pyMD5=E95D38CC4C7540B3F338AF0B106C823E,SHA256=411786CB2D1B45CAF9AE4C02B8E6CD6A46D8B1CEC492229E0701B8A877A4AF64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064278Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.600{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\requests\help.pyMD5=8A937477C05F15AE8CC2D38B14DB8FCA,SHA256=77285EDE57261D79C50B30E26558DC1A656FBCEFE3B6C7C09BE002E78DA7770F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064277Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.600{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\requests\exceptions.pyMD5=CA11C4D78E029AA231C7640730356D51,SHA256=770222E75D91083A972764FCD672C2F3C9AA3CD854167388FC280A2835E14CEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064276Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.600{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\requests\cookies.pyMD5=9D61A7E703C15B12E785F2B4A243CF73,SHA256=63E6CA5FA4EF5B716762513A02ED125ED55559C68D745BEE030431C3E1B48932,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064275Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.600{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\requests\compat.pyMD5=04FEFF687EA550B92DDF17315051EB89,SHA256=2D05AE091E2A5E4EB0EFEA90A295F2CF458D1D47400F8D24D262A768011FD7E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064274Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.585{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\requests\certs.pyMD5=3E2FCBF5F1B02F1CA0C7F0492A8BA059,SHA256=9D7455ABD0ED1A6BFFD4061BC234EEF54AE001C749BF4E59BE435E6A82CE6716,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064273Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.585{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\requests\auth.pyMD5=1A21F3F8F2851B46F099FBCBD5748867,SHA256=38CA092152B244BCBD4C7AFDD72F2BC72B19B9C9703C1F8AD57835CC1A265214,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064272Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.585{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\requests\api.pyMD5=A453C9AF82597B43A730DEDDF019F30E,SHA256=863BA83FBF48004997E83CACAF0F2DD37D9C2DFC0B1F16C8FF0338802E46F6DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064271Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.585{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\requests\adapters.pyMD5=1728525D3188FF99CBD5ED4B061C3688,SHA256=7BE6E6284029355A85772971B8C2497E2687765992FF3856848304CE51EF1AE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064270Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.581{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\pyparsing.pyMD5=6D253DDA76B61466E1DFD53DD99D8EE0,SHA256=2756F8CF74BF2B0C895BB84A1A7A0DFA15D6F6980C23320FE904E1C98E7226AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064269Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.562{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\progress\__init__.pyMD5=38A144356366FB38F28F24B0816D4283,SHA256=7DC6D0417A399E9D82A10CA1487E57A6B9227302D934B78F477B886A1CE748ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064268Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.562{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\progress\spinner.pyMD5=C1CACC02EAD1DF9EA4E309D01D7EBDDE,SHA256=93C25B0D6F784F4F965EE5DFC5920585DA0D3D8A778DF9E95EA0677D1BF97C6B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064267Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.562{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\progress\counter.pyMD5=19182D3F6D42FFC7EF93776E55178265,SHA256=3339F206BBCF5AB3A519EE0C64094651BF6ADDA3837BAFDA35878013F54DA180,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064266Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.547{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\progress\bar.pyMD5=B10ED6F0C60A2E44CFCAC667E191B587,SHA256=42E0EE54D7265E0A71B4DB713B416AEF6C4A8A0C4005A566C58181C3827767F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064265Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.547{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\pkg_resources\__init__.pyMD5=8320FC54D23017FAC1CB8C8C976F838F,SHA256=5E91817EF4BD7DA7C0E9B9B9AF1EEF9F1771B3BCAACA873F367A73280A6427AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064264Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.547{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\pkg_resources\py31compat.pyMD5=4141B9D4A5AD9611EE4D84774FEADD92,SHA256=09193C7E488F4432EC6E2E6965C2AC1C8FFF3DB9A1FFDE0BF26AFD432F406F65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064263Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.531{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\pep517\__init__.pyMD5=396ACF9E7441B662D3735C5EE6D8CFA0,SHA256=A838156C35A9058A53BEDC40DAD8A589F5E5C70CCECD1A88A1D2D975BC9A8724,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064262Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.531{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\pep517\wrappers.pyMD5=8AE1869AC25C6F900822C11AEF5B70D5,SHA256=A8259F1149DB139DFCECFC9097B713F31BF874371AE2E360AE8FF46E700EE119,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064261Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.531{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\pep517\meta.pyMD5=38F3B06F4459B5427968C946DC3C097E,SHA256=F269CCE650E74F8CD742905396225B4467DEB07EE28A81F0A336C3C402CF4BD6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064260Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.531{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181119-024306-00000003-ffffffff.binMD5=C057591E7877BDA5ECFBE135F30AA3BC,SHA256=46D75D6C83E8E19101EB6E3666646FAB39A6C3E24123858429E78EC3EA3E6BF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064259Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.531{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\pep517\in_process\__init__.pyMD5=DF1BE6196A374CD1CE71BBA4C8C1C5CD,SHA256=3325A8022F091DD701BFBC97B96A544950036F1E8B481F6B661EE44C881D03C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064258Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.500{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\pep517\in_process\_in_process.pyMD5=40AA56B9B0E2780FA6B05282839B36A8,SHA256=60925FFAA68BEC1055760087B8C853A71F8BB701B51081957E5CB8AEDBAC7622,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064257Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.500{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\pep517\envbuild.pyMD5=A5144516C003F60950B706BB08A89DEC,SHA256=2DC493D0C01299C40D2CE16A0CFC43A12D648E4825C7C17A784868049F835A48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064256Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.500{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181119-024200-00000003-ffffffff.binMD5=3EB76360059E5EA930714F9139767566,SHA256=C7CD4E600885ACFE6911DD24282983680454DB1344E1D45A76EA327FCBDF79B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064255Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.500{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\pep517\dirtools.pyMD5=0B273F69C74D6B642FF25482A4AD0108,SHA256=DA69009002F4991CFF7A56058D12AE7A44C9562A47D734E7E2D6DFD440DEBFCE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064254Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.500{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181014-052026-00000003-ffffffff.binMD5=AB4EA0F91E9129DC29A021A36F72FEAA,SHA256=0FF1F2FF50C14F4A554422A5A813CE1B27C59CBFC05F1D0483383A76B63EE5D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064253Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.484{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\pep517\compat.pyMD5=AC8409D4408CA5F9043E5E5E9A8370BA,SHA256=7F0D8FCBA96A2F024B7E9E8C2A65EFB759B8B1B6E0A14D43FBF81C49CBF3F0E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064252Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.484{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\pep517\colorlog.pyMD5=57EA29EA651C4FA88D4A9C12AB14D187,SHA256=4E4F40B989BF70B17704A4C1A124C9B7D6D1AF29F4685A232103B06DF5544F14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064251Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.484{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181014-045751-00000003-ffffffff.binMD5=50E0397E22A940EE3A9543DC77C97DCA,SHA256=9D3876D327CE16B9B066FC78C2632C10E3368430918980681EFA6B3CC4822501,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064250Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.484{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\pep517\check.pyMD5=56597412EC97A706E7E37FEEBAB37752,SHA256=0181B6CAFA739ADB0BF35D1CEF9679FA785A5DAED2C602BC00FCB0FBFC79DCE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064249Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.478{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\pep517\build.pyMD5=2E330577A442C72964484FA36F3EC30F,SHA256=32A37F5BAA396BDA1AB930B4BBA5B97082C61637FDC76055F4174C2DE63AD217,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064248Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.462{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\packaging\__init__.pyMD5=B85796F8D9D4E7556C6AD5EC9F0C5371,SHA256=6FD2A4E4C17B2B18612E07039A2516BA437E2DAB561713DD36E8348E83E11D29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064247Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.447{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\packaging\__about__.pyMD5=64305FFA948826EA76F543045533F0BE,SHA256=A7F390968A87DAC69A75C6D4426584B162BCE7B748EBF7DFE44DDA4A20AA1850,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064246Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.447{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\packaging\_structures.pyMD5=7C3B0A1B879005CA6EFD1B8A133FB071,SHA256=4CC8808056DD50E3E621F0C87E21DCDCA161489F24323A1FD904B923ED8DC90F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064245Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.447{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\packaging\_musllinux.pyMD5=209F2C478E48DD72CA6E905FC44778BF,SHA256=CF9C9E1B5CA038FC78B94C8B76A8FEA7C0E4E5405BE47FDBD0D2235BDCA8F280,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064244Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.431{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\packaging\_manylinux.pyMD5=80DF840E0AC823FA34BCFA543296BA35,SHA256=5DC6E25C1FAA723BF76DCA21A7A37DF1332938FE3F8F79BE88E03CA6D2B61966,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064243Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.431{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\packaging\version.pyMD5=8FB00E724A7AF8D0B43FA3365FD3EFF0,SHA256=FDF2D136B16BC5870755FCA8F2F93D8FCB3A24CF0DFF1B12C5516BE91272728F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064242Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.431{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\packaging\utils.pyMD5=359296260A63D16F5149CCDD7AE70762,SHA256=7498DE6ADDC14BE4D89F546B505570B9F50C6AC6EDCCB7D8468CBF1D710D7854,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064241Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.431{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\packaging\tags.pyMD5=4872F6899C0BA8348C0948EEC5BE420B,SHA256=6A421EAD8C3C5B4B33E0E5BD1C7A3381AC169DBB7618638F9B7B2F896D23A306,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064240Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.431{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\packaging\specifiers.pyMD5=15FD93FB6E677BF2638F000CE615CE1A,SHA256=319F9F61C34BDEEEE936BB7EEA0D8440EEC06D15E48DCF923C46305CC41B2E67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064239Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.416{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\packaging\requirements.pyMD5=04B21F77EFDFE2FD090405BA65E94C55,SHA256=36D0E53C1B688E99F52140BCE623233CDB149AE7E3A529709CD03E5DBE26E4D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064238Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.416{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\packaging\markers.pyMD5=54536DFF99AD209486558F4D75F5572E,SHA256=00904E718F0EAB4918739EF42AEB8F4E4BEEAA302586E7DA13673DB0251B9BAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064237Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.416{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\msgpack\__init__.pyMD5=B2A76C69F1AE5C3857D53BAAA6D08253,SHA256=DA027072C4C8680B4233418C8B6AD4FBF63A9082DE790BAA464AD0DB68D200D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064236Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.416{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\msgpack\_version.pyMD5=75EF57300E3D112065F78B88AE68FE02,SHA256=745474DE80029E3E25B0A775467C03EC13CC89523F14CCA074E2F54CE044C3F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064235Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.400{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\msgpack\fallback.pyMD5=B306EDD8AEF6A5735FF81F82CE8260A8,SHA256=469BF52DD7B2F1FF2E7919D0CE70F80112819FD7713363F2C153645C8F0811E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064234Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.400{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\msgpack\ext.pyMD5=851C1FE942948029074C3AA9FE51B768,SHA256=E25DF9E98E2C54472F0A56B6761FDC2F9EEF87818C8597DADE4B961C51D8CFA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064233Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.384{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\msgpack\exceptions.pyMD5=741A33042796DCC6A1C101898F38E87E,SHA256=7424D67A2F1DA64ACCB100DC8D093BE004E5F47B08047D326EDF3338F36A3187,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064232Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.384{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\idna\__init__.pyMD5=3159DCDF671A44354EB58EB6FFB4CBEA,SHA256=28940DD5E401AFC8882B948AAC9E3B957BF11B4049ECB9B7F16E334F4BFFF259,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064231Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.384{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\idna\uts46data.pyMD5=C496A7EDED3E31DAD89152328F5A1D8C,SHA256=0C6CF00D0BFC2628D8D7B23FEE89DDA37B2D8C58CD9E3BD501B03ECF49355CE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064230Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.379{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\idna\package_data.pyMD5=EC3DE6605078816F43A795CB34C5E2CE,SHA256=FF4DBC0787EF69D4486973303188E1B903CFDC0C5322DD48444ED7E910D1E0C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064229Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.362{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\idna\intranges.pyMD5=F711390286555B1298E7D172D5036D3D,SHA256=12A817C32013027F824C00889EA1FDB58B18022B4607655C439D1166DFC2A63B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064228Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.362{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\idna\idnadata.pyMD5=F368F408DF41747BCC4C6E1AA04FB9C9,SHA256=725E31F512DDC3564CB4411BBCAC00B17F8877701D2233B95371DAA0A33A546B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064227Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.362{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\idna\core.pyMD5=F49E6AF58885C0EA1B0DDC291F6F3A64,SHA256=89CAB63F5DD2E89323A1780A86177A8A185BCBB42C9D994D7E7887E9F2F27FA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064226Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.362{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\idna\compat.pyMD5=86ABF546EDFFF49D04E602EFC5FF7767,SHA256=E40F71474E29B911C2B328C135EC199554A26ABB61ECAD5B66AC8439EA1BD5F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064225Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.346{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\idna\codec.pyMD5=371559C2555E850717F77A7198541DC9,SHA256=42C3C50F725EF20375EEB7ECD787BBCD31915A59CBEDB35FD99A9C1D3455607B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064224Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.346{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\__init__.pyMD5=259920BACE7F700616CEAB696617F2E6,SHA256=058CDC282A9E1228B9DB10EBA8116BBA19E6B66922B875C5C8587E720950F269,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064223Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.346{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\_utils.pyMD5=97B45AE75DD8CBE9330BD8D45C88D800,SHA256=0F1F402A7B64B118C54F5BDE063EC8DFADA97F93A021A4F4CE0970AB8DD19DF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064222Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.331{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181014-045618-00000003-ffffffff.binMD5=2814FC0B9AA5AB60225B6B42616F0D45,SHA256=295EDA0B4C9390C3CE6ED00E70D8075378343E324B5DFF04257E7F18E8523553,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064221Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.331{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\_trie\__init__.pyMD5=FD435DCBE13FF2BCFC45EE6E4E7E8FFD,SHA256=9EA7E03BDD74DF6F411152794F8A6C57042D8DDDA2272117436F97F1CD58C705,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064220Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.331{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181014-045616-00000003-ffffffff.binMD5=873297D172B4483A4A0753B586E96E09,SHA256=A037124BFE177BB4D998B1C0BCE9C4D1ED14867FCA4D467278710403D4AB0EFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064219Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.331{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\_trie\_base.pyMD5=80641168D1A81191F71F7B52AD766E4D,SHA256=09AC9B63232BA3CB844506236F2DAD4DE4946AD9D60DF5ABA1437D37B7ADCB9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064218Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.331{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181014-045449-00000003-ffffffff.binMD5=4007CB8661704CE19DB1501BA15DD2C0,SHA256=D9EDCF9BD900BB01AC3906B779254D0C9096DC1311EAE390572BDF25BEEE67A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064217Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.331{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\_trie\py.pyMD5=E2AA3D235A9CC7146B69B11B2440EB4A,SHA256=C179902EB6517F833258DCA0D26DE1F359BD22784B47B189D34DA6208661FBCA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064216Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.315{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\_tokenizer.pyMD5=F8BE051E8ABCF1D5D161F616ACACAD7F,SHA256=D389A0036B0D4E78AEB65D9FC45BFE7A2E5B9ECE2245A3F15575C787F1EB57FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064215Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.315{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181014-034646-00000003-ffffffff.binMD5=93EB4C5485479FE75F15BFE20FFE8104,SHA256=96B4E0D8F2BF2AE359E4B73DC48963BC050DAFF4FB1801AB4054253766E1EA5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064214Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.315{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\_inputstream.pyMD5=E716F4C4F5738FFD252C179BAC601D37,SHA256=8C4ACD012325920B3B32938CF557BF55D2C3272145C1E0232EE855BAD673DF75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064213Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.315{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\_ihatexml.pyMD5=BCD46C53B9C35CF29809F84E96EDB11F,SHA256=89F3B017BA57AA6C938485DCDDBA1673DEACE0C0DECEA46B455A7B1700D8505B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064212Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.299{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\treewalkers\__init__.pyMD5=1289EE9C9C31D14B9A7325B6AFF33724,SHA256=3813ED7354D4E661B2CB5F100CCC4A132604CF4C3115450D8F9BF4F978266216,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064211Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.299{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\treewalkers\genshi.pyMD5=063DDCC9ECB565245453627265F44641,SHA256=E03D8F1026799F764DDEABB78CC97DC98EC1F358E7400A414125657DA22E61B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064210Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.299{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181014-034429-00000003-ffffffff.binMD5=463A64960D603BB52B57568443E96713,SHA256=580407C709E39B2BDAACA8A5968195194280CA849CD341DC40584AD72CD801DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064209Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.299{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\treewalkers\etree_lxml.pyMD5=5E3DA1EA4061F0D389E483F48CB71FC8,SHA256=FDBD0B01558B715BBD59A53FFB0DC3F1FD08452A426E37FAEBB57EDCD45D853C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064208Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.299{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181014-034200-00000003-ffffffff.binMD5=E0E968E1BE139BFD7CC7786968DE3AFC,SHA256=814D9E753A31C09B28F1497CDAD0143B1FEC6A744CB88765DF7E3099C11A8632,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064207Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.299{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\treewalkers\etree.pyMD5=9E63D1CD0B9121C6798E8595445F7594,SHA256=C68D4BE66F55B647E91492B4A459A42D56A386A618562B15667DE4F646293E42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064206Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.284{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\treewalkers\dom.pyMD5=A2E767CAE5605E0CFAFC67987E3920BC,SHA256=107C8547C0FC958367C8353D971FC82A2815251C9E7141AE6B498E8BB1C1BA47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064205Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.284{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181014-033935-00000003-ffffffff.binMD5=5A7B0A85D441DB544CDFEC6B641A333E,SHA256=722638401449F79B42A9BB48614E441842641606AD578850D785B52253069861,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064204Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.284{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\treewalkers\base.pyMD5=34CB345CD7C4568B97A08A535BDF26E8,SHA256=A2E88EB2E4B3BC8D0A8337563FC3E5C4869236CF5F6A585B8A29C011CFD42096,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064203Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.284{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\treebuilders\__init__.pyMD5=66AC5370FB51D145E3D46911F97AFCFC,SHA256=032B12272BCF7E290230CB1356F6B1C2480389E10B0F975F47C149200BAAEE16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064202Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.281{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\treebuilders\etree_lxml.pyMD5=7EC257CD620BA00452C4E2AF4BA2D471,SHA256=F60A838ECF88C6C3E10586B9729BEFD85675299946F371A2BACCB69459AF2241,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064201Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.278{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\treebuilders\etree.pyMD5=F8FD3D35DAE80EED93550EA3ECDA54EA,SHA256=C39645A4A93A6C0C67AF00F6FC1AC5E44542EEFCF3D0BDCB322F52C6B6DCFFCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064200Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.262{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\treebuilders\dom.pyMD5=D625524C304D922795A322DDE1903CDC,SHA256=DB6C216F40BBD735C8B1A8B999A9A0EAACC11228A070122F683CB802CC376ADD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064199Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.262{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\treebuilders\base.pyMD5=DF965602BCE458AA8680CC3976882D21,SHA256=CFEA39D6FB7DAFF9762031B9222A1338A1B36677B8172DFF15CFBBCEDACE8782,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064198Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.262{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\treeadapters\__init__.pyMD5=0E9513B28E8016C9DC786A7427CEDDC0,SHA256=034AD8E605C87B86C93A248644EFE3FED1619E04413BC4193F33ED3F0E5D173A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064197Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.247{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181014-032141-00000003-ffffffff.binMD5=B723F32709D40466E86DB98EF352D08C,SHA256=C98AC49890037D8E33EAA8D560B52133A6A8CFE492F4849E2B4AA3B3C6F56B5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064196Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.247{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\treeadapters\sax.pyMD5=8B9C528D54D72D0BF26169D9726529FB,SHA256=04A4BCC284139CA8AA79F7C7B310A152A2F8AB6651FF06F97DCF4C277CD00BCB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064195Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.231{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\treeadapters\genshi.pyMD5=FCC1790559E135BD3F83165546240FB2,SHA256=087DBBA40B032A6BB864690052BC2DCBBBB429AB862C26512CF33368EDCCE6FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064194Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.231{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\serializer.pyMD5=BAF6B32CB5924CF78BE9EFA56F6C2CC0,SHA256=FCFA6F719174EDCC04EF1AFDB8A919AA1E5FE1411A23C96D094DB13C9CDA4E99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064193Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.231{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181014-031759-00000003-ffffffff.binMD5=D78BD07C43B5D991C4D55EAAD7BED0E7,SHA256=5B82C457F8B44C4EDAE4F033028C915E39D96EF3A916B010FECE241C127C9AA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064192Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.216{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181014-031659-00000003-ffffffff.binMD5=CDFBF09F611F755A3828256FFE8ADBDD,SHA256=8ACB97358D32FFF8992A795F08E28E5528CC1A8AE05C39418A8DADCC569BA7E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064191Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.216{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\html5parser.pyMD5=62F2B816CD0E4127764014EB41FFC305,SHA256=6A7AFE697ADEFC899FAE4437E5CFEB7ED297C42F34BC909110A7B4E93AB5E470,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064190Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.216{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\filters\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064189Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.200{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\filters\whitespace.pyMD5=6688EAB6822F3BD2797F49474ABDDD58,SHA256=F1E5AA671778502E33945196EA2C98E9FFB6BAE4FCA4E09200B737219B7BFEDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064188Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.200{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\filters\sanitizer.pyMD5=1F554EB4FFF12CE5A5A07CFE1A0D8B9E,SHA256=9BAA069A40619060279F69D5E83E2113BF12099E961272BDACA759077B970487,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064187Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.200{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180916-204133-00000003-ffffffff.binMD5=4E78C2F170C236924E76F20BD03C1AA2,SHA256=3D45DA173097654DB9C9549BC4EA43F0A528764BE94654445778F22CA619DF1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064186Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.200{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180916-203750-00000003-ffffffff.binMD5=3B7800B4DCB8D6277DD9CD008F6BBD31,SHA256=CD76B1A7CD3721094BD968A4CD135364FC2C4D9ABECEA6DFF2B348F83298B357,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064185Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.200{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\filters\optionaltags.pyMD5=A86748388FDC0548C06D8B3251FBDA10,SHA256=F25593EF927468138798F81F9AA4C749F3E93CCA74D53F3834ABB409179DC5C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064184Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.184{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20180916-195818-00000003-ffffffff.binMD5=B8183137817BAFCFF39C93A9A279A64E,SHA256=C1CE5F33544034CA9CC7BED2558B5AA93BFAA26C5B420C30B06F0105F2EBD1E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064183Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.184{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\filters\lint.pyMD5=2A75CFF924F67EB28222A8B527FC97B9,SHA256=8E4EAAE7AC58D288E261FBE974FF8E6529BD793A9C01D46A842A0F22D7A63D80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064182Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.184{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\filters\inject_meta_charset.pyMD5=AE9C2E839C8F2CD3F724D77AA710BA7B,SHA256=7A00D75041D79801BDE74E31CF42BA00B0E0624BD4AC2DAAD7961455E3655508,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064181Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.181{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\filters\base.pyMD5=171E133CD9C56BA65698EB052CB4C1CA,SHA256=CFE214F590188E9B15B2A995B7B92E582EB78D1D7584332BE8256BBEE6A8F16D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064180Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.162{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\filters\alphabeticalattributes.pyMD5=A65B5511EC9AEAA84C109A9E81532A95,SHA256=95589973624C09C9578BFE6076EBE6773AD1C6D3B95E8F4E3676C70550ACCA45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064179Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.162{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\html5lib\constants.pyMD5=3764C67DFEAAA7D1B53AA02EE0D57A38,SHA256=2E5FB2CCB53F8DC8F2008FE1E7BCE4A99EDA416139B79C40E32FE3420A14521C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064178Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.162{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\distro.pyMD5=B1D8798EDDF25C72E263504CBD24D3ED,SHA256=C713088766B72A68A9A5E5841F3CA74DD1D3DFF8D9334A3EA68B3474058944E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064177Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.162{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\distlib\__init__.pyMD5=DE44A42D4AF3F14C6A98245BB38632E0,SHA256=6C73563AF66C2C4E044BD4B814403C0B23FEAC36336AD560A7D1876E94E76F62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064176Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.147{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\distlib\_backport\__init__.pyMD5=BBEB283337AFF9FEEFFDADC657AA3A77,SHA256=6EA4BF753387EAE5BD88681DD2ECDFA4F8E8EAF678C693D9EE4C9F649DAF35AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064175Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.147{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\distlib\_backport\tarfile.pyMD5=87D177EC9713EE4041AAB823342D8873,SHA256=221A7BAD745C8DB20AC3C08E9BDC1278F57D0111976D217D8065C0327D90F8A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064174Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.131{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\distlib\_backport\sysconfig.pyMD5=46ABF47A4DF027DEEC8B1E64121CF420,SHA256=0501C595BEA9B9B0A5FDDBD3D4D8EDCC8B61CA5A1F8CA8ACA31DB7F6CB438345,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064173Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.131{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\distlib\_backport\shutil.pyMD5=D8BE0DE446C01EAB3263DEA2D96597D1,SHA256=217FC6D8D3EAC1E70989B9080E37B4E1BAAED31A4791F490D8668674456A3396,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064172Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.131{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\distlib\_backport\misc.pyMD5=1D7E5A4FD1C70A9E3521EADB1C805065,SHA256=29679C20D75B14D3B148E3F57C617AF340899DA0BA4B87C146012D6984F0D228,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064171Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.115{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\distlib\wheel.pyMD5=0462EE7720E4F92302ECBCAEF717E67A,SHA256=5BA690428D928B40B35A209AAA54BE36EF02A079C36E670632A47108726683F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064170Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.115{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\distlib\version.pyMD5=398C3C14A026B530C936F2B113E58885,SHA256=FE078EBFE707A15F86F1D433288F20EB3F05D17785794A9D27FD46D4AEA2CAB4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064169Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.115{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\distlib\util.pyMD5=71161906441F07648A6C2535F23758D2,SHA256=78828A279329E2E9C730E5738B14484711AAE2DCB9FA1FCFA05999FE5A6F9243,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064168Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.115{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\distlib\scripts.pyMD5=3266E52E8F3FB70C668A1ACDDE731234,SHA256=603E7F922A0F0FEAB26D8C10E06C72BBE151E1F7F1733CB681D06E538208F6A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064167Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.115{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\distlib\resources.pyMD5=669A65482A124662963F972E6D36C6B4,SHA256=2F06CF92C73403524C6E2E979EE3DD301527F375FB04FB85356A8F184288EBDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064166Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.100{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\distlib\metadata.pyMD5=BFC545B489492DA7707195285E44CBFD,SHA256=BDAB68C4576606BEA27BEB1355754D3CE3C6DEEC0C0D62539C41029E6EF10C2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064165Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.100{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\distlib\markers.pyMD5=307E491BE5C712066A68D304986EC9D8,SHA256=3AE9CC487D5221BBCB2EDE33D95104442965E16365CF6B43AE0D6649708D523E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064164Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.100{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\distlib\manifest.pyMD5=8FD3BF94B1764E6AD94BC5AF506875D7,SHA256=9D0121626828ADE681673C85CF062C5F124046EDDFA38124BA7535EB7535EA21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064163Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.084{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\distlib\locators.pyMD5=438FB3737CFAA2B07653EAA85A8BC236,SHA256=00A941DE866F7CE4E0E04D02B5FC0ECEE8C52F5F57E55E17500E1E1DD28EBB8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064162Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.084{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\distlib\index.pyMD5=128F468FF23CAE56EE3498A3CDA7C81B,SHA256=51F72298D5B5F4007B20A59A9B855A25B5EE081BC0ACA7D2C61575E84C1ABF31,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064161Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.084{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\distlib\database.pyMD5=575B74E30F39DB81C9DCE085B3A1CE42,SHA256=2A5D18BCF40A73839CA558BB939705CE2C9D335C4E2BC8AA7712C65E06D91D5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064160Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.084{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\distlib\compat.pyMD5=1B85A38C8E723702BFE8750566137B04,SHA256=003039EB1880C5AAF7994EAA7A694184D6ECAC53E8B174613B8E11CEC6C93EA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064159Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.084{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\colorama\__init__.pyMD5=BF9DB5EDDFEA1FC7EFA0D9D621A57D52,SHA256=A42744AEBCB32D2CC35B93FEAD13C194F2EA6C1B4844D241E9C320A1E267B399,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064158Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.082{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\colorama\winterm.pyMD5=BAC76C7770EDD84945C222FDB3AB3CA5,SHA256=DB2FF66FB66CBF7E1F780B0FEBB98B39573E060AB9D667581A8E7BD55A6B96B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064157Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.079{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\colorama\win32.pyMD5=77C93060C4C5871000A173E106A0575D,SHA256=6C9F0897D8F0681379049F1B98DE85A18675418B8C2AFDA3F1F1AB5E1ED3263C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064156Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.062{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\colorama\initialise.pyMD5=3581185F5015657CC4A9800C1299FD68,SHA256=3E9AE8BC3371313AEFA0D1C570BD8D663A47D97CC373C04BC4BC6212B7D49789,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064155Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.062{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\colorama\ansitowin32.pyMD5=CC62E5B793FABB96B5A3B89F5B3FF3F5,SHA256=C95EC212609BD7D3239C928E0D9104BCC1FF7E76C98709E9CE8E2CC59B865E60,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064154Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.062{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\colorama\ansi.pyMD5=F781D59416D57343BE4FA5AA95675F57,SHA256=4E8A7811E12E69074159DB5E28C11C18E4DE29E175F50F96A3FEBF0A3E643B34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064153Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.062{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\__init__.pyMD5=2FC59815B38752DB9228D08EA57393D2,SHA256=99665A5A6BD9921C1F044013F4ED58EA74537CACE14FB1478504D302E8DBA940,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064152Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.047{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\version.pyMD5=635CDDE23A2245E469D2C0557BA7A938,SHA256=0380882C501DF0C4551B51E85CFA78E622BD44B956C95EF76B512DC04F13BE7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064151Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.047{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\utf8prober.pyMD5=E6180774C6437E9A396353411EDDCB36,SHA256=21D0FCBF7CD63AC07C38B8B23E2FB2FDFAB08A9445C55F4D73578A04B4AE204C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064150Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.047{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\universaldetector.pyMD5=35875D1D3B0AA5BA1C9CA0F4EB462F4F,SHA256=0E96535C25F49D41D7C6443DB2BE06671181FE1BDE67A856B77B8CF7872058AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064149Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.047{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\sjisprober.pyMD5=49A4BAE5A91B2CDF3E86CCBE5C891978,SHA256=208B7E9598F4589A8AE2B9946732993F8189944F0A504B45615B98F7A7A4E4C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064148Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.047{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\sbcsgroupprober.pyMD5=7E03B10FB4702C16B9E88D5CBC11ADA5,SHA256=86A79F42E5E6885C83040ACE8EE8C7EA177A5855E5383D64582B310E18F1E557,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064147Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.031{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\sbcharsetprober.pyMD5=2EBB3D6952540FEA5F8D131376001203,SHA256=9E6C8CCAEC731BCEC337A2B7464D8C53324B30B47AF4CAD6A5D9C7CCEC155304,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064146Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.031{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\metadata\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064145Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.031{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\metadata\languages.pyMD5=F4A09F07D24ADF6500AC136A5F9AE48F,SHA256=E35B4BAB778B4AB0446C455542954616AF4AEE8D659FD6F51E9635974842510A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064144Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.015{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\mbcssm.pyMD5=3084C6E597BB859E0CDF091E046C9D5E,SHA256=498DF6C15205DC7CDC8D8DC1684B29CBD99EB5B3522B120807444A3E7EED8E92,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064143Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.015{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\mbcsgroupprober.pyMD5=D11B219F9A5CC6B48D492BEB69C3D9C3,SHA256=87A4D19E762AD8EC46D56743E493B2C5C755A67EDD1B4ABEBC1F275ABE666E1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064142Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.000{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\mbcharsetprober.pyMD5=D7BB9DEC5E8045651A957E956E6CFDC7,SHA256=011F797851FDBEEA927EF2D064DF8BE628DE6B6E4D3810A85EAC3CB393BDC4B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064141Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.000{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\latin1prober.pyMD5=4EC6FE5DA8DDBED7AA355DF81BD0E6AF,SHA256=4B6228391845937F451053A54855AD815C9B4623FA87B0652E574755C94D914F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064140Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:53.000{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\chardet\langturkishmodel.pyMD5=4165A3CEE34209FD1B0E0900501D4467,SHA256=ADFC1A9D3A6D4F04B2704E3E3FE41AB0F9B377E5D56207AFCADCE3944CC106EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031929Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:53.967{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93DA9036B392C61370FBBBEBBD4CF2F5,SHA256=AE66C8C4569394C33931C02E4647924A9574F3BA73513B6CB4BCB405D018671E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064444Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.985{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\extension.pyMD5=6B5316C5706DEF9B28848C3F33CC66AC,SHA256=34C338E978CD7557A559E99CD31F02C95280E4AB3A666DF14D6480D924BAC593,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064443Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.985{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\errors.pyMD5=D02DE39FF3CEF7AB3F31565B1D1B237C,SHA256=31539CBF7F351CD49A8C3804516CCE43827A0790470813128C77DA59C130035A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064442Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.979{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\dist.pyMD5=43FC89DB14212105FD95BFD2FC66BE1E,SHA256=719B4F3F3184852A263C7FEF5C7FC378215EB6327D07C1EFF155021B429B661F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064441Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.963{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\dep_util.pyMD5=5213C4DEF0C6B3B0591E6E47D9B17BF9,SHA256=043C75064CCD427B6F001E1A972A476D6E54541CE3AAD86CD34D0FAD42F866A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064440Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.963{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\depends.pyMD5=14C5E7E6D8244A22C20D12A3A851C8BB,SHA256=8877D974B7650AED81965485F5B460ECD534A2A6CF58C1FC9639B806EC100D8D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064439Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.963{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\config.pyMD5=AFDB653DB0818E035FB4547AD021A2BD,SHA256=B26F596F3897F4394EBA07159486E1AADB4C270C70CE7184B24F360FC3156833,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064438Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.947{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\command\__init__.pyMD5=AACF24CFDF9155FB8F1606D3A3259673,SHA256=7BEF1324E8A451EDD2B747F0D9BDA9F6EE440DD4B1979CC75012492A27DB710F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064437Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.947{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181212-085954-00000003-ffffffff.binMD5=46C32E4E422D978319B4B8DDD9E00F1D,SHA256=6C02ADD1CA4C5933763FCF0C27360D8C65A23240AC96A53CC568E94C4D2BD66A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064436Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.947{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\command\upload_docs.pyMD5=5BAB96FEE386A12DD491E792DF1DD3F7,SHA256=6DAE643B279D0FFBBADB07A29EBC6AAA7BE9B90BC122E6A65DE8491BAB40BCED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064435Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.947{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181212-085952-00000003-ffffffff.binMD5=8CBBD6403C954BBAAE0FF2919D41956A,SHA256=379183316D9100935A9E82257D7959A8F9E1AC99874F7664FD924F99E7868D1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064434Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.947{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181212-085830-00000003-ffffffff.binMD5=E4DF678FD565C202E47ACA628CF48EDB,SHA256=42A2ECA21929B14303101856F26B002B30A27CEEE0557D8A6B30409D477E654D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064433Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.947{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\command\upload.pyMD5=DCB51BA66DBBF1DA3C745B009B011220,SHA256=5D3DD81557D83C0980E6A8468347AE96E53DF1FB714545BE3F329C38330BC54B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064432Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.947{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\command\test.pyMD5=2C6EF65DF65517C17E497D37CBA1D209,SHA256=A8663E1F1D513C29DD955876AECAC4B39E3BF42826C51B2B11F9552EBF7C8D50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064431Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.947{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181212-081337-00000003-ffffffff.binMD5=278AD95A560C78C17579023A203063CD,SHA256=403C233DB21423D817857F30FC0C29846E8D0909EC3919E8C9805BE783CE2961,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064430Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.932{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\command\setopt.pyMD5=6BFB403B1FC0036051790FE90085D1D3,SHA256=A24C61A83D4D3359D095B4950C236FE8FED8EE0EBCD2C736AFEB545BBC0F1F56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064429Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.916{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\command\sdist.pyMD5=9A1D22BDFCE1F909874FF7E4A4F7C72A,SHA256=A44305D06315B9ACE734AE8615A98AE064971BDFEA79FD2273CCFB8C4B0F98AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064428Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.916{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\command\saveopts.pyMD5=C71D737DBD265D3E39FA6ACD75A75B33,SHA256=CDAED00817108A628AAE259CA0271B8713E3533DF481207BE33B932F8EF1A4FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064427Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.901{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\command\rotate.pyMD5=3EBD81D353415030EAB02711E30D10AF,SHA256=4AFB103DAB1ECC8A233E3BCC9DF92ACE1F0FD14D2D0A3D1D69CCC5F2E7373503,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064426Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.901{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181212-081126-00000003-ffffffff.binMD5=75E67217F1EE84C83B301EFC67FBF3E2,SHA256=514D49022817C78E1F3E9C6DD7987096F13A803553F827F583C40444218495AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064425Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.901{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\command\register.pyMD5=58E7138E8EDFA64DD5B58348C9C9141A,SHA256=924DC3C5709BE655D3BEA9E17F0C7683AABB8B06D49A04F25D409A068A013949,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064424Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.901{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\command\py36compat.pyMD5=4630E987A636EDB9A7D34BE5B54F193E,SHA256=EF22D6CD08F5EFD127C77A49F15D5C0C30B378B30531DF5725794AFA2653AB96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064423Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.901{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\command\install_scripts.pyMD5=B1B3C2E0E5E3F5289EC1CC1E6441740E,SHA256=A348CDFDEC7BC98624F16E5C97299314E5F090530ACD6F6AFF377D36971EC7B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064422Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.885{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\command\install_lib.pyMD5=214D864401AD4F7E8CC920D6CBE5D8A8,SHA256=533E3631CB321D9023AC1E9CC3D13B073D31B1A4DBCF19CCD4F23D0818623ED1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064421Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.885{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\command\install_egg_info.pyMD5=848F427F19947B4D2018E0C534A08082,SHA256=6CC81E21E4625F34380C018F575DF6F24723C108C78CE594E059E00162D5EFC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064420Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.885{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\command\install.pyMD5=52357392851D613DDC2ECB39EEA683FA,SHA256=F1DA0CC5E4040E82B811CA3498ED969575F3CE9F509EC18943B67BC969193C6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064419Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.885{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\command\egg_info.pyMD5=F2CC01FB9FA87C926DEDED9FA8DF38CB,SHA256=B1EF85858235B1933329DEA59DD57FFAF364277D615F81D8E1970C52EEF597D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064418Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.884{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\command\easy_install.pyMD5=0EC05F3FDE463F9B4F89BAD4AB02C8EE,SHA256=B8AD2121731F946B9E7E642E03C73A970C13ECDA74B955D15A1C4F89EC6D81BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064417Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.880{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\command\dist_info.pyMD5=8E63B92477E2C02E10805857EA5CF636,SHA256=E6DEA439FADD8002D3F8FDE882CB3A3C5F64F8B7B27ACB9EC9CBA4DDD5326672,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064416Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.863{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\command\develop.pyMD5=485D0C7E8C722202FDA73E34D511C838,SHA256=E7F4ACEC435DD7F07F8D5318D6D179515FF2D57BBA8DB57300F1BCA0A7A5B860,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064415Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.863{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\command\build_py.pyMD5=5D44F288DE496C480241EB3455082CF3,SHA256=5327637255E5E854B2ACF8D738EC190FE8076F2D2D20AA0FFAABB98ADBF23F48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064414Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.863{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\command\build_ext.pyMD5=3E9E0C83D3E450F4076A8EBC2A7D84A8,SHA256=48D2B4E361DF0767B394341B49544616A23520CE40E00B23535C295777E0B241,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064413Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.863{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\command\build_clib.pyMD5=2D4BFF774400FF672FF40797FDF92507,SHA256=7D61D2146924D7454275D0560ACCEF361A306C6F59F42657563436B92227A0EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064412Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\command\bdist_rpm.pyMD5=952DBA2630DD5C2E8199BF478D3D7ACB,SHA256=3F1AE0A073CD6B0D8FC36A8D8E31C33C2F80CBF21A0DB0AA3F777FE4DF9C8F60,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064411Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\command\bdist_egg.pyMD5=9C218E9BDFB4DF29816DA1944399870F,SHA256=FAEA6207A7C5B66F1C412423D4B4435691B5F93D78DC3B170AF5747E1D37BBB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064410Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\command\alias.pyMD5=6B8A4071FAD36E65A50FDE422FEB3D48,SHA256=D6C2D0C5970D87A7434290E69B81BB506193A25F379D8D4D4CF98D05B9B6B222,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064409Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.847{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181212-080152-00000003-ffffffff.binMD5=56C5EC8C1244D46FC6311B8968C8D200,SHA256=6D9E774E7D474B7CF069F9AEB039C7CA1843F462F6495B52F3E7F19DF7A746AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064408Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.833{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\build_meta.pyMD5=3541351DA084A6D3FC4BDDE9687C3A83,SHA256=C7B148D543CA08AC41052A295E871F1839C96BDF2B40EF1AB4A5D2C09B5D89DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064407Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.833{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\archive_util.pyMD5=45C6064BE20BACD4052B594A305CC8B7,SHA256=99A2436E8CD16C37923F0E77553D1C6FF212DD6D00A7BDE5251F2D5FC4590F1D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064406Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.833{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\README.TXT2022-01-17 14:25:12.000 23542300x800000000000000064405Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.816{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\README.txtMD5=15ACB038B5C2E03D56F5B588A077BF22,SHA256=1C99489111112D2150DB0E18BBD474FF45F78FEF80FA0E533DFD9ECFC6A3A480,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064404Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.816{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181212-074219-00000003-ffffffff.binMD5=C8F4BA614AA92F485969DD25E84113D5,SHA256=F35E45C9F15585B5DB3C45B13C753814AAF3A56F5878147549A9710785081F5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064403Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.816{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pkg_resources\__init__.pyMD5=39681771CBEC19F178098E730B595469,SHA256=3F73CD377FE6F0926B60CA7E8BE4AAFB7AE12B9BEE562AAA8E7D545CA1DF7BB4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064402Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.816{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pkg_resources\_vendor\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064401Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.801{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pkg_resources\_vendor\pyparsing.pyMD5=5F83E4325621A0BD27F20A96F6EA7399,SHA256=99A86D920729DE0ACD003D2B7BFF51D032EF067BE3CE978BC2026A4FEDC7D421,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064400Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.801{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pkg_resources\_vendor\packaging\__init__.pyMD5=2EED0787819307CC2E25CF45A4A9B5AD,SHA256=E9E9DBA795E045F8C18EC23DF9B9F4D078C77F94C7DB53C330E2A4256F31C3EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064399Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.801{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pkg_resources\_vendor\packaging\__about__.pyMD5=CB911241AF12A5D8C1B50DCA67A44753,SHA256=3CD32C6999F851C087CAE6E044E1F56E5E8296E76E3E3239905AD2A7F660925A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064398Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.785{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181212-073757-00000003-ffffffff.binMD5=E2D4B7DD77E76080DB044F280587F82D,SHA256=096645AC7484335F09775D9C0B7D0450CB6B96CE7CBA18DAADD1963558629621,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064397Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.785{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pkg_resources\_vendor\packaging\_typing.pyMD5=B0DAC8EF6953FB835C7D633E6A427BA7,SHA256=C79F44850E7B4CC4FE9134722D9576E4766F6061B06EE713A3A88A87F3B4B4CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064396Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.785{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pkg_resources\_vendor\packaging\_structures.pyMD5=2A2F319784450ED303D86E6524053F42,SHA256=A339025FC43C7F6A84D4489CDD8890E1BB8355F833DA261EBD8F5EED1DB2DE26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064395Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.784{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181212-073659-00000003-ffffffff.binMD5=476951E3BFDC64619C07526A9EF4133F,SHA256=01488CAB258DC59F396FEF48FC62C10850C5974E112C4C2B52285D18956B825E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064394Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.781{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181127-152520-00000003-ffffffff.binMD5=A4553006695B029419DF346DCDA49D10,SHA256=FBED5EA1F04FED0E841A6BC065B2F553D209C76173DEC0073C868C2A3FBEA873,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064393Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pkg_resources\_vendor\packaging\_compat.pyMD5=6D5FC01182E0EBBDAA4327FD5CEF0655,SHA256=31776C1A9484FD6F99AC7A02F3B6A7748E0B576140C14EC72CBF9E1DEFC28E15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064392Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.763{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pkg_resources\_vendor\packaging\version.pyMD5=E68593DD6268BA28C359E5830A577214,SHA256=0A76E6F8E3BD0FFA9DF194C5C7315C8D26AF7B14981599B279AA0FBCCB2380F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064391Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.763{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181127-152014-00000003-ffffffff.binMD5=5774101967245B867EA0D42B2916827A,SHA256=7B7146849C14E2CA4B507E296C1BAF23871E2BB67E6C85AE8F18FB01CE28DEF1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064390Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.763{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pkg_resources\_vendor\packaging\utils.pyMD5=ED9896111C9B49550314BC6B238E5A11,SHA256=452865BE78CED82B58483F2EAE2DF67EB30C14C4E607EDE286CAB5FA08732C4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064389Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.747{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pkg_resources\_vendor\packaging\tags.pyMD5=5976599D204E1C99A69A745701CD1331,SHA256=34A312DFB668FE75AB67182C0FACDB5EC5E073D79D9FD9B5EB470188B98725D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064388Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.747{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181127-151105-00000003-ffffffff.binMD5=D536386D83A0F342F246140A3F68974F,SHA256=7DB5A2FA9EB2A341EF0A44061A9C61E00B744AB8E1A58156E0253DBEA8203797,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064387Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.747{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pkg_resources\_vendor\packaging\specifiers.pyMD5=8E104C1478944512DB1284C6425D7E5C,SHA256=B98A7D975DC5D0B7249D2E9DE0DEB4CAD88180598884A89D78EABD027B314DCA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064386Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.732{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pkg_resources\_vendor\packaging\requirements.pyMD5=BA015057B389CB4644134B8FAD43F294,SHA256=47C2B81F8C57FE20F82EFA46C35537A2EB8F6C637EC33B05803EDBAE100CEF56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064385Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.732{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pkg_resources\_vendor\packaging\markers.pyMD5=8F00E9CCDAF4B88878C4EC2685BD6BC7,SHA256=6129ED4243272B2C35FC51BAA1134D9C6C4B2FA6C0C5C1973ADB8513E6134B79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064384Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.716{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181127-150848-00000003-ffffffff.binMD5=4434670FFD95EEE9F8468169AE659694,SHA256=75162BFED52CCEDBE455BE911E33199BA841FEA96BCBEB97B134E4278D08DC43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064383Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.716{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pkg_resources\_vendor\appdirs.pyMD5=845B81EC7AB998BD8A74A81D90876921,SHA256=3227AF504BAFDE5FE6408487E52174B210E4FC13611C7CD88803EB4F72133782,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064382Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.701{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181127-145908-00000003-ffffffff.binMD5=F488A47ED303197CDCDA634456309330,SHA256=D266294104A6754D6160B04A7C7A97FC4D9B436ED08636F6A81DEBFC84D8C7ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064381Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.685{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pkg_resources\tests\data\my-test-package-source\setup.pyMD5=99B175E72DCD5051A3604023F71E50EF,SHA256=32B7B39779EAC646248C26292319A3861838011F21822E1065D1189A4F88ED1F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064380Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.685{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pkg_resources\extern\__init__.pyMD5=64A8B4CF4FB8AAB0CE8823C145ED3A1E,SHA256=DCF8B1693F53CF3778368C95E8256119DED2FFD67E539CAF31601FB592AF0BA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064379Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.685{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181127-143812-00000003-ffffffff.binMD5=D73C53CD23AC97F6B99B22F81D784750,SHA256=AC7D25D6AF247A4DFACE6BEDEB70EC686B5BC501AC1AB05CF2A6FEDE4CA4D3C4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064378Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.684{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip-21.2.4.dist-info\top_level.TXT2022-01-20 09:28:05.889 23542300x800000000000000064377Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.682{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip-21.2.4.dist-info\top_level.txtMD5=365C9BFEB7D89244F2CE01C1DE44CB85,SHA256=CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064376Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.679{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip-21.2.4.dist-info\LICENSE.TXT2022-01-20 09:28:05.889 23542300x800000000000000064375Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.679{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip-21.2.4.dist-info\LICENSE.txtMD5=C4FA2B50F55649F43060FA04B0919B9B,SHA256=23A7361C2B1581028BC623B9DA2BD24997ABCAA4781ACE6AD444A37944F8DAE1,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064374Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.663{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip-21.2.4.dist-info\entry_points.TXT2022-01-20 09:28:05.889 23542300x800000000000000064373Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.663{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip-21.2.4.dist-info\entry_points.txtMD5=F104B22E35B2EE6849294B0D03DEACDB,SHA256=E44C526B5B39E3348F340FF57A9267E525F4EBBF3A4BC939607C2C90CBD5633C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064372Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.663{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\__main__.pyMD5=0BF2CCCE86C31C062BCD072DCAFB6191,SHA256=997C160DFB4D2CC29FC15A8A156184FEEB8166F1922225042E12E47B2B08B997,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064371Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.663{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181127-143346-00000003-ffffffff.binMD5=6477EA9112266C66C47F57CCDD9DC773,SHA256=E752B238FA0F60E0145A4EF5384787068FE146789BCD9BC757B7DC98C4F5C5FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064370Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\__init__.pyMD5=254A8439113C7A4C82FAF97F67224A07,SHA256=1248C560A88D74EE6BD53653D4AF86C4FB37065D887515F0EF97BB215B0AAE67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064369Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\__init__.pyMD5=79A3B28D8D8C1553EF5A34390C51B296,SHA256=784FF2A0710BABA2B0FBE5AA84011C2A4BC72CA6E64D1D7E257FD3875C1C3597,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064368Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\webencodings\__init__.pyMD5=55D9055C84ED1357A3A9DDFCD4BEF2CA,SHA256=A8E04922E3F2FF8072607E96FDB360245FAA610D83A14F9D2AC0EEE724560978,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064367Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.632{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\webencodings\x_user_defined.pyMD5=74A6BDC155E4E6E8C08B22B0B34B5E7E,SHA256=C8EA9649D9A9CAD19F52087F67A258803361A1CF81007CB279E4F5E45AF8DAD3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064366Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.632{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\webencodings\tests.pyMD5=F576E857B45ECF794935B1FD1919A2C7,SHA256=3AD18BCA384D6357EF916D46BCB27F155F59A2A0BD027CA3AFBAB79314DBCCDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064365Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.616{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\webencodings\mklabels.pyMD5=16B377E26F6F4B9353464784CCAD19DC,SHA256=19821ECB09E968B9CFD064A273C2C55A0774515BCEFE5D4D73A62817EF3B47FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064364Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.601{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\webencodings\labels.pyMD5=F60643FB1D1BCC67D909770217036A43,SHA256=E003BF2B14DD76A1ADACBF67B3B9003E36F409C37AC6C088C5B2B7EC763DAF71,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064363Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.585{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181127-143239-00000003-ffffffff.binMD5=B7FCD0AFAF4A9BC3A8C4BCCC022D68BD,SHA256=C184ED8225DDF0D35BFB17B7EBFEAAE0E8274A0821C7E828A2424A2B2CC62602,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064362Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.585{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\vendor.TXT2022-01-20 09:28:05.605 23542300x800000000000000064361Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.585{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\vendor.txtMD5=2614941D9CBB279EC44A5F8353305DAD,SHA256=1AE1614740C765ACEB498672A18EE3DD7DD3FE618987E932DA8A5C67E03B7B3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064360Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.532{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\__init__.pyMD5=FD4AC96F1CC3E70176F11D8EED9C03D0,SHA256=8F7CB31C86E65BB092F8829027DF8F3D07FF60A3BC10E01ECBFACC5B4511EEEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064359Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.532{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\_version.pyMD5=455479F73F6E90D9A8C2A757D20305D8,SHA256=E9F24020F9C9913D26F70CD58C7AC572AE7062DEB9752B43A5A45C8E3E6E828A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064358Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.532{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\_collections.pyMD5=C00034CAB38BB125F7FF7FA9FF99A5B8,SHA256=469D6657206073F52501CA7A3376ADD6C909057479278DCD6B0453BD6DA0FD76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064357Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.516{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\util\__init__.pyMD5=F951FB1888473EE32752499CE9B841A5,SHA256=2449929A6AAA2F26B0F0FE75814226661F06C20F62D7349EF83A2A022B67DA77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064356Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.516{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\util\wait.pyMD5=82B9B6D02400D9557437CDE11E4E645C,SHA256=DCC50A452014243076B60728EEA454B245B4CD7180598BD1444E10D7FEB194BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064355Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.500{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\util\url.pyMD5=3D76DF5F43EFD75B63B885B44D791987,SHA256=41513371B1E2A5B5F2096C07E91E0AE1347E37C4F82CCE795843303544C198B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064354Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.500{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\util\timeout.pyMD5=218E02C0402E7A5E184139FF531D3E0B,SHA256=4126C150D381F7287A0270E7EB54AB2D0D21839A33D08F7EB97106F75009B888,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064353Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.500{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\util\ssl_.pyMD5=B9CF4ED19E64963CEB82C8C53583B394,SHA256=5F8F80A96F756983E13F1EBEC5B7FAEB21C540A6EAA9F0BFE59B785A42D7D477,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064352Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.500{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\util\ssltransport.pyMD5=3F3396DDD6FA37B6F91315B68FE8E0C2,SHA256=17F52770E5C671CF8C81E5854C0D47E100ADFD144D41745B17AA278DEDD2C876,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064351Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.500{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\util\retry.pyMD5=6D29CEF3797508CB74840FA4E3549985,SHA256=B4E59F6692ECB9CED56E4E675A933090774CA170A9F74200BC7E31B6348346A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064350Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.485{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\util\response.pyMD5=6EB83504356CF0A5778199247F39E6CA,SHA256=189A60DC4822F6A6895D1C01879C2FF8C36E4566A7E4122EE34A117A8C563F6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064349Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.485{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\util\request.pyMD5=BBDCDEBC576390CA97484C5EAF6CE32B,SHA256=367CDA10A4353DABB0E4C14C57A1E68043072137F402E6BD7D0BB38B6B99CC67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064348Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.485{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\util\queue.pyMD5=716426931AFAD092EC0A85983BA6D094,SHA256=9D1817F3F797FBF564BF1A17D3DE905A8CFC3ECD101D4004C482C263FECF9DC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064347Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.447{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\util\proxy.pyMD5=396E22D494BEB890973D959127DCBCF6,SHA256=1468A90049EF66D7B295D5CD8DC7B80C407B633C14F9AE657A9F32E52D2A1D08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064346Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.447{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\util\connection.pyMD5=938ED22A07776F59C973042417F051B2,SHA256=2B29233485F351913378A10EA65E71BCAB3A22C1125CFF68F5E4EB8C4D16FD8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064345Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.432{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\response.pyMD5=20AAD3A3250C966F461EAB386F8D69C7,SHA256=846846061ED3904921FC8420E42D56FF1B8F36B8082AFE415173F213EAB42EE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064344Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.432{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\request.pyMD5=79224141DF1EEBFB42F87D6F481ACCD6,SHA256=645488A97D02E968B38B179C0A1677FE8932BBB044BF4959BB5553D2CEA1E123,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064343Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.432{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\poolmanager.pyMD5=299FABCF7E164A24F0E2DFF65612E271,SHA256=C21CE55FA51312038330E0B2D190CC50E351042CF9C3220CF19F68A57018F8B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064342Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.432{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\packages\__init__.pyMD5=672889FC70A58564420F64D966E7ADC8,SHA256=87804B843E2D2DA071D5A75A0ED2977EEA6C82A634C162D76FF7F5FF256557A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064341Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.416{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181119-044752-00000003-ffffffff.binMD5=7E05FE7CFB0D76FD026C16ADEB45B6A9,SHA256=522712722F389DD22CCBC6435EF2F7C081ACC2F4B1611A97047B7750E9ECACA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064340Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.385{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\packages\ssl_match_hostname\__init__.pyMD5=61B714DDA2FA91167BF5CAD3F126C483,SHA256=6553300A41F1FA9CBC111B31C4CDC897E322444664B55FBC88B06609F4511C8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064339Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.385{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\packages\ssl_match_hostname\_implementation.pyMD5=D22CD53DF77EC411CC8C0DFA98366ED8,SHA256=E9D67EAB4EF883B5E1B09DBB3050A091CB7C895359077B0C66F2A17FE294572D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064338Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.384{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\packages\six.pyMD5=A5D41F969A561520BDC3CB9E4DAE5C92,SHA256=D4B556EE58EA462AC595F1318F097EBF507BBD20143539B318CB3EA9ACACDB38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064337Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.347{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\packages\backports\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064336Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.347{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\packages\backports\makefile.pyMD5=D26B39C4287D4132D46935C8E0B2E169,SHA256=9DBCEDDE2D1A80F54FD3B8EAAA08E16988CC9AE022FD6E44D04CB0662BD53BC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064335Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.332{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\filepost.pyMD5=2EA9F2FE3C06A4A560BC1DB53881D209,SHA256=E5BFEAAA04475652FBB8BB5D018073061F861E653901F255B7FD8DD174B73DE6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064334Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.332{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\fields.pyMD5=93A2DC0508CF5901177F051F86D71C48,SHA256=92F2C30A0FC9987D652E3514118FC52D2F14858EE106F0CFB951136D8F2676B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064333Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.332{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181119-041936-00000003-ffffffff.binMD5=084CC8D337B7672A52BD8EF9C5E39138,SHA256=E6AF78F1ACF4B146FD0EF8F0CE2831E1895C189C7CD0DFC1C9C973E69B85DBF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064332Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.332{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\exceptions.pyMD5=8E282C0B6583235297A2B8F5D22E36D8,SHA256=D0C9E7A372874CD7D745F63BEB7F0DB9F38F9146FA9973A6F8BAA3FB8C76C3C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064331Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.316{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\contrib\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064330Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.316{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\contrib\_securetransport\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064329Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.316{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\contrib\_securetransport\low_level.pyMD5=21AC8FE83494A2D87862C258011CBC9D,SHA256=96021DB12C9CA9F0745E6E41889CD719E20A4FBC9B0903053C902091CC0F6B5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064328Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.300{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\contrib\_securetransport\bindings.pyMD5=86EA87F20A86F4B5A7EF2571751612A4,SHA256=791CB5323FB0A60EEC47AF8E4AF9D25788D46E3313E3AE1D2CDFC25B16C8455C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064327Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.300{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\contrib\_appengine_environ.pyMD5=ACC1A179E0EC7E6C78DDF8CA298AB6C2,SHA256=6C36F2384856D8228B25C42A00A032AC41CDF9A925B321C52AAEAF17C645B269,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064326Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.285{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCacheMD5=47E0CB06DB9891A102927F96711EFB54,SHA256=CFFDF223C4086C9C0EEAA875CC6A014ED0D50F49A46794036CF9FFF96F1F1FB3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064325Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.285{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\contrib\socks.pyMD5=1CC7D6AEBA0181CC04CA63F73E21ABF4,SHA256=6918BD7965E8F5911BF795D4C5E7F8676D421659E78DB122028F473AC7A832DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064324Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.281{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\contrib\securetransport.pyMD5=FBBBE6CEE25AE1E7943FA90433A1F0E9,SHA256=4CDE6AF5D299D12779FEF5BD6DA473100108B5D27EE159475A6014AE570935FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064323Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.262{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\contrib\pyopenssl.pyMD5=F13D64F505983D2908256FEBDA9D536B,SHA256=958231185593A2CA9B7CB9E465738183B8A063BD6246F33735439A0F4B2D510F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064322Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.262{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\contrib\ntlmpool.pyMD5=742DA0E5F538A9D9F34EA751E327BDF4,SHA256=7A3F601AF7C06F61ADD3495A7C5A78E52228473F90C2B438582866EA04260253,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064321Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.262{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\contrib\appengine.pyMD5=1E28F59F42E4CDD99B531F434580D64A,SHA256=95FCE91C598988EF36B210A52C49B7401EB64988075A78E964E1FFD89854E537,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064320Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.262{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\connectionpool.pyMD5=175A6AEFE2A0976D1FF797206319BA88,SHA256=8D73669B8CB72C959882D78D786718271F3ED24EDBCCA454FFF0154D7CDA21A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064319Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.247{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\urllib3\connection.pyMD5=01F8420DD2A606E68C7F102F62322125,SHA256=90096E6F0B16DF7154494AE83D2547305FD9CEFFAECD7FC1C1414C5D7F4FB7C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064318Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.247{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\tomli\__init__.pyMD5=F2B0ADBEC4A7BE67F0588587C200F601,SHA256=CF5125B749CB02A5396340CE9FDA7FFFC4272D66AF9443A947242291D6202ABA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064317Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.247{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\tomli\_re.pyMD5=DFCFC6AA17439C92B4FF1A135C3CC3E5,SHA256=E463DF8172AD7A0EF0445085F83CE59003C8DA29476E430ADBE242E3D17E0094,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064316Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.247{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\tomli\_parser.pyMD5=FDAB513229D2340C1AF2DBC05981CC87,SHA256=E74043E28F586F314018063264BA990BC17CD4343B8965B2267AC737004A6BA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064315Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.231{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\tenacity\__init__.pyMD5=1B058B7E7D47AFF3FE6B47D01E6347B8,SHA256=18B2EC4C50F805DE550E04D1EA653F171C8EB2BC5CE3CA8E368AD569179B783E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064314Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.215{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\tenacity\_utils.pyMD5=507487D64E81FB7E1AFE8F58CF194C7B,SHA256=FB2EBCB1C0DCCA8AAF4C9B892741937E37520A58C46256C262F824EE733835D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064313Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.215{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\tenacity\_asyncio.pyMD5=822CE7CAE04CBF2B92FD9FD26561C951,SHA256=1C46F4055244781244F4FFA6F5707187529C685F7A070A1EAA42422F9B1B55C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064312Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.215{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\tenacity\wait.pyMD5=D24D53AE20471D8C0E657050F6C55809,SHA256=7BF49A6BA236B6C34BA422F5B7DF3DEF03767C66F45D0310944E1B536B7D576C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064311Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.200{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\tenacity\tornadoweb.pyMD5=50A0099C5C40A4FC47C23710EA0E813D,SHA256=13C9563B69F07BA74982807E3761E1429AD82C32C1FD47528059EFF8437AC0A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064310Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.200{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\tenacity\stop.pyMD5=69EB18BBE050FDA7EEF3C3A3937A444A,SHA256=B0A1E61DAA12696EAC2AEDDD4F15152ABD7EB2D56463B970E18F728D9537D334,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064309Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.200{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\tenacity\retry.pyMD5=48031ABF382311A21570EEEED73FC51A,SHA256=EB647BD56E7D6D08EE37214AB0333B844D9A12410FB70341440D2D9EC12F8129,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064308Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.184{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\tenacity\nap.pyMD5=9D250E25BF4C187CB76919DE988D47D0,SHA256=7D15AF9F3D5A2336C8ABD029DE00240198031FAA28E73C4CAD4E99395072AB42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064307Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.184{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\tenacity\before_sleep.pyMD5=4B41F12321B9C6DE26865CED2E8A0B79,SHA256=4E1C83BEA294E7295EFC8BD8433FDBE93A7A523512D0F855A7ACE0A9897D53A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064306Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.184{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\tenacity\before.pyMD5=589FCE19F60977A186E184EACCF33E04,SHA256=ED7B6F4663B4751594A7C4959F6E0EBC8886163F3EE0E3F99AE4115225A02E1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064305Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.181{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181119-041800-00000003-ffffffff.binMD5=42C9BD161859CC718BE07D28C793F20D,SHA256=660899D6E77E20C331C88B00671ACDC724A5CB4A04074B0B136D5555529AD5E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064304Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.179{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\tenacity\after.pyMD5=34BE766118606538C177980601FEED8B,SHA256=7659B2C71172DAEAA92D70EBF37F0388477B8E0BF6006B61B161C661C198B1A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064303Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.162{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\six.pyMD5=9379CF68C692D9A9F92E5D29F6A54549,SHA256=4CE39F422EE71467CCAC8BED76BEB05F8C321C7F0CEDA9279AE2DFA3670106B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064302Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.162{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181119-041758-00000003-ffffffff.binMD5=FAB26BEF5BBCA2B1A5E29F30537F6F86,SHA256=4A9D6FFDF51C86F03D1850F64D94534BF8DF671BEA210FE836A4DC71011804C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064301Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.162{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181119-041628-00000003-ffffffff.binMD5=06BFB786D09E19A0D0E69529DC6FFFEA,SHA256=905EE4F45D93B8A8F1A72D88FB2FDD1806F449D47AE4D5C8D73F7ADDF0FBFE76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064300Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.162{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\resolvelib\__init__.pyMD5=B7CC12E27EC4DA1C30DC6CC63E170030,SHA256=BA85B47605820F00295F9F6645F7E83C84A46461A4FD467522DFCF638A3F3DA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064299Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.147{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\resolvelib\structs.pyMD5=6441395B12E4D594EE4C925DE48C8FCB,SHA256=215218A1FEAC03F378644884D42D548734D7E3DE5BAC2367C82760ABA098AB6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064298Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.147{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181119-032043-00000003-ffffffff.binMD5=8CAF0BB7CE42FFD9E1ED613B4DFE5838,SHA256=86A120887C4DB69F332FAFD8FD6E6CA0D306F10EC35AD92CADAE2C8A57779C09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064297Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.147{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\resolvelib\resolvers.pyMD5=E970AA619DEB3CCFBECFE05340BB0CB9,SHA256=C13F373C78815910A494BFA72C9D7EF2C936077C81234E91B1ED47D7572B3AC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064296Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.147{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\resolvelib\reporters.pyMD5=3D0CC1B624A23439CFFAA6DEC3FF0EAC,SHA256=850BEF5EEB8404EC8458EF0A0DF2EC58A5635F9E5414C014C0ED1864C369CC0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064295Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.131{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\resolvelib\providers.pyMD5=445671742D21D8B0A16BF80380B0DCB1,SHA256=6DFCC50D977B52A924012EE550CFC77986C0F87CE329F0E595EFE99FFEFDBE2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064294Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.131{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\resolvelib\compat\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064293Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.115{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\resolvelib\compat\collections_abc.pyMD5=8CCCA9124787135195D14416CE79902C,SHA256=BB2F31519F8D0C4C3DD7AB6E8145E6F0783008688C3B47FE45C767A647D77CEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064292Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.115{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181119-031830-00000003-ffffffff.binMD5=56E7888F0798098CDD66EF94106DEBD2,SHA256=A6CB2BD29CA6FFC50562AA27BB3766332F4FA2146CC4E51E0494CB26F8BE0507,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064291Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.115{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181119-030854-00000003-ffffffff.binMD5=756097A70D81E02D187568468C1480AF,SHA256=079B307F7E9DE19AD7C50CA452CE597CAF2DCA50B2FB4AC8D42BB423ACCEFAFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064290Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.115{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\requests\__version__.pyMD5=50C012FBB101F1454CA6626DB72A2ADD,SHA256=3D91323D348837F8D1200201E75C15EE9C3CD66DEA030D089D247B3AB2995271,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064289Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.100{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\requests\__init__.pyMD5=B02A7EDC372E62851B75910A372F60D8,SHA256=838061D50621E892A3312E182E86F1D2E38BABEE35B0835A5E3BDB857D9523C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064288Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.100{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\pip\_vendor\requests\_internal_utils.pyMD5=A99425AE18678A77B272542BDB253ADE,SHA256=671DCF9C451C7327EC07E89ED759D95405BCA82949CB4831D6A34C13BAE04F5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064287Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.100{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1F746D325BA426DEC01125EF314A74F,SHA256=A9C9387B0DE4DD5B1C380AD79B8B0BD9CA9B37A46261213F9DBE0C0CF5F0F16C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064286Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:54.100{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181119-024829-00000003-ffffffff.binMD5=F5136AE292599F81FB652EFAE8FB9E69,SHA256=15B13EF2EFEB9CD47107994DDF15F66140996E01EBF8F1415E3CA181F28C6FCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031930Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:54.983{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B7BD20C76DC08AD395ACB5D03AFA79A,SHA256=0412C14CA50FB2B89F90382C66DFB55065D8BD71C32F8E15F4FF9EB57119D29C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064590Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.963{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\ann_module2.pyMD5=10842BA0DCD778A924C8F74A16FC5C47,SHA256=315DCEAE2EA3D0E7631ADE63E0FFC01BD7ABAF5B0836144B2E225B85092261AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064589Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.948{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\ann_module.pyMD5=3D66E2BC5D2FD06A44010806C3C53F3C,SHA256=FB9CB013599B4C737F4367C13E4AB9928AE5DD65880D129461B8B6989B2CDE06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064588Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.932{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\allsans.pemMD5=D866DA65F1EA5324737D86F4A835D4BA,SHA256=364C8EC104864CC573C8F61AE3F5BAD1D5EA82F1A1D55754011373465AF7BB8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064587Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tempfile.pyMD5=D7DCBD956F7F1725E81BC7A5285AAA3D,SHA256=3DA34D592FD56E464F5640A2F03652131BC1685CAD71F799BE1AC28AF5B70E91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064586Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\telnetlib.pyMD5=EB3B08FCEA31D18D33A07BD207D58138,SHA256=25012B9A5584CB996866A80A7A94BAF9BDC7567213561648DE7CA47D9F82B5D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064585Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.901{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190208-003402-00000003-ffffffff.binMD5=5F6775CFB83995342E82797ED0D75A64,SHA256=EF34CD0C95D8C74F4E5C3D25915AC5ADE78AD0A097B25B5BF8331C4191651273,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064584Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.817{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tarfile.pyMD5=D468C8435EA325BF770625A1C18023C6,SHA256=931E233E2DBB845B3B5048936366B19D02626BC46F48A934C28A159B2CB62EE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064583Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.801{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tabnanny.pyMD5=FB9DD7D4F4FD1CA42A720D00A3846F1B,SHA256=DBC890D5225EF5DA0E1346D22FF31236B362A34E81F4CAF59239A0059B0A864F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064582Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.785{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\sysconfig.pyMD5=3C7466218544AA3B78754297FBE0A362,SHA256=BF6878D23532A73D8CCE030C9FFD27CE5606A7AB37F6CE0868D45078303A3D88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064581Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.785{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\symtable.pyMD5=801A6D0E971804D98CC25A95961F77F9,SHA256=176E614F8857F3BE74FABCC62D014793C29523F92FC962A2A37DD3E5C538EF90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064580Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.763{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\sunau.pyMD5=9494A603999DDED928C7CE75204B4550,SHA256=2471854C4EEE8C0FDC7E0AB7B2583CE9CBF0A22804EF3B4369DE1DD6623F4228,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064579Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.763{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\subprocess.pyMD5=F3CF53E541A8DB7A69566D238EB2F1AF,SHA256=AF770DD1AA3D1623053F65263E630F81E12A959CAA4E214A6F2157D79D810C64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064578Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.748{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\struct.pyMD5=5B6FAB07BA094054E76C7926315C12DB,SHA256=EADBCC540C3B6496E52449E712ECA3694E31E1D935AF0F1E26CFF0E3CC370945,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064577Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.748{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\stringprep.pyMD5=7A4A0BE66939C3F2E62531A37F6B60E1,SHA256=FE08A5C09B78E5037F7CCB95B9014C5F4CC2B3968C9001F321D4788E0ADB45EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064576Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.732{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\string.pyMD5=CB7C76D92FE77FCEB57279A18AFDB96E,SHA256=34B846AE1458673B9A9026E6300FF0947DD1B3DC374BDD1D126518D8D1A528B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064575Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.732{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\statistics.pyMD5=4E861FC6321233BAF75D3DE2AC6A863F,SHA256=707793CF359D2AEF2E8E22CC64DC7A3091F7266CC7578F5974854F556FD27439,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064574Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.716{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\stat.pyMD5=7A7143CBE739708CE5868F02CD7DE262,SHA256=E514FD41E2933DD1F06BE315FB42A62E67B33D04571435A4815A18F490E0F6CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064573Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.716{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\ssl.pyMD5=BC4858C5E9873763091E52B774D978FA,SHA256=A02C732B2F428D16008444A331E3C49C13697AF898A7E0B6A90C4354722985A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064572Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.701{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\sre_parse.pyMD5=2D62B314625870EB3E1D329D7A278067,SHA256=0ED8EA2417DA4D21BBC926EE24465C7B7A22D4CEB6FD38DB31F79A9EBE6BB3D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064571Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.685{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\sre_constants.pyMD5=42CD9FFEE98617E622A44BD07E4ED659,SHA256=1CB5370C6EA69A222CFBFD37EF9750F12D9C25DCB652A7CD6300D177F2EC9ACF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064570Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.685{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\sre_compile.pyMD5=B0F2C8C41DB9D0C30B250D553F786802,SHA256=1763D18C6A6A948183CCBE86034E0F64E6220EDFD858F251C02B334BC78BDFD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064569Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.685{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\sqlite3\__init__.pyMD5=E4196C6F66FBDBC4945C25803887B8F6,SHA256=66BF318F39432B94505E53C2A6334298DF6DBBD7659C0A86E232F7832D92D129,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064568Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.682{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\sqlite3\test\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064567Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.663{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\sqlite3\test\userfunctions.pyMD5=BC8D6DFCA7C431BABD3614F1F7B34445,SHA256=D10EB2223CEBBDC34251C296D7AD41A0EFE0BB47D12FA28A580420591D6BB72D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064566Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.663{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\sqlite3\test\types.pyMD5=61C68E5E631D3AC0C379E6FE4B2953A9,SHA256=421C9646BF5011A5B668BFB15D61E018A939322AC00646E188C708CDC1CF26A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064565Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.663{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\sqlite3\test\transactions.pyMD5=064C3967814CB98374F228ED4CA42470,SHA256=684EDBDA93FF630F20A620C4851888959BDC7D169C1255D167BC70E3B47DAC69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064564Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.663{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\sqlite3\test\regression.pyMD5=F7AEE725EEDFB47685C1BBB77DB5A5C3,SHA256=B5FA7D877FDBF09003274B4EF2FDB6C55719E9C0F3D2D1D8E560CA11A5A2EA37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064563Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.632{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\sqlite3\test\hooks.pyMD5=D5A3676472EC7D1FDDAB393139A874A7,SHA256=13C8865BD1687EE2A5AD7BEBE61DC7A0D3695C26DA09FFD2A905D3E1BB2D4BAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064562Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.632{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\sqlite3\test\factory.pyMD5=AAF8944AB0FC1B1EDF16FBBF3B082395,SHA256=488DCD3F143A9534A8E20F4EA2D97350187A3A07B8CBC5084C469D2FA8A45F36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064561Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.616{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\sqlite3\test\dump.pyMD5=BB6CBB1D2F3B894B66813147099E9BEA,SHA256=0A5E89F56FC3B1B3123D62A6CF069D21445EE0CFCCA1AA530E96698BFDBB87A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064560Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.616{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\sqlite3\test\dbapi.pyMD5=8BA2F887C9BF6DD07685715AC8E76BD2,SHA256=6E9043F30BBC9588ADB51BA8D12FAC39639416BBAD243ECB8B1D82B4DE739B4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064559Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.616{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\sqlite3\test\backup.pyMD5=AEC581A7572526389DB816001889E02E,SHA256=A49A36C9A094377078490C3FB7CBBA7B9F75B69FD8E6B14AA26B82F6E5FCF02C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064558Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.601{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\sqlite3\dump.pyMD5=BC8592D8E92AC2D996A7C3E7CC7E7535,SHA256=AE2BDDF330F3D4204754EFB3936F01F6A3C46197A86E49594D7F11A16E291BEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064557Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.585{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\sqlite3\dbapi2.pyMD5=B25FAA499B2E8E766D581E09B20319F6,SHA256=7296221686BEB47624EA7BF4AB82E9D5AA4E25160042946D2827868897762694,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064556Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.585{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\socketserver.pyMD5=159421B571226C335F310FCA087240ED,SHA256=062B0F5441D9C60F01DD7A60E359ACDB01125E36DB2BED84DB58B2294523B14A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064555Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.581{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\socket.pyMD5=B03F82A7DA694740171BE7A58309D55D,SHA256=27D1F043ABCAFA112F74E7DCC2D3D1668C55FBAB7AD43315800D9A060D55E7E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064554Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.563{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\sndhdr.pyMD5=CB6A9C7DE3FF807AD0359C739908DEAD,SHA256=A1424AA73094E2F88E749D5ABFECF79941C4B3213881FF68C4AB7D54702ED9B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064553Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.563{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\smtplib.pyMD5=C3ABC5CDD8659418068B809948A7E7B8,SHA256=8B38C3B9019C810D4164A88D4C4D2A294D5181814B03B624A5B0EDB19C638166,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064552Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.563{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\smtpd.pyMD5=87FCE7A4079C08D2D09642005B6FAEF6,SHA256=0542BB7B969033FEAEA6EC82EBD54EDEF03B17DE087F4B3D0BBEF99BAD74A883,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064551Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.563{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site.pyMD5=23CF5B302F557F7461555A35A0DC8C15,SHA256=73607E7B809237D5857B98E2E9D503455B33493CDE1A03E3899AA16F00502D36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064550Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.532{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\_distutils_hack\__init__.pyMD5=109761331295D62076F95749C0AF8DC9,SHA256=5F7454880E8A04FA0499CA3F0A3002CA5B7241B15119552965101B4A43C6C0CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064549Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.532{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\_distutils_hack\override.pyMD5=012A3E19D518D130A36BEAF917A091C7,SHA256=12EFECF8D17A5486780AA774B5B6C0E70B56932D8864F35DF1EB7A18BB759B3A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064548Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.532{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools-58.1.0.dist-info\top_level.TXT2022-01-20 09:28:04.628 23542300x800000000000000064547Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.532{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools-58.1.0.dist-info\top_level.txtMD5=789A691C859DEA4BB010D18728BAD148,SHA256=77DC8BDFDBFF5BBAA62830D21FAB13E1B1348FF2ECD4CDCFD7AD4E1A076C9B88,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064546Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.516{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools-58.1.0.dist-info\entry_points.TXT2022-01-20 09:28:04.628 23542300x800000000000000064545Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.516{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools-58.1.0.dist-info\entry_points.txtMD5=57379A87F47EA4C2646046CE29BCC753,SHA256=C299E12EB6EDCA4E21675A820B0E3C7024B1A103F350B32122E685AAC07B1B14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064544Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.501{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190208-003301-00000003-ffffffff.binMD5=76CDE8421A763EBDE115EF0254FA23E9,SHA256=74C01F7DA66F224169BB2E6FEBF13BC87E737F13E693DFC486ED13D0BFD919BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064543Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.501{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\__init__.pyMD5=B0D18FEC5F9946D10C9E71267C49C665,SHA256=97B50BA3C8C693EE3EF236DA726279F1C6294915F8B304B571C6C968954019D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064542Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.501{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_vendor\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064541Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.501{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190110-010703-00000003-ffffffff.binMD5=9144FF8A22FE3D499E5679D490F695BC,SHA256=4B5FA08A1E1FE0DC7AFB8B4151954EBB729D9E4E2280A03C9988E6CBCA4925B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064540Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.484{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_vendor\pyparsing.pyMD5=5F83E4325621A0BD27F20A96F6EA7399,SHA256=99A86D920729DE0ACD003D2B7BFF51D032EF067BE3CE978BC2026A4FEDC7D421,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064539Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.482{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190110-002435-00000003-ffffffff.binMD5=9ED064B80D015684456BDE3C5AF9A513,SHA256=AC8D86CC60610B42AAFFE231518AD7B764139F10C7CD64FAD63B8C20DCB988BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064538Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.463{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_vendor\packaging\__init__.pyMD5=2EED0787819307CC2E25CF45A4A9B5AD,SHA256=E9E9DBA795E045F8C18EC23DF9B9F4D078C77F94C7DB53C330E2A4256F31C3EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064537Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.447{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_vendor\packaging\__about__.pyMD5=CB911241AF12A5D8C1B50DCA67A44753,SHA256=3CD32C6999F851C087CAE6E044E1F56E5E8296E76E3E3239905AD2A7F660925A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064536Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.432{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_vendor\packaging\_typing.pyMD5=B0DAC8EF6953FB835C7D633E6A427BA7,SHA256=C79F44850E7B4CC4FE9134722D9576E4766F6061B06EE713A3A88A87F3B4B4CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064535Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.432{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_vendor\packaging\_structures.pyMD5=2A2F319784450ED303D86E6524053F42,SHA256=A339025FC43C7F6A84D4489CDD8890E1BB8355F833DA261EBD8F5EED1DB2DE26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064534Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.432{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_vendor\packaging\_compat.pyMD5=6D5FC01182E0EBBDAA4327FD5CEF0655,SHA256=31776C1A9484FD6F99AC7A02F3B6A7748E0B576140C14EC72CBF9E1DEFC28E15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064533Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.432{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_vendor\packaging\version.pyMD5=E68593DD6268BA28C359E5830A577214,SHA256=0A76E6F8E3BD0FFA9DF194C5C7315C8D26AF7B14981599B279AA0FBCCB2380F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064532Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.416{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_vendor\packaging\utils.pyMD5=ED9896111C9B49550314BC6B238E5A11,SHA256=452865BE78CED82B58483F2EAE2DF67EB30C14C4E607EDE286CAB5FA08732C4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064531Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.416{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_vendor\packaging\tags.pyMD5=5976599D204E1C99A69A745701CD1331,SHA256=34A312DFB668FE75AB67182C0FACDB5EC5E073D79D9FD9B5EB470188B98725D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064530Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.416{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_vendor\packaging\specifiers.pyMD5=8E104C1478944512DB1284C6425D7E5C,SHA256=B98A7D975DC5D0B7249D2E9DE0DEB4CAD88180598884A89D78EABD027B314DCA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064529Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.416{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_vendor\packaging\requirements.pyMD5=EFDCADB07730A5BC778F4E9A0586D70A,SHA256=547C9D65D93C9B7A85C517A898DC0AAFBD5C9A98DA9ED115FF13A1904CB220D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064528Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.401{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_vendor\packaging\markers.pyMD5=D50F21A53F78DC4CEEF1C4662FD626FC,SHA256=0420B165BB7CC60CAC1FCBF9A6A6CB91DB509D164720690942A94D0467A4E274,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064527Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.385{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_vendor\ordered_set.pyMD5=F3186384F56969ACBD47DD1E14431FD0,SHA256=75B68272CDBB77237D827316185E6703F06B567E90F8DAE329826957DFDF801B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064526Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.379{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_vendor\more_itertools\__init__.pyMD5=D4B166B10CCE8121F8BAA0FF488BDEF4,SHA256=0BBB177DF1D35CCDCFFA268B3CF7EA7E60E8C4E7E540C24B70CEDE77DA778DA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064525Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.347{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_vendor\more_itertools\recipes.pyMD5=C8A83456168FD5ED99ADAD1584A86B10,SHA256=524364AEC672AA2C202C700D0539AF3210AF68D4AF48D621C8EA73FC9739E436,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064524Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.347{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_vendor\more_itertools\more.pyMD5=8599138B3ABAD0EF36CDA12DEF6013E7,SHA256=0E565AF2FE898A15707D0E731E274E03EC43134A2B710214CB156709A5280CA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064523Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.332{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_imp.pyMD5=C79F492BB9FA5D5EDA6956FF7179C2B2,SHA256=1E617DD486E2B517EC0F9CFE838FF099CB87F916A1C8838D6CF82208E160B730,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064522Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.316{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\__init__.pyMD5=97AE7F32D108DC54533AEF4AD010E929,SHA256=969400A6147FEEE8560B67DB484A6CE096BD5B86307B337F217FCB244B779215,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064521Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.316{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190109-230044-00000003-ffffffff.binMD5=B02C06251AB0B0CE94FF9B0CB8E20BB9,SHA256=C346B2831093303A2F9F91A30A368D2193B942D046F47927CC4F5F0DF5A0BC01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064520Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.316{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\_msvccompiler.pyMD5=3C2EE571153652DA684A0D6594ED59FE,SHA256=8D1D0933903524C9D9EB130389C4338575A05D3557B3595601E51EC42D73D7DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064519Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.301{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\versionpredicate.pyMD5=DC6B9C874ED70FC65490A4AF9E632F5F,SHA256=671A4403E4D0BFCF2651673A85EB543B8A92A80DAC6BB8A98D9DD010AE5EBC39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064518Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.301{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\version.pyMD5=860BD393FF00BA6FEC6FBC8D71DF8E28,SHA256=F0DA203FA34F3D0A69DC450C65C4FD73310789AF9E86A3E8F2CA68FDEEC08145,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064517Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.301{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\util.pyMD5=7AF6076E5FF547F59F43DEE5190462FE,SHA256=E94B20C711B7A737E29A4D891DAE4B0481C775D9814FE61DC68A1C5CB94BEA0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064516Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.301{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\unixccompiler.pyMD5=20A0CA21724D7BA3C64008C9F79D7847,SHA256=566923C0F5F2548F3F9DB1CBAAB1A04BBC607F5D8935E5979161DCC75891223D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064515Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.301{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190109-225829-00000003-ffffffff.binMD5=DC15A1824B8852CBDD85D5CDAEABEABD,SHA256=9126621573F0507FDAF46EE103D21365FCB1A59294EAA29B2972871873442CB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064514Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.285{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\text_file.pyMD5=775B63B1447DDEC2680B3DAB7AEF79E5,SHA256=3ECB8025E59D289A0B495FFA37A229079FB43DAF382B32D4B9C24C1516B3C372,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064513Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.285{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\sysconfig.pyMD5=158326FFEC2A952D424FB3FB1BD6AE9B,SHA256=9ABB5B01AF505D85EB3447B61C6285C9EB36A094CDA8899C8091968979F13AD4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064512Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.280{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\spawn.pyMD5=398B16AA4DDD8411A9D1242E424B5D58,SHA256=E2E13D9375595A28F1CBB13F4657268753286A668F27CADA8DD3416A02B18E05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064511Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\py38compat.pyMD5=2A095F39D475FA9A1E953CA79F67333F,SHA256=208EDD741C4E8A30BBB8D378CFFE3A1D8523C184C960C3622C9A064E8AE6666D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064510Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\py35compat.pyMD5=4DA81D39217472B61C1C6F60C3D71948,SHA256=FAC935BC122C3A01FE0286E32186CAFCE12374917FE78525FC3D44884F5733F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064509Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\msvccompiler.pyMD5=EC507E90A8F9FDC2F163881C0D5DB3B1,SHA256=AABB802DE191ABCF828ED8C4DAD2D0F16DBA42772171879D5B31667BC0316784,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064508Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.263{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190109-224847-00000003-ffffffff.binMD5=847CD865CEE4BCDF73BB9924CE5DA2EB,SHA256=C88F1B56F89828C872DB577E99E0D6E7E5ADE49903314C21E59AA8AA14F09F0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064507Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.248{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\msvc9compiler.pyMD5=B6DAA88D2B32B39EAA187E0B2A561548,SHA256=5FADB707DDA0D2FF00DC110CF6AA517F7F7A00477F85F8E47C35154CABB485C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064506Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.248{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\log.pyMD5=3728F96C2FCA304C30C04DFA883C3076,SHA256=8560667540B62BDDBB41C56FDD110C5B71CC3DC97171C3D09E0C4B4AE517425D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064505Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.248{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190109-222749-00000003-ffffffff.binMD5=F2E8FB69E7CE44439824A4BF045C99EB,SHA256=1899F4BB2FEA1CCBC62518CCA5A3BEDB8B28B66E3A11DE51281E6D9AAA52E254,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064504Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.248{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\file_util.pyMD5=2C9484EED655020A27553FCF6453D5B3,SHA256=D2152A7C8B4DFF1D83562851D0C1DD03828231508E3BC568072685A7F6BA3038,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064503Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.248{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\filelist.pyMD5=DBBD4BCAB225037ADA1994F2E6FEE880,SHA256=67D7F986F7A9667A67899D881660A75888DDBE25A8CECF2C6C04418566A3C283,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064502Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.232{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\fancy_getopt.pyMD5=CE4BA924F4F8C9004ADA878E8484C40C,SHA256=38FC69D82C478B5629FDDD43F09C56E147AAF5F0BBD6D7A040569A7E1E7C1865,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064501Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.232{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\extension.pyMD5=6933B68FD6A3C7967624EA292FE3AC2D,SHA256=6D36F74340A87AF18A62FE5D5F596CFBE2E7F2D941D3E5043AC8BD070CE567EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064500Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.216{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\errors.pyMD5=39513F95046CDA5D9891939DD7B19E6F,SHA256=62BEAD29919DCC1A0D8B9DEF06D8AAD1427FFD7D390A6C5275026A3966B0E926,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064499Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.216{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\dist.pyMD5=713F0A03CE548D3E19C35DF30C71FB4D,SHA256=062B9FE9C6BCBA215F31271116C6142AD6F99DE30FB712B146D5E7E74FF57F75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064498Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.216{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\dir_util.pyMD5=43032AA896D095B071B5C267AB190816,SHA256=5308413944DC57AE464F071EE123EE4D747C67CAB72D811C9ADB6A7066F46D8A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064497Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.216{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\dep_util.pyMD5=2C802D52E0F1E97C4C917B11868BD899,SHA256=1AE47D230FE3CD9464C9E989E475FCAC1FF0446C642017019B5AA1E78AFBCE19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064496Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.201{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\debug.pyMD5=BC1E4C71305DFBEEBA03CD8E4E56E931,SHA256=37A32B4C0A8AEA5F52564EAD5B0791D74F0F33C3A5EEA3657F257E9C770B86C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064495Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.201{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\cygwinccompiler.pyMD5=0B2CB366D237C33C2CA1F1735F77922D,SHA256=429991028A5939810AC30FE20964EEDCA2E3B3D82083297DD04D1F6A0031A823,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064494Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.201{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\core.pyMD5=9ABF9A6C3C899621C428D944467C1C88,SHA256=8DB74E92938AD3DC62FB9EAF861C2F9F77D87612DBE4324EF2ADCAD5F9D0CF44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064493Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.185{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\config.pyMD5=B5ECBA3A7BA3F8976043A7BA42C537B9,SHA256=76D1E06E5C7D2617F2ACAC75F89EC9971C3F7FBB3C65B3C54228B65163136696,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064492Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.185{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\command\__init__.pyMD5=7C981CE80DF18B24019A3A5635BA92DD,SHA256=D9303EAE5343973788F9CB1B5875C58C60FCB8E62A00B31FC963A14F8F670BA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064491Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.185{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\command\upload.pyMD5=E6D24C1DF6032EA996227F25F65027D2,SHA256=04B3B5C3B79202AB028C22D7B5FFC24554A3C05D569B2381C8654635D710F286,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064490Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.185{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\command\sdist.pyMD5=DC4AF0791ADAB9D5AFEB0EF74CC1C749,SHA256=AA8B498C03B3CA1263AB6FA80C89A3345ACEB5A4A778414325307EB04935C275,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064489Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.182{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\command\register.pyMD5=D3CE1DD7CF436A7AFD2BBF9D08C657E9,SHA256=DA36AAF7DEBCAEDDA9B91543071D476CD897BF6EEE3A4F22744FF894F7FFDD53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064488Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.163{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\command\py37compat.pyMD5=874E242762B3B7BE70922B4F9A230A53,SHA256=AB346186F4E286AC7F3D966DD996040B18755F73A3DB9E55A9AB737A560500AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064487Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.163{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\command\install_scripts.pyMD5=FE833BF5F7A70E09881AC5D1D4D023DD,SHA256=FC22D4790C06251718DA48A4EDACCF327E4876D0C2AE359D52F675921946E9C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064486Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.163{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\command\install_lib.pyMD5=FF880CC519AF5A065C15C19E6CADEBD9,SHA256=F40A1F47E30EF6502D8F0C2EBA40A9B5EA4E68910A3195B65478B2479854EC70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064485Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.163{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\command\install_headers.pyMD5=0AC201C7F1FBB60492830423EF164C56,SHA256=5D0EA27646C80DFAF59635C23B39EE55432F385A47067E9C2B45B3F6020CD9BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064484Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.147{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\command\install_egg_info.pyMD5=26B473F94FF6DABC1B347DED880F55FC,SHA256=D245B496254C79A7648D7D197117CCA6D2857A7D3B1B0EA0CB0D551D3E4A2307,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064483Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.147{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\command\install_data.pyMD5=5980BF1999EBA1E8CDF2F34D9DE17366,SHA256=62118E0308778093EA17B7A6E57034AE6A51E36CF56CB87CD28A049730F252F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064482Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.147{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\command\install.pyMD5=29E42F0E61493E1A6FBCE190B88EE08A,SHA256=A1A632CE3DAF0066FF1CAA9D16DB3BAD8D20C7CD16F4CAEA3D0099A5FBC68F69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064481Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.147{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\command\config.pyMD5=779D5E6711A831155FD3EB74C9AA6A50,SHA256=D9A4E3C30DCFC23301F3E6626C27B83FB07EA86D61335827FEB257632C51CFA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064480Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.147{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\command\clean.pyMD5=32FF3E6E129A5C76454317C77F53F497,SHA256=D930ADE3BAEEE2165933445F55F5188F96DBA6272918B3F8421C398C1B6FA7D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064479Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.132{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\command\check.pyMD5=BAD48DA65E88E74D2AAC41ED25489AE3,SHA256=E6A0ED23BE5C719837B0022D41679A22EF32DC5477D783B8AEBF529B3E07B04A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064478Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.132{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\command\build_scripts.pyMD5=0D566C2204CFC3BAF36E0B0AC700995D,SHA256=BAB767EB03F13CC5B974BAA9A85919F1DA9A146D6D7FD4E201AA3A53D2C2A042,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064477Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.132{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\command\build_py.pyMD5=6B1010EE123995E20611D5B4BC88F429,SHA256=8577AC32B1FF7A9363E8AF1252D25D8A98048ACDC474808A799F1559EFE775C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064476Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.132{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\command\build_ext.pyMD5=C22C11D9D33234E8D6E16EA966704E66,SHA256=857E24B185D10BE4377C4BCBAC03481BDEE6AB7B703BA67090C85F00D34ADD88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064475Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.132{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\command\build_clib.pyMD5=1CB6CCEF39C800BB3BCD474077BCEF86,SHA256=6E05531E1DBC78B400D86930EBC6A602977F8FBA90057E0C4C8FB34EF00AFC9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064474Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.116{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\command\build.pyMD5=A03A154F0F6050016ED5F99A159555E7,SHA256=D4017E77137F365384CA8C9D073D7D030A5E5983D260266F38B25237F3DD6AD6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064473Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.116{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\command\bdist_wininst.pyMD5=CEA64ABBC04473291B7E6526556CBCD1,SHA256=88695A23E55F1251CE9DE79CCCA1D69D23796B5D3EEC831C25A5EE47599D4B77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064472Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.116{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\command\bdist_rpm.pyMD5=F6F2383C0E4F35994FF20B34D7BE9707,SHA256=8233B0DB61A10D26DCAB46DDAB6E5C4DBFA7E875969B46D284B41A77F9A42789,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064471Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.116{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\command\bdist_msi.pyMD5=A6D7D6C07440C6EF8EDAEFC5DEE25DFE,SHA256=11515060DFD7F84C5E78FF2099D57D25C20DB2E506B0B254CFD69F314D11B7C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064470Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.116{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\command\bdist_dumb.pyMD5=A814B2B1965589A195891B3925F23A49,SHA256=053BABF63708A69C8FECF89ABE37EC93B623125AAFC5E60EDA7A54C8F3CE7A47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064469Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.101{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\command\bdist.pyMD5=2AF1405F81A3873B0DE48250DC9C50FE,SHA256=DB3E1EB9D465FE7EE6DE51BD95E2F4218A9EB386EC9BC7347F17D9BA269F8CC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064468Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.101{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\cmd.pyMD5=7A2AEF02AA8EFEE013F6D549D8883496,SHA256=79CA3A2C0194B686CBB8F69FBA19A02A09304512FF598F0A27861E0C21E9725B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064467Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.101{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\ccompiler.pyMD5=EDC0F1A10C18DDF0C0E4D3AD35BC53A3,SHA256=1B6B67F50DF343455435F5B52CCFA7AE72EDFFA3A1B6252E9EE802BFCE43D4F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064466Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.101{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\bcppcompiler.pyMD5=A80FBF67FC165A7CEAF651E75EE4A2CB,SHA256=3890D5A425265FA1FCBFFEE5575CE27D5D5F731F760ABD9D862521EBDF3D5092,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064465Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.101{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_distutils\archive_util.pyMD5=9978FC55545736721F0CDD43EEED54E5,SHA256=A96FAE886C187B14EF2B97BE8927A5FF7D43B21C7E0AA4DA9CD3CAEAC9F07FDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064464Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.101{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\_deprecation_warning.pyMD5=00EB5CA8137E4D5569787DC4B577E570,SHA256=8D4F7E76D7EFE9C2A6B5024E5CDF273F59A6EE038DC3990A12D88FB5BC276722,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064463Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.085{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\windows_support.pyMD5=40BE0A33CC341934C40550D345CCDE28,SHA256=E46ADFA923F6F9D2C6268653AB683A7422A4C90C716B69F92108979490A86041,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064462Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.085{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\wheel.pyMD5=51889F16E3C63E530C6D149B29BCC984,SHA256=D0FF2D4A4D74E6E17F51BFB7D0DD875365F6BFB30A0D2763A5E4254515B74A42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064461Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.085{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\version.pyMD5=E862A919EE80E66C10CC490DCC04D2DA,SHA256=A20FDCB9941BD1023ABA429915F6563E5AF51E02413CF9F6BCEDA6FDB23D6531,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064460Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.085{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\unicode_utils.pyMD5=01778F86BAEC59BCADF8BD6A3BBBBD84,SHA256=68E385A38246C00B2206DB46603B2A152ED8A9641E6768FA0D6882B9CB51FF4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064459Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.085{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190109-222130-00000003-ffffffff.binMD5=CE44F9475E46528A330B901E87B89FB3,SHA256=739CB944711E86500B35D2D6540B92C1413469F50397B4F2AB94934A5D944426,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064458Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.085{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\sandbox.pyMD5=C8F96CB4EDB2088BD4B9FF4C739D060C,SHA256=991F378BE9AEF99514FFB4DA3206027914B2CE4AAFF25A09FC647DC614B60C3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064457Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.082{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\py34compat.pyMD5=CC3DFAA6AFE52E91A896A5F214A623C8,SHA256=29839DEB26D1C63056F0D266603F2DFD4CB2566CACA69157A87A452DDB251975,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064456Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.079{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\package_index.pyMD5=44C0BD498CC1BAF6F6BA19A4DA5071F5,SHA256=D80D4EEDFA535DC7DE0F9215E075AB2281175E482AE64F2DF5A5AB8F1F74567C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064455Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.063{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190109-222025-00000003-ffffffff.binMD5=79D8C525815D9A4076B0A3234E85B36B,SHA256=C3378C40CC33DD461139547CE3D3EB9AB1195C9E050179FA11DC90F96E72ECA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064454Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.063{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181212-092626-00000003-ffffffff.binMD5=30CF5F5D39259E599D48F0B552F00501,SHA256=4A0D97CE675A8FF4983BE6FE8A8353129DE39E0BE618AE1386D50FCF00BEF5CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064453Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.047{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181212-092406-00000003-ffffffff.binMD5=E1C2580F0FB55F3886825B04155BD029,SHA256=97E542814BD23E66FAA18EF2E633C45528B905DCDBFD87881002A939D08207E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064452Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.047{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\namespaces.pyMD5=C6AA890D2E554A56082CE3D7FB65E7C1,SHA256=3CCA8654F5CF610823513BC483D6C671C440908383AD0E8D9AC0E0FDFC04AF02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064451Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.047{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\msvc.pyMD5=5BA55B53C8AD3E489F5AF256844C9781,SHA256=DCB2EDF77F1EE8E47BC163F322F090BBB2C25994882AAA0A57AC37AFC8D5DE46,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064450Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.032{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20181212-090136-00000003-ffffffff.binMD5=75FF19399C257DE89B560D715539DC39,SHA256=E8CEA5C70821554835B5BC5876C311FABBB820C44F94811286C67F09EEF18567,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064449Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.032{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\monkey.pyMD5=219798906C8BBE98A7DEBD58377E558E,SHA256=D1EDC77552971CBE35E4EEE7A7E014AA11055CF3EE0DD24A6C8E3B72143F0C4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064448Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.032{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\launch.pyMD5=D17656790B6232741D052C636CC0FE24,SHA256=4F23D3F887354F612762F18EDBA81F3513F8CAC065AE1A5B4634315AC88EE35E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064447Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.018{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\installer.pyMD5=83201407CC26BC568FBB3D105303DB10,SHA256=8DB85BED9564355FDB4943207E72DC670D081EBE911059CA178A3BFF526AC66D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064446Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.018{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\glob.pyMD5=9E7C3495572375E434593C1D55520ACD,SHA256=D686636DF8C01D25DB81D852B91E98194F232A86FD2FC36D126058A9C3D32D89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064445Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:55.000{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\site-packages\setuptools\extern\__init__.pyMD5=27EB8CD1A7F18191F05DEAB50099DA86,SHA256=1E17FD5BBDD6022B70F5375125F0C86FA6058E62B9E8217AD5A7DDB35320D076,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031931Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:55.983{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=932DD821A673E6BAC7BDFD6351D09668,SHA256=B08AB4137F02496D156110C2CBBF93CD11F0BFE44C96C4ADE9540E98C49E9320,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064818Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.988{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\selfsigned_pythontestdotnet.pemMD5=A07E22D97352195C0581E27B0EC8BC1A,SHA256=428675F94ED7BF0D6B726B12FD2F472FC6DA6B17D8E1295F39B6CD13C1D31858,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064817Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.988{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\secp384r1.pemMD5=1481D3ACDC0ADA43BAAAD9EA6E1769E0,SHA256=1CB601D2E7E432DBE8F6CEA077E208A057F368A4EFD88574E117159FD7D62526,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064816Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.988{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\sample_doctest_no_doctests.pyMD5=94C061E619A03C4AD225457256424F62,SHA256=C247F250AF9F5246C1C336CCFCF546FCB525AB2DD4CFF0D5FC63EF2B2D29553B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064815Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.987{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\sample_doctest_no_docstrings.pyMD5=7BE6A070D7D685A1DED7363C74E47B56,SHA256=470DED0147B7C8D8284AB9D445D5A4D06E45D0FD5519CE97B1F7E3896B4A709B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064814Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.984{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\sample_doctest.pyMD5=7BD102A688AD8347D3DEEA390BAC2B1E,SHA256=1C2AD9309E7EC5FEA20F94F4DA29160E769A571BD3B59A97B97749F74D8772C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064813Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.966{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\re_tests.pyMD5=DD08F082AD079F9C528A60642CFD3FDF,SHA256=96A881436F22580B1CA98D62F2E5F39E225B130BFE5873FFD5CD923A28D65B41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064812Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.966{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190421-053209-00000003-ffffffff.binMD5=4B2EA0893255AEC54F53CA22930DAB0C,SHA256=A94A70CF3D1D3E06C323A95951CBD35D949B5643870972E00B69C66F58A0626F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064811Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.966{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190314-014353-00000003-ffffffff.binMD5=6B8828BB7FB168CA210A0BEE11160C60,SHA256=6BF466257F1C4BD40BEDDE97EF65E1B93A06FA81BCC03B9DF5EEA4257A3AACA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064810Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.966{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\reperf.pyMD5=B83CF73BF3D6A04161130CC1F39CCF91,SHA256=CBEF5ED581CD7E9F5572C9AE6D171AF2D538BE551879D1F9FA6AC93056633DCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064809Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.966{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\relimport.pyMD5=A4BC23882A7BA5EE8C5B09B7988B90EF,SHA256=727E33961C3473EA4967AA50187D9466C69915F7D70CB27E03349E43543CED68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064808Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.951{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\regrtest.pyMD5=5BD33F53C69ACB3A24AB1781F276E497,SHA256=4A8748B204DED9A4B991A454F580DA5E7893C2539B1069AD191AFF8886DFD740,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064807Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.951{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\recursion.tarMD5=E8A7611A5A78C9EE16CD0E2273A1891F,SHA256=D80F55AC66A2570C8A19D2B1DAD7C057CF4C944D9C2F8ADAF5BF6C8539881E13,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064806Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.935{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\pythoninfo.pyMD5=DBA549FD4ED47FF5BBAEBC45292EDA7F,SHA256=9594A47196BB7451355C4B0103D1D14A958CB9F9902FE2C807FADFBCA34D7403,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064805Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.935{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\pydoc_mod.pyMD5=648A3BE947CDEE09909AA16E0C7405DA,SHA256=0F20735F77121457295AB9076706C50DBD1BC0AD50EA36AB25CBA676DF27BF15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064804Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.935{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\pydocfodder.pyMD5=85B024ADB377A030164996BA7E2B5E1F,SHA256=28B669759E8AE3787A0FED5609B836ACEC2F3BBDB153225C5C3AD464F002E5B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064803Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.935{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\pyclbr_input.pyMD5=AEC1C56E3E31F1B4E07D01780259CA34,SHA256=CFA88A0D19AF3B2D6C578CC63D1384E3E2CAD9CB8BB0B0B952D5D92964053D0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064802Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.920{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\pycakey.pemMD5=9670D18030787DCCB2EB2C2A5598B8AD,SHA256=A85AA346C5C90F606A9AC759230B6F85112B3D8253890753D884074B544CF29F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064801Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.920{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\pycacert.pemMD5=F33FE4A199DEF150C94B7F159D6412A1,SHA256=4E913412754A32E58B6CCDA0F00566FB8736F3F311553B57611D8371022DCC32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064800Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.920{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\profilee.pyMD5=B15D960E8787EE6DD010BAD84F6465BE,SHA256=D3A9EFC217B9C0FE9E94D3A8875AADFEC78D35E19A4FB32A19F1D8CC721A2C4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064799Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.904{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190314-012129-00000003-ffffffff.binMD5=B45C1F60541122D58A71649D4A8C7D24,SHA256=B2B48FC4BEAA42480AC49343A3DF95E200039CC6EC39EB469172ED2F21AFE7FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064798Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.904{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\pickletester.pyMD5=7FA33870C4BCB860C1C2EF6547C1110C,SHA256=ACA1ED0251EAA5EAB33F6B706E47098A8EBAFEFA9DA85B44A648025172B72C33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064797Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.904{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\nullcert.pemMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064796Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.904{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\nullbytecert.pemMD5=CBB605575C62380A2BC4E401B1199762,SHA256=BDD095B57B3724FA7240F8E7CF9C520F075A5F57747845F653D6D4D2186DE589,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064795Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.888{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190314-011948-00000003-ffffffff.binMD5=7D350455195985B00A15B1055CDDE1E6,SHA256=59612F2D9F119E4848908C90D490E4AAFB88E344EA0473B8F35A86AC78FEBF0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064794Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.888{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\nosan.pemMD5=44A82010596CA000FAFFBD9500AEF9F0,SHA256=738968422D2C9218F5E402A441170FC8AFF99CD47E8EF92D9CD3F9B5FF379478,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064793Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.888{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190314-011945-00000003-ffffffff.binMD5=62373FDDC003BA7F7EF8115913AA7D0D,SHA256=F7A11C52E6D9A34F746ACB83D296A9D57A039F12A44A7AC2505C1E7A0D7BD5C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064792Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.888{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190314-011815-00000003-ffffffff.binMD5=7AAE5D9E56979AB8B3DA1F2230222A7C,SHA256=0258B418FE5A9011F576224F32F1F9F130B9D46F0FC0BE8425588A362DCB0037,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064791Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.888{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\nokia.pemMD5=E558DAC2834F977DD2035817C5A13C08,SHA256=D23EE3D6F146867A005C2B27992B3DE787CA140663C84F1813FF748C282D35AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064790Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.888{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\multibytecodec_support.pyMD5=36B692D36549168E72BE331B947C2254,SHA256=6960ECDF793D5258C7E225F104DDA5054BF609EB4887484FD8C978044A491DC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064789Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.888{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190314-003222-00000003-ffffffff.binMD5=62A64BE725FC8CD4C98209A4C1DE3734,SHA256=14E19C478EB514FC0549C37E1223DD2BDF3B647A415C78E5FA9B9686DD02F9C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064788Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.888{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\mp_preload.pyMD5=30456FE66A155C9355595E40F0FA2145,SHA256=84B697EF2F8064E8E290FCBF369AE82413785237B2890B120625CA47CE0D5C1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064787Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.888{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\mp_fork_bomb.pyMD5=0038549177DC243DCDF89B69B58EECDA,SHA256=2C20A8E96A50BF0DE7475B0799496F79D78FCECAC77659F7E0D7CE76B9B611CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064786Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.867{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\mod_generics_cache.pyMD5=435F4C1650EAE90B069C1E9F2EF34314,SHA256=EED2BF4C084BD27B5AB4E07969793882A92C6FB98CD165151CF4E1857F93338D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064785Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.867{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\mock_socket.pyMD5=A472EA8C7A9A62ADEF771FD49678A7AB,SHA256=67BFCF56011305FD2DE7ABE4B5A83F062565BA28890B5CBBAC921FE81F74FBDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064784Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.867{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\memory_watchdog.pyMD5=D378E75475ADA1F12C05E7D8E6FC483F,SHA256=00F80C6F4AE0F913A4BB5AB24D337B1B70242CB15FEDA19AF57D26E1C778F827,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064783Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.851{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\math_testcases.TXT2022-01-17 14:25:12.000 23542300x800000000000000064782Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.851{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\math_testcases.txtMD5=5AA657566CD4BDEB0220211054E9FCB1,SHA256=72D9CB9CFC9571ED101CD3D8CDB5E78C8E9548D871D957F644F20198653AF670,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064781Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.851{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\mapping_tests.pyMD5=6B69F848445C2909BE3351D6E6DD9EA3,SHA256=B02F8547DA538F6465B524EFE8E73AC31AB5CC54B73D20A80EE3760D8A0E4C52,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064780Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.851{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\make_ssl_certs.pyMD5=76E237064E079B302AE361B8EE3B136D,SHA256=A5AE6790BCE4C5F68EA74802EB625DE01CD19B183749403784A34A65A10BED4B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064779Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.851{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\mailcap.TXT2022-01-17 14:25:12.000 23542300x800000000000000064778Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.851{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\mailcap.txtMD5=0539EBA86C13ECBDED1A825DFD8A8965,SHA256=7A4C77727FE93F8EB60A3033755CCEDAB68CA903F11BF0CA83EFFFA74EB4E4CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064777Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.835{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\lock_tests.pyMD5=D8F23E1931478B0D8CD07174E0F0A402,SHA256=4C7D80DFB3B21F4B91690256EC25D74C0D66D8D093EB084B18123EC3ECE096B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064776Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.835{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\list_tests.pyMD5=E954BDAF3E50D2F09BA8733143DCBB1D,SHA256=50C974ACE9487FCED88D410712C16E119EDED17C78B8AA7FFD7AF000E271C60D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064775Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.820{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\libregrtest\__init__.pyMD5=E61354692D15C2839673E05D4CE725C6,SHA256=D1EDA12F291EFA97AAF2F9FA9AEAA15B849D43375F785B2B75AA5D098C24AD3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064774Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.820{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\libregrtest\win_utils.pyMD5=C58E0AAB5CD39DAAF16D60A9F82994E8,SHA256=2D4306D8E464AB9FADD1A5D401228A6EEDE41A9FED485534EEFFF5D28317A9D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064773Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.820{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\libregrtest\utils.pyMD5=9F21D972037F56B6D1486B59B1761F8E,SHA256=384976B1892512DDAECAAC0E9A8A936757F9C3ED9DF5B29ECB2BA023E43C0A2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064772Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.820{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\libregrtest\setup.pyMD5=26A136692CE21BB2AC53120E721026E1,SHA256=0E12B3DC13DFBF39D4A9A318AB67B761A9B7B01B60CDA18C167729F9A73ACFB4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064771Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.820{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\libregrtest\save_env.pyMD5=8AB9459708BCE1B1296BFE4A7970AAC7,SHA256=C1FD15F8BBCD30B2044980CDEBF46635DF360F21E205D021D8AB545A310ACF07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064770Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.804{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\libregrtest\runtest_mp.pyMD5=32B5D8A7B9603091DBB25EE43568A23F,SHA256=96A2C48F1CA6B6D6A88012515A91D1B6D92FD07352B5A3AD038AED2149A8AD51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064769Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.804{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\libregrtest\runtest.pyMD5=DF356BD1797DD5859A1C9145FAE40EAE,SHA256=2508FE0CE5C657727DA3EE433CE333BA41B445F49C739B2484888025FAF142DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064768Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.804{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\libregrtest\refleak.pyMD5=4AC73E9844D069CB3B8A8A4FC6821E2D,SHA256=6BD678500737FF2D3B3D628B314B72574B4B35568F767BAF5BE40E6BF23AF1B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064767Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.788{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\libregrtest\pgo.pyMD5=203895AB7711E40CF7D83CA69192759E,SHA256=62368C6CCCB4A113CBA9A0E981B6A0F1471EC9FAC5D2292D9E0DBEBC78E91890,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064766Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.788{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190314-002954-00000003-ffffffff.binMD5=D949E7FEA7237FE5E80983F4A77E2EB2,SHA256=5E272B566B318C7EED2B300EF688284882AEE0F1035CB74EEEDB12809E5B1CBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064765Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.788{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\libregrtest\main.pyMD5=9908A04264297AFB6EB19D2E02991A05,SHA256=E536D4174335531B2C31D03954FEBDBEC3C6AF739C78713417DAAF68C3932E71,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064764Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.788{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\libregrtest\cmdline.pyMD5=D9BDF84873E1ED145CD7DD7853F6B239,SHA256=41F6411ECAB1C87B49529B2E507C7A54A1FA35FBFB250BAAF4621D0B81B71E7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064763Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.788{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190314-002001-00000003-ffffffff.binMD5=50838AE527B893306FD56086A764B5F4,SHA256=C643ECE2F24470388D83E74ABBAE33974F70121A5F8D0BE2A8A276CD7F95E33D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064762Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.788{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\leakers\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064761Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.786{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190313-235622-00000003-ffffffff.binMD5=8A4D6116EB9424DC46397F347FE43C44,SHA256=4243B623A304A5950FA12E173A7762AE23CC8EC45BE399AA6259DCC79DF67F96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064760Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.785{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\leakers\test_selftype.pyMD5=665B71A828B7C07792D48863D80E3265,SHA256=BB1299A3CE6F5E87660E50A749FE44184AA03672002D8DB2C642270A56C666A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064759Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.767{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\leakers\test_ctypes.pyMD5=6B24742D48E96FD380D1C836BA7E812E,SHA256=EC2D905868BED2426F63513BE7A0B3343C356690088FBD25E98EA49ED4282CAD,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064758Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.767{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\leakers\README.TXT2022-01-17 14:25:12.000 23542300x800000000000000064757Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.767{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\leakers\README.txtMD5=1F9D99A43692A15F008B14FE014E4A66,SHA256=54DC21771C3C1A9550A248586580C08A6A49D445874556E2E50AAF5EAD10C9FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064756Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.767{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\keycertecc.pemMD5=4F8447F9049DF8CD6898C3FA32338705,SHA256=D72F50E54A0DB905C7F4A040D4A92EFC8A4276382C510B4A07A6C28D386BC86F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064755Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.767{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\keycert4.pemMD5=C391AAA0780F9822FE2FCEBB024BFDF5,SHA256=AF839BB434B9E6167E0111275F33D8C721ACAC742A14DBCE8586F7DB55218705,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064754Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.767{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\keycert3.pemMD5=1CB12C3DF207730F41CFA62AEAC2E13E,SHA256=A50B2A0601896CAE9F23ABC750AC1F2DFACA72785436E774DF386750C4461F69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064753Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.751{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\keycert2.pemMD5=3DA6C0EF77E8F949F45286694B0A3D7E,SHA256=B8586BB9DF48EAE41A729610D3E7588FA8FA3C014475BC22B34ECDA428E0C010,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064752Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.751{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\keycert.pemMD5=9C303D505E0166D08EFFE46D40495C1D,SHA256=D5BF4C13BEA077C646BFFB3A379E863B60C90CF7B0C0771FA6955ED2E0C6FF7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064751Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.751{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\keycert.passwd.pemMD5=19A9C01B2AA91CF20D9BA6351438E40C,SHA256=0AFB760BD13F24F025633987C9C6E21EE2B7BF2FB0C34FE23CD719B935324C55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064750Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.751{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190313-235518-00000003-ffffffff.binMD5=87C7F6753DEC73BFB848E0275CB87E04,SHA256=2A9C9A78276132238EBA4B99034F44EEFEF3CE0FBD60ACCD9724D46125A95352,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064749Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.751{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\inspect_stringized_annotations_2.pyMD5=E5EB548312E9954FD77B9FAF0FC697E6,SHA256=6D118E6EA2B880F10878B86FA6C36C444CFC9498D17744537FD21675E9B6E6FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064748Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.735{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190213-081100-00000003-ffffffff.binMD5=4C632388702605A937B450DB3CBFE637,SHA256=6ACB663C2BE8F26F2FE7081786A1DC73FB3B3291AABF0230A3B2859EB8829071,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064747Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.735{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\inspect_stringized_annotations.pyMD5=058B8FA1ACEE184CB5FDDCF9B0D41611,SHA256=E2968ED0E2EFCDC5305E49007A4D807856216721EE0416E973D91AC9A71D6436,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064746Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.735{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\inspect_stock_annotations.pyMD5=C2E58D6AEFDBD6CF88406BEA0FB13D49,SHA256=80917E412E4DFC8A219CF86AF9AA4986F68BEAA6A3A5493CFF5F19C863B971B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064745Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.735{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190213-080828-00000003-ffffffff.binMD5=ADA27EF957475937DEF25BF18DE0B81F,SHA256=1ED4C7E68BF6862B13353CB6EEAD3934C869E63ED96E35F8281E8DD6EA960D03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064744Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.735{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\inspect_fodder2.pyMD5=0836231CB27AF3E8F9D36EDE07EA3867,SHA256=8F898B7A0567F2D7FD3CA97E12C5221D7C4761B78A8BF1DF91BF69E5C5FAD282,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064743Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.735{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190213-071418-00000003-ffffffff.binMD5=E640036662B46CFFCC7F68A16FF65C63,SHA256=30DCDBECC61F4CA40A6FCA833E34A007BC51AAFC5AB6E8C04F830123E9552670,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064742Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.735{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\inspect_fodder.pyMD5=01DA1F9BE37207338479F81964938633,SHA256=6D73CDE4C2571917F0BE444A51FF79827F3DF70768DC879EC4F8FC2B54B2F0DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064741Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.720{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\imp_dummy.pyMD5=D02465593B569D626E9AB8877F6BFBBF,SHA256=8BF69F3101B81BD1C427B032019F3378AE1E7AA87D62728FA11AB967A79FB1BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064740Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.720{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\imghdrdata\python.tiffMD5=D8580E24BFB05EC687436BEB33838368,SHA256=F19A80D1C7D5D758DCEA82276E73150454212A5136B19C5FC2727786132DDAFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064739Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.704{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\imghdrdata\python.pngMD5=91F80D44B0A786E5B0B3049AD61159FA,SHA256=480AC039362A15A7738BA76DFFE807FD03FA29F7EDAA8EB21CA0057C44A1EE8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064738Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.688{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\imghdrdata\python.jpgMD5=50E9104383C3F36FA9E9BE6148E6FDF3,SHA256=0171178AE901E108F56305AFF7E36268A690BC49933A24B1AAA587FDA00F4D3B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064737Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.688{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\imghdrdata\python.gifMD5=D5D8EB13DCC0F4A1400F90C3D0BE67AD,SHA256=EDB421B4EE6CC8E9FFC0B719B31279AE4BB8821F52A19E8F32AD77D4ACA3E51E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064736Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.683{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\imghdrdata\python.bmpMD5=E3A1F317B1A275E5D5F1B4B0FF04EE01,SHA256=410C26B109CE9D32D35C0E4BC6DC92A7579910CE706939A056323DE5801A7A87,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064735Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.666{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\ieee754.TXT2022-01-17 14:25:12.000 23542300x800000000000000064734Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.666{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\ieee754.txtMD5=CFB61E31123FD203C9458991DD74B314,SHA256=8A1B629477E0B3AF488F29684E245F5762C7BD86DFCED24DFCF8B12BDBD269C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064733Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.666{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\idnsans.pemMD5=E477C72AE31475493816871079D406D7,SHA256=34025D14A9580BBF277069892D2FFC6942D088CC909D9AF8B4A99FD0AA5DE033,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064732Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.650{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\good_getattr.pyMD5=E64E90B7CCC79E5A86391155499E6A4C,SHA256=C226622B67FFE103E1FB105969060BFD1D77057BDE17F83C4AAB64BEBDF05694,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064731Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.650{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\gdb_sample.pyMD5=770F7B18FB4CFA46C8460D2B46F04A9A,SHA256=A5BAF7F464A63A6013F821CC2CB793B095C1612932D106193486B6667B0B3726,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064730Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.635{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\future_test2.pyMD5=3FB9DCCE694E57FA04AA4006FCC69CE2,SHA256=6C64BE2AF3F0F707065AEC378FBB9B9F3760B2181971D432CE32517920A0C49C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064729Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.635{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\future_test1.pyMD5=2B4BF76489258FDDEF4FEBCFF25764A2,SHA256=7C48EB48CB65F093723DBF2F5D4A48F76852654EF30765BD4A14E1375D0801AC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064728Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.620{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\formatfloat_testcases.TXT2022-01-17 14:25:12.000 23542300x800000000000000064727Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.620{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\formatfloat_testcases.txtMD5=86D64345282F0DAEE447CFCA2AF40D42,SHA256=FBECC75B082612AE1525BE510A997A8B8EE4BE98EF85CBAB9DFF8AF0DC710845,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064726Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.620{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\fork_wait.pyMD5=82E94A348C496C190F794A19B3F43AAC,SHA256=B4A2DA2163A2F8DC5C54F687E1904905132C9BA7886209C67912BEB730135D45,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064725Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.620{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\floating_points.TXT2022-01-17 14:25:12.000 23542300x800000000000000064724Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.620{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\floating_points.txtMD5=9C140CD85FF39480F66B5E88CDF0CA09,SHA256=073592D710725B3181AD7CF78751870BF543F2FE1D493C1D3C3DB1DC62AC23D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064723Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.603{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\final_b.pyMD5=3016643D65360E764EF3FDC689177279,SHA256=E296B7A0F3FF365E8C5ED593CC8A07DE0E8C7D51560C7BFF234B29D7E9859265,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064722Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.603{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\final_a.pyMD5=4A741DBCFFD8DA95557C644365FC112F,SHA256=3CFD60908B112E81DC727EB6272AC4C61116E501D392612131253FA39F068A1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064721Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.588{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\ffdh3072.pemMD5=2E25CA733A0C4D643B98945A3D5A83A3,SHA256=E24790F3F1F6A6C1463865C87EEA78AE5FF38DA1E2FEB17A61B831EBA14F8E74,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064720Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.588{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\exception_hierarchy.TXT2022-01-17 14:25:12.000 23542300x800000000000000064719Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.587{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\exception_hierarchy.txtMD5=A02EF00AC04B966CF4C57099A5BB28A8,SHA256=67053D116A88E6AA819C76B0A52EA1E406B880D352C758E00FF0190C44BC0170,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064718Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.579{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\encoded_modules\__init__.pyMD5=A1B2C8B563E5201E594EDA9C3527F8ED,SHA256=75CB906F65B5B14CC63EF78BC9BBA0BE9B39065109FDC3DF38CCC9C26562BC97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064717Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.564{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190213-061739-00000003-ffffffff.binMD5=5532CE04359CEF660A973DB244DF461A,SHA256=5AE7DCC17DA8C5B83DB3DBEBB72B765E927226654F413DF94C7D79336A78733F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064716Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.564{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\encoded_modules\module_koi8_r.pyMD5=AC2DD59780ED750FE4B8664E3A0D9B77,SHA256=61ADE0F9317F8C5A77CEB4533DCED37CD4EAA792921CD26CEACAC213CF251B7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064715Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.548{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\encoded_modules\module_iso_8859_1.pyMD5=35AD5B1027C5E48E8AA6D64CCA69BEB9,SHA256=E8450E62906D0699D2D3946A0BC2F57AFEACE0EA03B06521B82988046DEDE446,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064714Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.517{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\empty.VBS2022-01-17 14:25:12.000 23542300x800000000000000064713Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.517{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\empty.vbsMD5=BA0C6B291074AB21CA5C94CEBD6CBC77,SHA256=0D5216CA5F84C64BD63FAE69EDC59341FF18D8B4B84E81107EFAA29B19877DFA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064712Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.501{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\dtracedata\line.pyMD5=9D4C77995229855F08A45FA74529E35C,SHA256=BBA6C44DBAEF735D746B05F1B83D8FC4FEAEAB0516F2013DA61E52A4700211E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064711Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.501{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190213-061518-00000003-ffffffff.binMD5=820EDAC1EFBFA807DB815F1B4E968D63,SHA256=B73AC8D6B08FB0EF4AB6B86826CF45B3EE87D0436CB6ED5DBC84ABBB4B6344BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064710Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.501{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\dtracedata\instance.pyMD5=57AB294555A99BFE607820730887FFA8,SHA256=2FEDF311B766574A236E77B873F04A6C1ADC3C84FEB45AE40C70E0117F129D76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064709Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.485{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190213-060530-00000003-ffffffff.binMD5=3343975456F3B6A883ACB35A5A6A05FA,SHA256=8E037B08C99BB5A2428837B6CE1DCC36064D19D0B257F03AF225107A0DC32692,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064708Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.485{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\dtracedata\gc.pyMD5=2749AB298129886F074C83A736BB4F08,SHA256=E0A963171CB19249476CBDA72189D9387D0B337121B4576948392DB81E31720E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064707Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.484{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\dtracedata\call_stack.pyMD5=12219DE9A61E96ABA9F2DE41EE5781B6,SHA256=8580988A8A5F78D1252BE24B3F1DF56E488F8B1AA3FDF935BC14B9AF09443882,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064706Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.481{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190213-054337-00000003-ffffffff.binMD5=90F768DA30EE75C84C998A2139726869,SHA256=A4FFFD0D8EDDED8549A826F2FC82BDF8C9B597605CABE48A6F2D582BB33A3D23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064705Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.464{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\double_const.pyMD5=A4990D8E6CE3AE0F8200E7BAC78458EC,SHA256=4DB8AA3E1E3C0B7FB189C84A0DABC1BE164354679066578177863C24D80AC253,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064704Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.448{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\doctest_aliases.pyMD5=1BF5D69CF0B81DB5C2E724EF7E5A1BC4,SHA256=23863C5467148C1D75A9BD091033D9861C624E88915363C1CB9230FB4F3A238D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064703Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.448{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\dis_module.pyMD5=D0AED825987A41CA56A4F02739232009,SHA256=5E48ADB6E511723D66FBD86E9D6EE1F23D7F7E9694CEC771433DA2EC4FD1AE9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064702Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.417{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\datetimetester.pyMD5=A97EC2209AD2AD463F88DB9644794C0B,SHA256=2EC61C7CAD8FC765FD28594991B8B7E78932F51E4E23C7DD546CE2B5FAEBAAC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064701Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.401{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\dataclass_textanno.pyMD5=683434C3918324E9A33DF5DD69D1F6CB,SHA256=9687A53C2F6CC3A34EDFBC719E57731167C83CC01990C251A620886E25E90B37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064700Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.401{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\dataclass_module_2_str.pyMD5=C0B024255AD3F42D89E35139B37CB34C,SHA256=9B090D03C05410BB88D42FF3AFF2BABB5A7DDD258C06DEE8CC7FFD1102D694C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064699Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.401{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\dataclass_module_2.pyMD5=F5003380CA06424F414CF1BCF6FB6CAA,SHA256=47AA13C805AA2A954E869E3C9EDE4B6BCC1953BACE1FA45BCF7567920C9F7963,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064698Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.401{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\dataclass_module_1_str.pyMD5=78AC9934EA6362EA83801DFC1C30661E,SHA256=7AAB72812898A6F2108EA4A2340558B49EE7606B2457A85987EF1623FC4F6F67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064697Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.385{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\dataclass_module_1.pyMD5=1DE2C31F85D22C79510E1920F63A759B,SHA256=6E62656B7E723B6EE30BEF12A0C1281CED857971C4BCE7F1F8AF0553AEA3D228,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064696Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.385{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190213-054039-00000003-ffffffff.binMD5=16406E71585105FE2806D6425681D2E2,SHA256=A86D773548351FA08AE96D0D35D11F48BF61FCC27112995295D0B9BE61507AC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064695Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.385{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\curses_tests.pyMD5=D8EBD8C97B71487ACCC4786DFEC5C1A3,SHA256=E772591F017A9F0B46CDD86B3BF612CFAAB45D89B367F155789A6B5EE7E95C20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064694Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.385{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\crashers\underlying_dict.pyMD5=B8B5B66C35D070C252EEA489CD583774,SHA256=95DBF034378968FDC6D2D02D689948E1D40333B37A1B520B2D774D8ECA6F0E9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064693Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.385{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190213-053412-00000003-ffffffff.binMD5=EF68B132D9D660F5BDBD6780C7165616,SHA256=2FA7D81544004A0F9B8ADE77581988F5ADE9E7718B9BC997E1EC44429AD0CCDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064692Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.384{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\crashers\trace_at_recursion_limit.pyMD5=8A6813EFF25907E1E90A4CDECD364B6C,SHA256=668BAB7D208440A20EC4160E9C80802838E166B56178F66B796552E7CB5FE482,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064691Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.380{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190213-053313-00000003-ffffffff.binMD5=6BD1BAC7A1BC707C8D9B0E2372AE9606,SHA256=F5F1AD52AA1C357F941C4C90CB52FB5F5A36EAE365145C8DBA778B6DB3F1C972,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064690Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.363{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\crashers\recursive_call.pyMD5=7930FC429817431AFA73E1B62373580D,SHA256=925C1F3F5C2E2424EBD136863D668366E99F4FEE837F93CF4F48B6E020F95D3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064689Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.363{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190208-200514-00000003-ffffffff.binMD5=3B27E3B83A9DF9533DA5976887242AF3,SHA256=F603A65C9F56D20864F1FF2214F514FED3ED981BA7E62C8043EC42B4FC0A9E3B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064688Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.348{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\crashers\mutation_inside_cyclegc.pyMD5=8587E4D7B7A2BC9DF2ED123F0B833E0F,SHA256=229607665E3ED88042B300821FF3ECBE1053356D791279252F978F226AF495E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064687Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.348{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\crashers\infinite_loop_re.pyMD5=8E56617CDA5565E1A7B375D008A3D422,SHA256=FF29B55522A453FEF9CCC6175DA1AA9191DBB9C0479EC1914E05AA2FBC60EE57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064686Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.348{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\crashers\gc_inspection.pyMD5=521E8297012873C2F36E58303F52A0F1,SHA256=3975BF2865308FF9AE2C894C3A88B38F0613E63925886945C58FAB4EA2509861,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064685Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.332{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190208-200334-00000003-ffffffff.binMD5=91D4227A222C23908BE785D97A9C4E30,SHA256=87F18573BBED835B4B008261EBC4931D9C335998A16F8CA7A3676AF8B0A6B042,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064684Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.332{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\crashers\bogus_code_obj.pyMD5=434F8A1AB0697B40ABA0F0D43F3C7449,SHA256=B9769EDBDD912EE8E3BD4D5806C9A3919A82E5E7EA311435ED396D77518E8431,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064683Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.332{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190208-050816-00000003-ffffffff.binMD5=7945F80DE444A84608D04B14D6E56487,SHA256=BB758FE02CB002C6B03E2DDFD236E8B886EE5EC6264C8AF67A3C20C284A13C54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064682Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.332{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\coding20731.pyMD5=8CEA5AFC2E5FC2C2ECF0872B40C7DCE3,SHA256=798AAE7206B2A921C09F0754F215D0D809180F08413F87D77F82908EDA01968C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064681Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.332{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cmath_testcases.TXT2022-01-17 14:25:12.000 23542300x800000000000000064680Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.332{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cmath_testcases.txtMD5=EA09443204AE238A96BF49023FDC4617,SHA256=7177B8C88AFDF8D8FA1E652A6EA23898D801F52AC466467B22FA7A0F7B3B48E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064679Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.316{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190208-042526-00000003-ffffffff.binMD5=5BE91A0BA2DF4FA32A07AFBA5F98872D,SHA256=7861BDE65EAE106B446AAF0395598A2A7D981508F65B91E4BBB686FEA75D453E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064678Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.316{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\shift_jisx0213.TXT2022-01-17 14:25:12.000 23542300x800000000000000064677Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.316{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\shift_jisx0213.txtMD5=AE2A41DEDDF5D7E60B4F75455E30DDDC,SHA256=0BEE94BA2D980EAC331C16AF1F6EA7583260DAD3E592E5A263209AAB26C821A9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064676Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.316{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\shift_jisx0213-utf8.TXT2022-01-17 14:25:12.000 23542300x800000000000000064675Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.316{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\shift_jisx0213-utf8.txtMD5=856E0CEBAE566258F572E27AEDCBF34D,SHA256=21CB011018B58C87F2C824E08085D24F9379244BCDE6FBB6B46DA2F6431540C7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064674Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.301{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\shift_jis.TXT2022-01-17 14:25:12.000 23542300x800000000000000064673Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.301{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\shift_jis.txtMD5=0BE1C668CE944B8CBBF4D55D327447CD,SHA256=73CDABEBFB92B4EAF6B8AF8442953DA1041FA8141A0513279B8DF215879D4246,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064672Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.301{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\shift_jis-utf8.TXT2022-01-17 14:25:12.000 23542300x800000000000000064671Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.301{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\shift_jis-utf8.txtMD5=CC34BCC252D8014250B2FBC0A7880EAD,SHA256=A6BBFB8ECB911D13581F7713391F8C0CEEA1EDD41537FDB300BBB4D62DD72E9B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064670Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.285{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\johab.TXT2022-01-17 14:25:12.000 23542300x800000000000000064669Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.285{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\johab.txtMD5=9257C9029DFF82F8186D9C10FE0CF739,SHA256=972DE213C408D10C381F44FEC786787844141C7590506E001452E8E25F262BE8,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064668Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.284{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\johab-utf8.TXT2022-01-17 14:25:12.000 23542300x800000000000000064667Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.283{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\johab-utf8.txtMD5=4AD57DC71CD0710481E757484C6D1197,SHA256=175E984C0C7BD073F037B0AAA6DF4D8AADACB6F1B8898484A567B5E70F5A5837,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064666Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\iso2022_kr.TXT2022-01-17 14:25:12.000 23542300x800000000000000064665Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\iso2022_kr.txtMD5=91EC3909D2074103DA3FC3A5A71C8FED,SHA256=08255F32EEA017D306E286D9E6DB090A05D26F0088719B122209819B6F73396D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064664Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\iso2022_kr-utf8.TXT2022-01-17 14:25:12.000 23542300x800000000000000064663Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\iso2022_kr-utf8.txtMD5=4E84C3DE668479B44178EF915617A250,SHA256=78099B6154509CE59732B68A909EF7DC465724F68B184383CE2400642E6501D5,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064662Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\iso2022_jp.TXT2022-01-17 14:25:12.000 23542300x800000000000000064661Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\iso2022_jp.txtMD5=07175BDABD0BAFCF56DDAF996F9FB56C,SHA256=4FD472CF3011F3F9D3B072EAC5592B4C58C7895ED2C41763590258EE8551EF7A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064660Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\iso2022_jp-utf8.TXT2022-01-17 14:25:12.000 23542300x800000000000000064659Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\iso2022_jp-utf8.txtMD5=CC34BCC252D8014250B2FBC0A7880EAD,SHA256=A6BBFB8ECB911D13581F7713391F8C0CEEA1EDD41537FDB300BBB4D62DD72E9B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064658Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.248{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\hz.TXT2022-01-17 14:25:12.000 23542300x800000000000000064657Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.248{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\hz.txtMD5=A88DF5E936466DE8045D6BED4CCD802B,SHA256=832D96C16368E74F1615D025CC296472CFF2507B0F0824959EF98F86FD677637,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064656Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.248{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\hz-utf8.TXT2022-01-17 14:25:12.000 23542300x800000000000000064655Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.248{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\hz-utf8.txtMD5=4CCF2974AB0E33E62ACDE809E868EB1F,SHA256=1FE0A36192EF7643ADB06B14979E006C17834874E7DF605D915E549E3025E8AE,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064654Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.248{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\gbk.TXT2022-01-17 14:25:12.000 23542300x800000000000000064653Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.248{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\gbk.txtMD5=7654AB650A6062CE04BF414EECE4EB27,SHA256=B91E1C1C38B7150CBC174A2F0C06BD1D60A411222D09E21927254B7A86103948,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064652Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.248{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\gbk-utf8.TXT2022-01-17 14:25:12.000 23542300x800000000000000064651Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.248{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\gbk-utf8.txtMD5=02E5888560EE37D0393906435E768B70,SHA256=47112543ABE89682D8CCD47E7FEDB25447A4C5133F8DB313772AB6ED87729371,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064650Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.232{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\gb2312.TXT2022-01-17 14:25:12.000 23542300x800000000000000064649Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.232{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\gb2312.txtMD5=92F0222A8CB4145D0FF1914543F4B450,SHA256=6E4CEB607215FF447544CB0D785493E1E855852F874AF7C67D8E8AFE859F5395,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064648Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.232{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\gb2312-utf8.TXT2022-01-17 14:25:12.000 23542300x800000000000000064647Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.232{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\gb2312-utf8.txtMD5=6BF152CE10F171A92498A876DFF924B3,SHA256=3624859618C952810487E41736753CF32F4570DC6248FDA1091771F56019A3F9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064646Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.232{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\gb18030.TXT2022-01-17 14:25:12.000 23542300x800000000000000064645Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.232{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\gb18030.txtMD5=F8469BF751A9239A1038217E69D82532,SHA256=E4DE892443028C3F230AB37E0C658F5BD0246B07147005580C2904B733ECF4FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064644Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.232{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190208-033846-00000003-ffffffff.binMD5=2C6CF1415221E495320B2C32570A5ECF,SHA256=093034F3867C6463620218F78E3B2714F0BBC523F68C9741F6C169BBD7E4A7CE,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064643Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.232{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\gb18030-utf8.TXT2022-01-17 14:25:12.000 23542300x800000000000000064642Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.217{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\gb18030-utf8.txtMD5=4B7DA9734477DC2C192F5B18904EF8EE,SHA256=97D18CE1D42DA357521F5AF5803816D3C4BADE38950F69CFF512A236F763585B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064641Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.217{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\euc_kr.TXT2022-01-17 14:25:12.000 23542300x800000000000000064640Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.217{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190208-033635-00000003-ffffffff.binMD5=FC258EFB6E9253EA07498A55C1327F1D,SHA256=BAC6FA4595F949D507D655888F6BA0128B216C5FAE014BF4F6DAF566F29BD49D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064639Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.217{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\euc_kr.txtMD5=861860A2856CE076043EFF83CB0822BA,SHA256=5BC47B4BC6D60577CA938DA25B3AE68271DE889B383B4CFBAC55D8E41D476390,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064638Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.217{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\euc_kr-utf8.TXT2022-01-17 14:25:12.000 23542300x800000000000000064637Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.217{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\euc_kr-utf8.txtMD5=D0CB1CCBBE2DC24FB0B1CDF0CE62E08A,SHA256=094A6A62ABF390C3376E5ED6515082BBCD70C2A6CB335A9F0378A1222D08F7D2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064636Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.201{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\euc_jp.TXT2022-01-17 14:25:12.000 23542300x800000000000000064635Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.201{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\euc_jp.txtMD5=5635F33A1B96B028532BE06BEF90364B,SHA256=BA0998B7A6A1B2FC45F847DBEA1D2F9DC889104832B0042B5EBE335E677EFD30,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064634Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.201{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\euc_jp-utf8.TXT2022-01-17 14:25:12.000 23542300x800000000000000064633Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.201{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\euc_jp-utf8.txtMD5=CC34BCC252D8014250B2FBC0A7880EAD,SHA256=A6BBFB8ECB911D13581F7713391F8C0CEEA1EDD41537FDB300BBB4D62DD72E9B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064632Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.201{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\euc_jisx0213.TXT2022-01-17 14:25:12.000 23542300x800000000000000064631Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.201{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\euc_jisx0213.txtMD5=0E10E0A54F6CBAC570BCDF1F875C52CD,SHA256=C27282FD2AE5688BE2831FD6C76AAFFB7A7577026DE0FD2BB8D41326DACB2E7A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064630Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.201{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\euc_jisx0213-utf8.TXT2022-01-17 14:25:12.000 23542300x800000000000000064629Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.201{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\euc_jisx0213-utf8.txtMD5=856E0CEBAE566258F572E27AEDCBF34D,SHA256=21CB011018B58C87F2C824E08085D24F9379244BCDE6FBB6B46DA2F6431540C7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064628Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.201{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\cp949.TXT2022-01-17 14:25:12.000 23542300x800000000000000064627Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.201{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\cp949.txtMD5=049611C47886D6414ED6D8409262EB0D,SHA256=C9AEF9D40B86C56D54DB8D1C6B229322D74B3F761C31809DD8A76CB9D1A98008,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064626Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.185{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\cp949-utf8.TXT2022-01-17 14:25:12.000 23542300x800000000000000064625Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.185{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\cp949-utf8.txtMD5=4AD57DC71CD0710481E757484C6D1197,SHA256=175E984C0C7BD073F037B0AAA6DF4D8AADACB6F1B8898484A567B5E70F5A5837,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064624Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.185{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\big5hkscs.TXT2022-01-17 14:25:12.000 23542300x800000000000000064623Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.185{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\big5hkscs.txtMD5=30B7E707A0F18AAFF334E6BDF362EDF5,SHA256=20F803A24C94538A7F05049A0E848CC3D6C5617253F7E9B3D5381CBA4C898BBD,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064622Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.185{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\big5hkscs-utf8.TXT2022-01-17 14:25:12.000 23542300x800000000000000064621Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.185{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\big5hkscs-utf8.txtMD5=B0BDE782637B1E11AF62A0E18D78584B,SHA256=D00F4861F1EB15BACE0E9F19D9975F52B2B2153E6DC7111717965332F3371872,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064620Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.185{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190208-032656-00000003-ffffffff.binMD5=33F686A76F1902EF80B6BA1AABA768A8,SHA256=2EF0A142151C144039CD6854DE8DD225BEDBD509FA832EFFD38F69F053795C4A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064619Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.185{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\big5.TXT2022-01-17 14:25:12.000 23542300x800000000000000064618Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.185{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\big5.txtMD5=A206C461CED6A68EFA72FADD87F14553,SHA256=43C21B213B1FC167B642AF992768AC2249680E57247FF539999D9060094342D7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064617Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.163{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\big5-utf8.TXT2022-01-17 14:25:12.000 23542300x800000000000000064616Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.163{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\cjkencodings\big5-utf8.txtMD5=5EC097E28189F3C371C7A088052B1138,SHA256=B4F0B58A20FD68347CCB827E7A62C688E3710572B97FF19AD48A07B186AF2EC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064615Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.116{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\bisect_cmd.pyMD5=56CC293125E4F783C50B147F71F0B5B8,SHA256=35B899C9D42273146D24AD51925213B843032D4255154020174152045EFF2862,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064614Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.116{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\bad_getattr3.pyMD5=60A7647DC0E9A127BF275EFA7AA98FD3,SHA256=1576C13103359894206633C2F888401F0460D45502C2C2447D3B3B3975DCFDA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064613Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.116{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\bad_getattr2.pyMD5=5AF93D61AB5ED5C45B00908E2799C79A,SHA256=10B01EAD4D1EFF2B0A50DBA5C4158E94C7CFC07E8C4241322CB2A1568BACCEB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064612Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.116{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\bad_getattr.pyMD5=DFE574AB7A2376AB8041AB43A8CC14FD,SHA256=2A49A154D84E42AF00ED8708C1372AC802089B3440BE003EB235A8EB92C5BA17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064611Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.101{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\bad_coding2.pyMD5=063F96B8555C5129E16DB14E15071448,SHA256=6EE3A4A2518FFADE55228D27FEECD9BB891CE973FDA8DA510E4A7BD2EBC476CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064610Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.101{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\bad_coding.pyMD5=22CC72E6552E2BD4D5168010EA1E7B94,SHA256=B80833EF32924A90EEE9D18453D2238ACED60B083F0E8CC084FD3B0C986D23A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064609Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.101{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\badsyntax_pep3120.pyMD5=0D7955C3594C206C6F1D559E3C908BAD,SHA256=520450673E1171926BFF8780D8801AF758BDCC4FB7C19B1D005586745ECF4251,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064608Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.101{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\badsyntax_future9.pyMD5=33B0A9C76D9151FDE986E9B5A1FB3015,SHA256=EF5F22949BC4DEB5F8C2949481E44ED64AD3A1D4D896737AEDB5BD1AD9E2B31C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064607Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.085{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\badsyntax_future8.pyMD5=E73497F56B02A7953415A088C90418E6,SHA256=5B458D5E01D4592D39BF105AABEFABF746F6AB3AE72F6AA8A806C2CE53BDE256,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064606Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.085{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\badsyntax_future7.pyMD5=563C7C37AA188C87E3508C3E849F5947,SHA256=A3EDAB0824F99623EB90E632ABA51B247DEC34932848CD30C7A4BEDD3E1E225D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064605Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.085{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\badsyntax_future6.pyMD5=48E8880AEF8385CF50758F5E38B91C22,SHA256=F2C4F73E1E41BE2F3D826DB5621823F02A3B9D7B7CD91E4FB110B65B02C7B8DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064604Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.085{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\badsyntax_future5.pyMD5=A9B1C8E3CBB76E6A3E4818901BB41AA6,SHA256=103108B176A6F4FFEEDC85BB9D4DA8C373EF51D6B8475BA2E454646D8F8DEF98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064603Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.085{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\badsyntax_future4.pyMD5=FF8DC16642E22BEA4AB453B926DB450B,SHA256=58AD8698F61CE472D1D16436F2D6F9E725CFAF32C2494196E0CF6CD33DD1D80D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064602Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.085{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\badsyntax_future3.pyMD5=7398BE6774F3F37A93EAB96CDB731476,SHA256=CDAA79CCFEF3547C5DF54F8D98F697E870061DA5D07F6058AE2C163FE7FCC79A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064601Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.083{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\badsyntax_future10.pyMD5=4DBD4F969BA5F49CD85A2077E28076F6,SHA256=4AE3B2663A2301364B9B7AEA38FFF3E805FBF128C8ED6E1A710BD8AECD006BB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064600Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.081{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\badsyntax_3131.pyMD5=72E39EB3810F6BF7EA13DE4F9875EC57,SHA256=53AD4D723BE19E3FE2A9E4D14E7D4D74A21DA1418864D9F464CB4FC29772A46F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064599Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.063{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\badkey.pemMD5=598EA3255FB276209072332552903ED8,SHA256=FBE10C0C7D282E3136341735AA4A5716F2C32133828BCA64F700C572D7492550,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064598Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.063{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\badcert.pemMD5=170555A84120985BEF1AFA430A90C465,SHA256=0EBA5399FEE276A0834E1488637ED1BF611CA1E28DA39F2ABC6EDB2C59D6C4C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064597Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.063{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\autotest.pyMD5=C9FCF92C3871732DACA1B46357BAAE16,SHA256=FC3ED08004A23760E39194633EF24DF4AA0321272020249B24BF0A2795D9A708,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064596Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.063{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\audit-tests.pyMD5=5A73BE74E8ED22638B6888C2FF3013B1,SHA256=AB81D646C9D03610664BDCCCAC40C5951E17AE62A0F4E21A976382E2C92AF46F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064595Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.048{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\audiotests.pyMD5=800360F97D4314D23A9EF4D4F4E42A5A,SHA256=DF21F36BF884AAA3918B15C89F6C3DA324F1E63DB6B8E9CF37F0B3EC604853B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064594Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.048{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\ann_module6.pyMD5=FA570448C64D13B8C6D89F99BE455C03,SHA256=CDAB6365C850DC2B300A7E64B971D674E42B9CC111CAAB43EA9C2E6EE7E7CE8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064593Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.032{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\ann_module5.pyMD5=505D07DCD0BA5E313826F59F06DC8F7F,SHA256=FBFD530CBE90DE4CBF028E856E9223D9689D213D2580903E231273D8FE8D294F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064592Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.017{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\ann_module4.pyMD5=7CBFB25032C9842095593139C3397F82,SHA256=F9D409614671050377E72A2EBA86D1A4CB450EBFA81DB5ED0359B92DEE021505,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064591Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.017{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\ann_module3.pyMD5=12AEF11108F40668F254F7FCDA1BA7D6,SHA256=E8E95AAAB3F92E638482193779F0DEC543B1A8BE2203BE48370809E5BE441D6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065168Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.988{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_global.pyMD5=F44CDCD3358922C6A1B7F75AFC3CC3AE,SHA256=790C70050F12B2311759DC37A9A4B8DEE8F4D3324360EC4A15B28EBF481C3838,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065167Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.988{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_glob.pyMD5=0A211E7CFA5220562918EF377D648947,SHA256=932CC6BD44C2F8294539C5277330A6EFD03A3DF261AAF51AB1122DA6AF7ECB42,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065166Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.988{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_gettext.pyMD5=CCFAC7C0512B8EA62635D7B6EBA266A6,SHA256=0E7C71EFA8A2D30CAE9A7B7873A2BB881C0BD60317F0FAA0A707AEC6A8077743,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065165Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.988{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_getpass.pyMD5=21E1CC3504B6BBE3591D8FDF3E831878,SHA256=E2B84283A34F07EF7B6ED0151395DF8F48E0EF75F0749E2DA55C820A90119934,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065164Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.987{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_getopt.pyMD5=9EEE81CE733D51C738A7C11D75E0E2AF,SHA256=E97DF75E6970BE6B40F9CC14C8A020A39A297D17375DD50ED6312BED5B4BA546,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065163Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.984{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_getargs2.pyMD5=4B444F553CDD6A91BFC679B5F2896167,SHA256=CD5EF33A5A10BED643754B773F8647AE8ACCE6885DA008E06379D804C8C19CEB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065162Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.967{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_genexps.pyMD5=76FF36472E1B6D6BE2EB517942BECA80,SHA256=D4D3484CB6B88910ADFF8331C23D130E43D331556BD3807DD8F9F255AEB97B7B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065161Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.967{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_genericpath.pyMD5=CB4CB7710E3B21749A0E0B4251A7FE91,SHA256=823C3C97545CA10C7BB2BAE4901A9D7C5AAB538B7D693246E39A6D91625C82A7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065160Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.967{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_genericclass.pyMD5=EBC1657B3DBDAB04AF82E52234FEBF51,SHA256=319B190B0FA2BCB90A9B7B8B6F2DEE23C74FAA515FBBD32D617DB7F1F6C230EC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065159Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.967{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_genericalias.pyMD5=E8BE566ECB527ECA9B40107B690E3954,SHA256=1E8D3594281FA3F1E561E1E14BAFCEC494463534128AD433DC2773F62DAF0EEA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065158Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.967{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_generator_stop.pyMD5=EA743454F62AF947C093FEC3B72334C1,SHA256=FFB296D249EF3CB3598D2960CA961C8ECFE528FE0E867A288E738C5FE9A5CE5E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065157Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.967{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_generators.pyMD5=E1580A4C0DD41D0AD8A0829840FD560D,SHA256=5282E09F31EE9C23B6C35CE8BC670FC9A097A09BB2C61CCECAA5F5A712E2BB75,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065156Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.951{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_gdb.pyMD5=B2E0DFB1A728025D59A73666D8E71E92,SHA256=CEA557C08A0EA7D5332893D73563B6D392F3CA50E4E53D00BB06D9F7E60BE982,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065155Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.951{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_gc.pyMD5=3E170DE1DDEE99DF0A284E0DA368B4EB,SHA256=5CF305164D7E6E4927135F9063624D569E1A767420E0D7C8575C375E1C8583D1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065154Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.951{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_future5.pyMD5=6E0B5075DD311EF6586D542AE35C071C,SHA256=4AC9C1E6A87A495D5B4347CCE24120E9FB8D8DDEECC909B318A2900FC89071E0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065153Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.935{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_future4.pyMD5=17A4F8C7FC570D028021466703234EE3,SHA256=A1D3F3C7BCB78F2B99DC2CA02BE3D778BF83AE9CD79C4E57462C568E97782E58,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065152Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.935{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_future3.pyMD5=39F2A6074CF94B1B2F9498CDB985BCDA,SHA256=AE5E6D39C7A1F6430EDA0B446438C6461E9AFA28E8FB2B7069EB16B596209838,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065151Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.935{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_future.pyMD5=A1E32D10927A1FF9ABA519A62B0608FC,SHA256=A2A82BBD4EC77DDAFFB422DA3E7133F7E90BA0F38AB9D72E015E448933102F61,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065150Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.935{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_functools.pyMD5=189CC70F51D9CDF4D28D8C7FA3CAE48A,SHA256=FFBB57A24AD91F31921D719C50A50CE1824398008D2092C849A9906BBDA6BAD4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065149Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.935{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_funcattrs.pyMD5=33952A0887FFDF0CD2B352AA2A1A6FE5,SHA256=EBFFFA3CF7B61A52875135520C3229BC356762E18200CB990996971590879C96,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065148Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.920{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_ftplib.pyMD5=F6F232976D7D0410732051E9A2E0694E,SHA256=ABD20A246223AE2125C7DF0133DB8297E56A477468FF05634384659F4272E463,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065147Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.920{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_fstring.pyMD5=25E0332BED26EFCDAE15DBEF70A15CEB,SHA256=64EB8929D0A0EA9A74C49AF1C6BFC1FB6A1246240B8754E244BDF6EE074E5C22,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065146Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.920{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_frozen.pyMD5=C330A6BC88F9EA39B6B3887231A06B6C,SHA256=9ADC8C8606341232A9C87345EA9FFB43CA2C5552FF45058E0A209B288EFB1893,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065145Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.920{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_frame.pyMD5=F48FA9AC7D9EC0BAD0302C7C914FA789,SHA256=BBA774F02A8D25DABC34908A5C4C792091F8E3C4ADBB5E2AFE42B023AA9174C8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065144Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.920{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_fractions.pyMD5=F7F889182B8FAD6FF7A060299BCDED47,SHA256=139B14CA002E598E56C70BAE49ED46D7D36D3ACD82DB5881B7010E0391284110,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065143Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.904{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_format.pyMD5=316ABCA8339B9B35A342295DBBB3EC99,SHA256=12A4A1BFE6027E94885F3BDDF401711B79659B750D1B2F0EC35714AD2F90252E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065142Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.904{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_fork1.pyMD5=126D296F57D6364A8B2B589B5D0D5E0D,SHA256=F8C180476043D99E3548E5F46B6A714547B7FC22979147EE418220E98EE9203E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065141Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.904{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_fnmatch.pyMD5=1F2A1E4C116EF9408AEE95279E323386,SHA256=6A912316569FE2D348E5D222A10C8F89F865D20409C888F4EFE5CEA847927488,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065140Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.904{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_flufl.pyMD5=1BB01176010F4506342780C911801AB0,SHA256=1F88C7C92F6E1A50D0D4E72452F8108A5CAF7E2D1D1C4422ECACFD8640775DCA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065139Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.904{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_float.pyMD5=D841E8B794580141F17C8C5D56BF708A,SHA256=FFE183542E6FC47FA33EB1EBDBA458403AE656B1CC41F580143B8DE23E8155F4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065138Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.889{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_finalization.pyMD5=B64C5197A2B13F2033B7292DFC2D76BB,SHA256=A2C090F0DB16F531BA12E854E48B3D5882532568AF0E285E86D5D553F43B093B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065137Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.889{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_file_eintr.pyMD5=8A22FDF266BF9E0984FBDC14668CE57B,SHA256=63A5BB3FD114502C7E06263839FC41840B147F7314FB342F9BA0991E861FFD10,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065136Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.889{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_fileio.pyMD5=80B5EBAE8B8D1FE22F27C82A3773EEAC,SHA256=9AEF3E9AEB1C260267047E54C3BD3061CC47121FD256F56F849F4970304EDBF7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065135Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.889{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_fileinput.pyMD5=F104CCD976CFCD36000D047C2714B666,SHA256=5B4DF2672ECBECDC3BA446180D5022402B2C82C1FA23C3981B42598F70E34E7A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065134Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.889{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_filecmp.pyMD5=CF32F7E3846EEEE85E9403D2256CB0BB,SHA256=E98C0B1D2921110270A4E87BCCF97E7916CD599A52A9D235E06A9F4946E43D5A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065133Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.888{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_file.pyMD5=ED53B5CDB0854993D9170B5AC7E36AFE,SHA256=5A67CADDCF92F79E499B94109F5DEA2207B5D4C65AB783111FE7574D9390FC7A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065132Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.886{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_fcntl.pyMD5=6D4B31D9639381B5180DD2358F92B00C,SHA256=287964ADFDFE4FF8643E6876FC6F327D4A61775D38F701AD4F4314CC528215D4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065131Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.867{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_faulthandler.pyMD5=5FCA4A6558375BB9AE1E1296239896C0,SHA256=0306AC3E0BB8C16FB44E838F2B51A329ACDC7DC503EE7DDECA004C211198E144,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065130Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.867{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_extcall.pyMD5=403021265E894BE2D1F2A96FAB2F5BB9,SHA256=38275948348A83AB8723AFA1F662AE1B9C48FF24ADEA2AFF160EBDBAA7044187,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065129Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.867{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_exception_variations.pyMD5=AA5782EDDE799673FDB9C7617C757BBF,SHA256=BE4DDEF0443D6824C2A877BA4C46094FACD98D5DA0987896E1EB71ACB8AA9EF5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065128Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.867{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_exception_hierarchy.pyMD5=1E0C9FD9F7E2DD1E159A39058AA60582,SHA256=4434B45A1933586734C1814351AF51808AB576DC7E3C0A0557043ED13109B056,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065127Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.851{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_exceptions.pyMD5=631EAC03B37F0FE0463414EC01326031,SHA256=994E6A2920F766E495D202891D8A3500BA6189B2FFA5CE55DB18FCD678B2E858,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065126Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.851{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_errno.pyMD5=4EA98781238A653D127B77594D2CBD2C,SHA256=831499640EFAF6243C79C596922E5B05B52C5815DFCFF42CCE2972E44EAA8DDA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065125Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.851{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_epoll.pyMD5=A24BEFD8F3CF8A2B0FC77732752C4E48,SHA256=37483DF14AF03201D02DB1039B6AA43F5D1E614F485464DC5374CD4DE5548DEA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065124Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.835{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_eof.pyMD5=0260E5AE82D16BC370DA65363C7AF5CA,SHA256=4ED0FF9348F16E139B7D92AB158A7E2F386F0EC6DE485FF2CE037A5D081B75E5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065123Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.835{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_enumerate.pyMD5=B50C6496AB168B1DA211A6AD3CC24FC1,SHA256=0C28EC7322C9A1A528282C1828096001326AF53E4C746A6C0B324B8CB1F51C8A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065122Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.835{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_enum.pyMD5=5285C2C9575A5C97BB0AA41DAF93533B,SHA256=C14F859609180FE988056CBB49B0EEB4440AA9E23CDCC9A9CDF566FC795E67EC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065121Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.835{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_ensurepip.pyMD5=2495E07CDE3F448364950655CC632E2F,SHA256=2C298C5CB4394BE61912EB2FFEECFCE043869874AB7F8BF51D743A5088C76BD8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065120Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.835{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_embed.pyMD5=88E558F63A2A1E9AF39FD622F6E31771,SHA256=0BF3660B62ED51181B271A5135CD2C99104B4BF2D08681CED7B43396B37579AE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065119Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.820{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\__main__.pyMD5=2459415A0324C5778B5A5BB88D221C53,SHA256=AE3218E34FDE4550769524F18B7B1F225188E4A6BF0299815111A322012E08B2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065118Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.820{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\__init__.pyMD5=051ADE2DCDD190684C95F917F6DE8C80,SHA256=CB15FE20514060DBEA34B5AC8D2D11D726E0615B3A35839C03B8F25EB8CDE900,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065117Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.820{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\torture_test.pyMD5=BDD8ED7540C4607B533003AA9459DECB,SHA256=1A32CC4B7679481B74DBC7B0A8F3B87FE0CCC789E3EBDFA7D6452754753DAC6B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065116Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.820{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\test__header_value_parser.pyMD5=4E2878B6BFD82449EF9713244F46AB68,SHA256=EB4DC6026BFB4A59C06793F570C7E03E72D2707448278EDEC598FF7CF4F0EC06,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065115Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.820{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\test__encoded_words.pyMD5=57F1AB9AACE4550EAB261AB50B9143DE,SHA256=BB1A896B3C674873DAEACE7FD8250A510D2DEA783458A31417C3EA882034ECD1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065114Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.820{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\test_utils.pyMD5=A10740FC508991ECED83F6F86C58EE3F,SHA256=955DFF92ACDB4B33844C067CB42F2319EB05142BAF4989B882C6DB5E30B09CE9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065113Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.804{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\test_policy.pyMD5=CAF53328390C71941C5E307DC1E52DFD,SHA256=1CE37A55D84ED0E5BE4622B52724B1C43622615313FFFEFD4B6E82608AD3319C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065112Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.804{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\test_pickleable.pyMD5=7E240C245760E68C65D29D6BC7AC34C7,SHA256=0525E835D51486EE077AF6937F64240ED3B32F70A3EF7B0C0839473D70710219,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065111Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.804{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\test_parser.pyMD5=3543726330B486C74C93199C611E489C,SHA256=FC971102CA2C2117C559953CC9853B599CF0D733FD79AFD31BCB4746B60CD1E2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065110Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.804{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\test_message.pyMD5=DA11A32C12D505500A4AD2F561B59117,SHA256=9D5A9854062CCE2FDD5EE9FCEF367386FA0A523FD2CDF5A2819142C21638DD09,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065109Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.804{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\test_inversion.pyMD5=3A01DE99E4221C58AB58FCB1AFCEDC6B,SHA256=834D8A825F6258132F9C33FBAF8C1CA2589AC49C93A3025BC24F43E99EE31464,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065108Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.788{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\test_headerregistry.pyMD5=DB403CB5A2608B1F99D928630844AE9B,SHA256=2F9042A3CD2630D9FC986EC66FC839FD7F2D612D8E7DCF284C41E4BDF0F0D990,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065107Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.788{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190426-052804-00000003-ffffffff.binMD5=E0C6FEE9262AB01FFABCD3C687C099B8,SHA256=8B86B99622ED68FE7FC57CAB9CB4B90E5CDB58668ECACE4F52D2D85CA859053E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065106Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.788{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\test_generator.pyMD5=0EACD2EB51407715AF42DD0C0DAB80A1,SHA256=86B75AAD5C76AACAE6EBCF2065A500A846C2DD45FD266D7A90CC8D31D42E332E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065105Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.788{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\test_email.pyMD5=F64F13F90B34DAD2D1188CC250F77E34,SHA256=7743CDA675266D0317FCFB9DE0DE3B7486C82FEBC8E849FAA8C403EB54BF8D57,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065104Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.788{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190421-065648-00000003-ffffffff.binMD5=DCF5F52BF88528BA5D7A34A8A0BFB264,SHA256=6E086B1F4E5C1DB3391B39FD7EB181CEC9BA963CD2F613A24FB4C13FD56A27BE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065103Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.788{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\test_defect_handling.pyMD5=6C374271660768942318209AC09461E7,SHA256=C5CFE92D93FB34F99934A1B0F13F55923D5459D88BCB680753007DB6378AF7AC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065102Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.787{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8DA9B44FAE644E56756D139F4C2CE3BF,SHA256=365D4DDEE9C6A965D13ED9A1024553885DE49D05B45C1489AABA484FE47FABF8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065101Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.785{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\test_contentmanager.pyMD5=3AC1A2E95BADCA18AB1A101F62FFD04E,SHA256=41C87784061F784AFBAA261A168008DE1C370F97956F5B9B8D3282E4C191CC27,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065100Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.767{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\test_asian_codecs.pyMD5=23EA233D656D3E667E2586DA0AC88825,SHA256=F0ADF2E2C6A07072294F6F47DB3515CB6A20085D0C716714D410E50C6BC6AE1F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065099Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.767{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\PyBanner048.gifMD5=D36AF1EC9B66BB61A728702FD39EA0A4,SHA256=F590CBC7C830731B68B55CA1B1EA11818B5AFA3566537440A17017296578DAE9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065098Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.767{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_46.txt2022-01-17 14:25:12.000 23542300x800000000000000065097Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.767{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_46.txtMD5=748DE2ED8D11473C03E05ED3ACF871FC,SHA256=D92E941BE30507B7DD5976F4223F9D01998F1E73262E900E0ED002B0F53DC4B7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065096Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.767{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_45.txt2022-01-17 14:25:12.000 23542300x800000000000000065095Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.767{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_45.txtMD5=0DC555B1792A3599B3236527FD96F5DD,SHA256=B98E4E0C90037146F2B5D3CBB9E43CB419F36385CFD7A4567FD509EF00EC53CB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065094Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.767{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_44.txt2022-01-17 14:25:12.000 23542300x800000000000000065093Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.767{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_44.txtMD5=EADD8B8B81A7F600A4DFB74E2AF80DF0,SHA256=67F41BD0B0AC605C5431AD8C658C0C8E3C5D766EAC8FBB81D51132F9FB818BFC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065092Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.752{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_43.txt2022-01-17 14:25:12.000 23542300x800000000000000065091Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.752{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_43.txtMD5=93992F3BEBC941E5C45A95FFB6A29799,SHA256=045797FF45987136A2A5712F8F8310710E0944E4B4547BAB2DC99933EDD1BC9A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065090Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.752{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_42.txt2022-01-17 14:25:12.000 23542300x800000000000000065089Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.752{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_42.txtMD5=E316BD8CE0B291CD97997BD0AD6CE2F1,SHA256=E2305D3CD3097FF4FA587D2C2BECFEB700D3D340EEF0F3B701FF78B0F0EC898C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065088Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.752{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_41.txt2022-01-17 14:25:12.000 23542300x800000000000000065087Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.752{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_41.txtMD5=1111F57890BC01C3384752E0E37CE55C,SHA256=F95478516949AB993D14634219A6F62A4470F46CCBDF434D9A2C5526FB0263E9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065086Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.752{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_40.txt2022-01-17 14:25:12.000 23542300x800000000000000065085Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.752{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_40.txtMD5=27E880E1FBF80075FF676B76CAC6DF50,SHA256=D59F6E422B9AD6163924BC1FB70AE8B697A11282D5B32B02708B40CB9A7D82EE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065084Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.735{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_39.txt2022-01-17 14:25:12.000 23542300x800000000000000065083Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.735{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_39.txtMD5=D9DDE09EED5A496788688F0652A96CFB,SHA256=5B3F5E5EAAB13CA96387DD517A8864C25FCBBBC0DFFD0F8580F07B30EC8E1DFF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065082Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.735{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_38.txt2022-01-17 14:25:12.000 23542300x800000000000000065081Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.735{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_38.txtMD5=CEC2AE10906E99DD30EB09C65FFB0AF3,SHA256=0107D3183911047EC758A69BEC7E24EDBA03838C00331C5004208D850BD57747,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065080Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.735{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_37.txt2022-01-17 14:25:12.000 23542300x800000000000000065079Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.735{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_37.txtMD5=F56F272721A1CFDB0E86D6D3E0827CE2,SHA256=98B9EE99D099269D838A12B6FA3B0AF725565418EC1FEDD8A522ACCCC0DF88DE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065078Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.735{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_36.txt2022-01-17 14:25:12.000 23542300x800000000000000065077Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.735{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_36.txtMD5=290C6739A56AE65E542C8781CD79EBE6,SHA256=79E4CB253305C42E22D5631BED2D57E795A70D0356D0C04E3AC395AB73051C52,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065076Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.735{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_35.txt2022-01-17 14:25:12.000 23542300x800000000000000065075Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.735{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_35.txtMD5=BC81D0F30D8C07E9201354C6EA2DBDBD,SHA256=3E4D25CC162E76FD6C5CC50BA26DFC4E71AEDBC34F08AC850EFBF934AB3C7AB1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065074Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.722{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_34.txt2022-01-17 14:25:12.000 23542300x800000000000000065073Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.722{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_34.txtMD5=924961579F14D1D54257745C7042E8EF,SHA256=F1EFCD32A4B669ED5EED317926A11646C05922FC49B815568EF2C3858D5BEC27,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065072Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.722{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_33.txt2022-01-17 14:25:12.000 23542300x800000000000000065071Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.722{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_33.txtMD5=8170E05C633DA34CD445541BE5AE53DE,SHA256=CC35E6CC84C00EB7D5E2BDF9CEB8977EB94C2BCC1630EA93C6C4B82381406DAD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065070Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.705{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_32.txt2022-01-17 14:25:12.000 23542300x800000000000000065069Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.705{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_32.txtMD5=D89A98399941E974920032491CD69886,SHA256=B41254E201645EECA3D0C9CA84BA7726C8C21B3796C04CBB9E20D8A2B51EE894,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065068Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.705{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_31.txt2022-01-17 14:25:12.000 23542300x800000000000000065067Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.705{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_31.txtMD5=AF049868DB1235193D6F4D4DC9B4F9C4,SHA256=C9D406692BA3573699A2E1F58713CC2E5A65792DF472217AAAF8402DD0C29356,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065066Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.705{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_30.txt2022-01-17 14:25:12.000 23542300x800000000000000065065Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.705{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_30.txtMD5=524238F232F74C03700E03AD8F92E6F3,SHA256=4398E2153AFE488F1D629B4192A2DA8A743B10ED55F3E26ED662BD9E2718D789,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065064Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.705{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_29.txt2022-01-17 14:25:12.000 23542300x800000000000000065063Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.705{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_29.txtMD5=D333DAD6440B4DF4978207A0308E2C72,SHA256=FE19E3503F22DA78A9920C4831A4FA121410FF76430DC10FDD81144DDBDDDB01,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065062Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.688{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_28.txt2022-01-17 14:25:12.000 23542300x800000000000000065061Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.688{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_28.txtMD5=B489861F9C2AA89AE3E44B0D8782D49B,SHA256=C82275D275DC73870A4C8BC4962C1462CB477C6A6323788C591003AB421973D4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065060Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.688{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_27.txt2022-01-17 14:25:12.000 23542300x800000000000000065059Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.688{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_27.txtMD5=ECF907082425783FE2A94AC5B787F5FF,SHA256=3D33F36E79C3406C72AEAC084DF89C84D522FC9953EC3FBB31E8C90F53F87B21,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065058Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.688{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_26.txt2022-01-17 14:25:12.000 23542300x800000000000000065057Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.688{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_26.txtMD5=93FDD6045C0B5E293D7495B58C5F1EF3,SHA256=46C391E25D3F2FA622D5781A27553176648270768435295A235A760BF725752F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065056Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.688{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_25.txt2022-01-17 14:25:12.000 23542300x800000000000000065055Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.688{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_25.txtMD5=B3310F3C4AB013EFF4B0C956F242AB57,SHA256=B6CBF713954D89EB8389B63343D6B8FD261DC6CB652A0AAF93BE5D801ED0B24E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065054Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.688{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_24.txt2022-01-17 14:25:12.000 23542300x800000000000000065053Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.688{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_24.txtMD5=DE3D2C04B4DFD5413C28E0A1E9164526,SHA256=B67EDE3FEDF08CC4FD20C2CCCDEA46F2791F95E0AB991D8CF6C7C66EC81E23C3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065052Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.688{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_23.txt2022-01-17 14:25:12.000 23542300x800000000000000065051Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.688{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_23.txtMD5=DB0E7BF714679A813462266F226F6C21,SHA256=CD0DCFAEB8DC99C4EA418B80BF6C13D4AEA912FC699AA3B30DDAF938BDB62E04,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065050Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.686{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_22.txt2022-01-17 14:25:12.000 23542300x800000000000000065049Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.686{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_22.txtMD5=4D452DC300B431813481E8721760E6EC,SHA256=4367F6EF8398E92DE819CCD8E4938C819C2B24AA08F06CDCC0266BB0EC37EB08,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065048Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.684{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_21.txt2022-01-17 14:25:12.000 23542300x800000000000000065047Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.684{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_21.txtMD5=5E165CE977B0894106A802A1C2701B17,SHA256=395794CDC34731BCE3EA1FF032B1C8BCBC275779325999641C052B771A28D8F9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065046Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.667{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_20.txt2022-01-17 14:25:12.000 23542300x800000000000000065045Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.667{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_20.txtMD5=ABF4778B3C1ECA76B1819C51C954DE80,SHA256=AA9E77F6297E6007745040E9B6A2C2BE3880E25206594582E0CD09EF482EE27A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065044Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.667{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_19.txt2022-01-17 14:25:12.000 23542300x800000000000000065043Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.667{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_19.txtMD5=FBBA32714B398097AAA061975EDDC42B,SHA256=A5A8F44410FB1085689EAAD5A24914E940B0488E0FF2CC3191B972E625522A9E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065042Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.667{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_18.txt2022-01-17 14:25:12.000 23542300x800000000000000065041Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.667{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_18.txtMD5=1FC6B08D9AEAA7902A069C1BF1D9DD5E,SHA256=F5B4867E0B9C0357E14F488BB45585ECCDF47F62B7FF914A0FAE73F48CC307C8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065040Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.667{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_17.txt2022-01-17 14:25:12.000 23542300x800000000000000065039Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.667{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_17.txtMD5=D4F9E1EDD242A0C5A3B34CBE97EBDABE,SHA256=F647152E43FE5E381C71CCD9DA9BBD843A854761F8FE60BC6C17B7C0E24E0106,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065038Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.667{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_16.txt2022-01-17 14:25:12.000 23542300x800000000000000065037Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.667{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_16.txtMD5=197AAC66100FFB774044FE42A72B11FD,SHA256=FBB4AE9E31DDD26E43B7C051041BB3D9D6BEBD418A858DA67268920BC672AFB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065036Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.667{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_15.txt2022-01-17 14:25:12.000 23542300x800000000000000065035Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.667{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_15.txtMD5=AA138693FCA83E045CC5F523BEE6B2E2,SHA256=8F1C4F13D767B8A4D55FE9A377C3FF20CFD7E77B9B9DA12E1DF9772C1F685F27,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065034Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.651{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_14.txt2022-01-17 14:25:12.000 23542300x800000000000000065033Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.651{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_14.txtMD5=76DF79A3F3E66C19B77E69205D9FFB72,SHA256=81A2F5FDAF0A506502FD4CAC0CCC0C5E7CCC02330150B75D3D7FD4BDE0E3C95E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065032Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.651{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_13.txt2022-01-17 14:25:12.000 23542300x800000000000000065031Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.651{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_13.txtMD5=E40C7DDF7DCBA1C655445F7899E977E8,SHA256=6538070D2455C077280A8B537F23E3E3A7362074BA2630567D7F951F11FA113D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065030Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.651{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_12a.txt2022-01-17 14:25:12.000 23542300x800000000000000065029Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.651{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_12a.txtMD5=1917364BE14917D6F0B3FD4E5B38DA10,SHA256=DEFA4275A55F7778D400FCBF0628822DCAE95D8239DA065BA8E40049DAAA32E4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065028Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.651{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_12.txt2022-01-17 14:25:12.000 23542300x800000000000000065027Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.635{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_12.txtMD5=6C4183207D1CF66E83FFC671CB28DDA4,SHA256=449711060A7EC45E0A4BFBD5D497D069676CBF31F77F3385D3E166795E79DEAA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065026Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.635{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_11.txt2022-01-17 14:25:12.000 23542300x800000000000000065025Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.635{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_11.txtMD5=8B63EB1798F9072FB42409869EDAFE1E,SHA256=7AC917C8E4309742C3571B8C3C8D97361AB6B838F7CD5BDA498A410D9D6D9FC7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065024Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.635{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_10.txt2022-01-17 14:25:12.000 23542300x800000000000000065023Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.635{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_10.txtMD5=F78F0C171498993B3A5E2392B3CF35B9,SHA256=31B6AA0A2168C412559B6C9667846D84DE86554AF573A1A9DFA5DC753DE3754A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065022Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.635{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_09.txt2022-01-17 14:25:12.000 23542300x800000000000000065021Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.635{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_09.txtMD5=306ECAB54F1BD6BE39B608F730032E02,SHA256=3EE9D9AB704A1F7E0CE35BB832FE7189528CB5873D1F30285D3520BC48F66EB8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065020Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.635{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_08.txt2022-01-17 14:25:12.000 23542300x800000000000000065019Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.635{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_08.txtMD5=FB0E8A1F8DA7A434D80F12DD318ACE88,SHA256=357BF940A54F04D5F7B335A0A6697A1E9DDA14EB2F1DBC590BEB0FE98ED65F02,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065018Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.635{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_07.txt2022-01-17 14:25:12.000 23542300x800000000000000065017Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.635{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_07.txtMD5=BEB3D7CFA4D5B77BE8B37D1C433539C4,SHA256=8358092B45C8631DF6466A2E4DC23278263B2DD2BA5765E99CABA47C304DD3B5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065016Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.635{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_06.txt2022-01-17 14:25:12.000 23542300x800000000000000065015Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.635{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_06.txtMD5=99412FC04181031556CB9C96863B8CAA,SHA256=0C4E8456A424135A4DDA4829050DE77B05C7FB56EF716841BDFE1371AF2EB695,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065014Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.620{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_05.txt2022-01-17 14:25:12.000 23542300x800000000000000065013Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.620{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_05.txtMD5=0E05FA635EF13E72C6EF864F69A3A913,SHA256=845BCA9A59DE1959C1501CBC1F2C90FA9AB73A38653175FE94073C012FA555B1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065012Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.620{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_04.txt2022-01-17 14:25:12.000 23542300x800000000000000065011Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.620{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_04.txtMD5=7421268A46F72276DE6B015B393A3577,SHA256=A8A24BCD720323185063761B53731CD6DCC5583FC0FD7FFD972137F345B1D738,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065010Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.620{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_03.txt2022-01-17 14:25:12.000 23542300x800000000000000065009Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.620{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_03.txtMD5=46413E3ECBDB0124636AA16B0D8B3EA6,SHA256=E34151ED8E0C5F0EA996F1128834B15F41F5E2081A41DCA2BA7F2F307C331F49,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065008Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.620{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_02.txt2022-01-17 14:25:12.000 23542300x800000000000000065007Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.620{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_02.txtMD5=FDE67C346D38A0F98D83F9C9357DF9A6,SHA256=05D5E533F5E590D9EE2C7692D26DC87CCBF381F4831CCA3362BAF596691A55BB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065006Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.604{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_01.txt2022-01-17 14:25:12.000 23542300x800000000000000065005Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.604{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_email\data\msg_01.txtMD5=0D7379681894151742E00504E7CA8796,SHA256=C15A3A17F6B65E9C51C58ED3A79D12BC517F867321ED118E5DC7B5C3A1ED7D4B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065004Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.604{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_eintr.pyMD5=4591CB3345DD76A33F22866F61545910,SHA256=C43450B5B8B4D6FA9D51C2075B59660997AA9835CB549DEBF31BDA38663E9169,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065003Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.604{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_dynamicclassattribute.pyMD5=0DF7F5CF373D537BF3378DFB5282C6F7,SHA256=26DE4E3BADCDF8E7964A60B00A70498DDFB996396B7A8EB0CD975370A796AAAE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065002Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.604{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_dynamic.pyMD5=DC4686CE2EF7BEFF14F8197A079DFAC8,SHA256=3ED29AC590A0DB00D18B26E33BA6B121933CCB69BB36B2B5120C136A204E403F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065001Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.588{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_dtrace.pyMD5=84DD02A3AB9C9B52E3860EE311A46AE3,SHA256=42A063B07AA5449C7D086CFE7E23D6AA6B20532EDDA31D486BA870AFBDBDB371,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065000Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.588{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_docxmlrpc.pyMD5=B269D64A4C7E16D8AD56DB18D8FCF586,SHA256=7A19E029793ED70053EC7F9FB0205F26455844177BFC6B03ECC8C5DEEAF5AD30,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000064999Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.588{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_doctest4.txt2022-01-17 14:25:12.000 23542300x800000000000000064998Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.588{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_doctest4.txtMD5=61FB22B5B95EC50A90C169A77278CB58,SHA256=4B88DF2449D547B37C8592CEE0DD592EA9961968435094CB080CFB28B2E89783,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000064997Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.588{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_doctest3.txt2022-01-17 14:25:12.000 23542300x800000000000000064996Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.588{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_doctest3.txtMD5=1206E1832AEAC9E88F32F40317A7C3FF,SHA256=076155A689C3C7D5A7E19D1264F02960C548E0C68230ABBC31384D1EEB03B072,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000064995Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.588{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_doctest2.txt2022-01-17 14:25:12.000 23542300x800000000000000064994Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.588{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_doctest2.txtMD5=4C4B99F3EDD32CC511237B9BC537DE2F,SHA256=EB77BBDBB649007038570AD2B7C6C6CE45635DEF8CAC065279CC602F93DDCD41,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064993Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.588{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_doctest2.pyMD5=E391E1DD5547D5DA0F4CE052E8D33A14,SHA256=B5B2631F158809C1C01740CD8CE05F68C1B21F816C557C8E6497769A2072E132,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000064992Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.588{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_doctest.txt2022-01-17 14:25:12.000 23542300x800000000000000064991Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.588{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_doctest.txtMD5=386E7F52FEE4A0BB96A49AF982829E33,SHA256=E7738AF27E05F6A0CA5232EC62E0918B8B88314FF8FAC4A9E977619CC41F8CA3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064990Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.585{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_doctest.pyMD5=F6933726F041B6CAF8FF56959639B64F,SHA256=B2989283600E5A0A88B6637C59D59D568B1B7A81539424BEDD323BBB623A04EA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064989Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.567{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_distutils.pyMD5=0886E52336219F3525D3763486F44975,SHA256=1ED2EFEB1A628DC53A0CFBF9B46DA3ABE187AF602A3FFF987FA9E08D102A6745,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064988Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.567{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_dis.pyMD5=F21A040CDFBADEFED5BDC1D075F003DF,SHA256=0D263AAB366251C1ED8FCAE0ABFB909285F97E52A5BE16E19A6BBD4806B2DE9A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064987Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.567{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_difflib_expect.htmlMD5=F870688E3D43253CD83ED98A57FA9663,SHA256=82CDF6EAADA17FB4F6F42B82D4C8A38B41F9F2282F99E489A0F2B0972474A973,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064986Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.567{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_difflib.pyMD5=150872EE846331C213EBBEA87CC6F2E4,SHA256=0C72462DD4F95B41CF7558A4415D6F162CE4A3CC996150D6D21B77B8ED717090,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064985Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.567{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_dict_version.pyMD5=F3104505BC1BE46D7F77559E512A49D0,SHA256=FA8E2677E53CCF348E8094535F7CBDBEF0E5AD16C77B5F527C2CE8F5B0BFB071,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064984Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.567{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_dictviews.pyMD5=36020A85A29B8D7CE1C4B65C81D89766,SHA256=79768C15494456D2AD371ADF5FB2093610925BF9DC5D07A0951DF019CD217476,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064983Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.551{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_dictcomps.pyMD5=6BF415BDCDF495865A2EE893D2DA45F5,SHA256=B90C943535C923769BA5B400D346381CA9CFFF10429927EBF6EB9B527623B7E6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064982Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.551{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_dict.pyMD5=0D2AF64F9072BEDAC59CE5208C50F227,SHA256=46E7CB128F9AE3DF4521780F091BA9576E973A5454D1BAF3F6D6EAF42B6CF8BC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064981Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.551{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190421-065451-00000003-ffffffff.binMD5=02678F335A244AF3DC7D8BF920B38ED3,SHA256=F227B7DB4050E0B19AD32AC765639CB72B23F312B6EFDF148275F6BB5AD2E07D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064980Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.551{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_devpoll.pyMD5=169E4F6F95B77FD5BE82D1AB2D89D8F1,SHA256=EBCA415DF570B82CB5FF198205C0BA5BA90CFC3FFD6279665546DA2E09188851,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064979Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.551{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190421-065449-00000003-ffffffff.binMD5=BDC4348B9456E4C5B706B24302BD113E,SHA256=689E91C79D498D4B8E7142386598B258F7D39392EAD094A6381BF493533D3F7D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064978Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.551{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190421-065325-00000003-ffffffff.binMD5=FCA29651550612F744E221C62C263EFE,SHA256=F4A4DAA9248A57F90B6668210A16849AFB891819430E6D1E9C24F875C4C5B6A7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064977Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.535{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_descrtut.pyMD5=7FC46351C5231F5B86273EB5288EA059,SHA256=66548A1646E502B9E8B7A0647B7F1DE034230D318CFBA98A6FC51DFF3D204464,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064976Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.535{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_descr.pyMD5=61C06D6389E1910FA3F64C7DC20E1B96,SHA256=36D2F485D7D8BA13FA5FBF62C7E5505EC56097100BE8A059E12019C560B4DDCC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064975Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.535{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190421-060848-00000003-ffffffff.binMD5=039C98A263F265D48C0D3EC85C96C1BD,SHA256=791D665EF3862EE6A51F80001324BFD8C4B8C22FA33DA9399A0418EAA838BD42,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064974Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.535{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_deque.pyMD5=840EF8859E7E405157027A0AE216F650,SHA256=7D7B28D21E0B17B5CEA2C19EB04A0625A47C65C5F52D9690424D3E74B2473C71,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064973Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.535{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_defaultdict.pyMD5=AA45E161E4BFBAEB306D1388FB579264,SHA256=C0EA5D27BDEF2FF3D578CA53DF3CBA5795C886D12097DA670F9194E030DAECA7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064972Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.520{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_decorators.pyMD5=2801A7762BDD9C0C42F0C6C566C3A2B6,SHA256=7FD2A844CA887317927895841134985BD4BA4AAD926A4ADC968C2F9801FBB39C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064971Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.520{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_decimal.pyMD5=0C193F4AA3FEAD8D0E7633D33EA6C203,SHA256=55E1D4BDF98436FC4F1C2ADBA41E1360BB7066DEA844D4017521E24F794641E7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064970Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.520{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_dbm_ndbm.pyMD5=B4A8CEA5C01F828015A4A4BC14A7BF7A,SHA256=93EC8324F84927831039410840CE45A09EA197DCA77371EB8C77A5B540B0344E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064969Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.520{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_dbm_gnu.pyMD5=182E02DDEAFFD1ACE5C22489FFDB56ED,SHA256=B9849E70A9407D94AEE6EC621C4F312162745056D42EF1D47EB0FD5CD5B05F93,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064968Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.520{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_dbm_dumb.pyMD5=D20AEEFAD535A262C24EE9E4DBD58B55,SHA256=50B588906FEE5E0F5E33C9BC74E7ECAC731DE78CDBE7F321478096D7CB23E89B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064967Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.520{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_dbm.pyMD5=404E2428C10F52A23E0DB844C637AD24,SHA256=5F97C3152D1E454E66EE79C0E1BA8B864EF479DF08DAEF6A462B3ECCB13B7A7A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064966Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.504{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_datetime.pyMD5=C9FE5ED26A30C918B4F32159C9A61F2E,SHA256=73EC414F9E592DAD10ABB54ACDB7511402A184BF1BE17245A59E94A20240929C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064965Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.504{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_dataclasses.pyMD5=E485C1099AFDD1AFF71F3B7C7D70319A,SHA256=166C74E47F90D16CDB0C60C0B81118F766ACA427CB461940C367410BB4D68DDD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064964Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.504{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_c_locale_coercion.pyMD5=DFC32A3B4E59F24AC27329C9E5B741D0,SHA256=9AEA711457E81171888E3FD19E33591C426F67586E8C8F7873B2CA783502F5EE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064963Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.504{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_curses.pyMD5=C8FC0344B79CB159DC2AC1CEDA0DF365,SHA256=9243B0C7D5B06E650CC93E68A94097447D66130DFBB16B1E396361B92827FD2E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064962Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.504{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190421-060641-00000003-ffffffff.binMD5=DDA7900E7B4EE2F20287F87DCE24D622,SHA256=AEB8C95E478942A52C61EA9CAD63BCD9A64DED5DC80E31E22F45326DA75FDE3E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064961Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.489{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_ctypes.pyMD5=8A669071691BC6CA10E4334735709483,SHA256=57A8C8E544DCA263B270068D87F548F7F49F5BB0C8DE0EE011099C514DBE3FF7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064960Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.489{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_csv.pyMD5=C74496136B587FAD4B674075B63D909B,SHA256=A12FB3A6C3B90841F08882DEA59FDAF3C904FBECAB80C7182B74B5AF4AC19D47,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064959Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.489{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190421-055710-00000003-ffffffff.binMD5=6B53E1028D9BCD0F249ADB4C5F5E86F4,SHA256=FD0CC51A5560BBD3DC1427ADB56A5E62551DC2B910E7143D2A64AA31F6800521,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064958Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.489{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_crypt.pyMD5=31DE4C3776BE5E1A55FB234C92A14363,SHA256=000219212197F09683BB59258726A5AEB47091B2563C5C1180F80A3EFEE0E5C1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064957Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.489{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_crashers.pyMD5=6029C7F7E17D901B5A5DC9C528BDC514,SHA256=2C1E161210513406DDCDC7E70F0F4BCB96C442F669A27791BD6823DD2E309C31,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064956Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.489{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_cprofile.pyMD5=EB89234448D477FF805B46CBEC0DDFAD,SHA256=EC426AD1531AFBD9876A10FC1A426AD811D0713CFDE26F41848747FE8E737B21,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064955Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.487{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_coroutines.pyMD5=EED53BF4649DDB540B6E3D7D19B2A39E,SHA256=53803C41FE328A463772B09FC672B275866A5234EFD2FA0A504649E245CD2B84,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064954Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.482{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_copyreg.pyMD5=A7CA7E913434A54E71CA2F4E8DC6B0DF,SHA256=5D025F5B231572FF638CE5CAC9A1E3A2FF26DB5919CE6911B0FA81CD45ACC0C0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064953Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.467{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190421-053308-00000003-ffffffff.binMD5=8C9ABB9D6F2A012ABC0BAA04E0A900A5,SHA256=96887406E2CFAC501A228813F4FD79A6582315CC630B816A1349ACDEB11E8CCB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064952Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.467{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_copy.pyMD5=8A29F29DED7101AC590C152203682404,SHA256=A1366AC8AE2A38B87611225D3425798982AFBC35BD429CC9680A030170E57961,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064951Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.467{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_contextlib_async.pyMD5=72746FE1807A26305037D6BF9E0E1F09,SHA256=1017BF9B01D29C20AAB20DDE55EE031C653B9F9726ADB0A8BDF407E09C111411,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064950Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.467{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_contextlib.pyMD5=18A9907A0ABBBB6905A8655E0AB29258,SHA256=F5D93AD4CA7965D2CF28397B9DE3DCBBD0792C7877C0001B394141114BE19097,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064949Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.451{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_context.pyMD5=DDCC06945A227E37847C989F29BBD908,SHA256=4C4B1839CDF77333280C08E73D037882B1A9BB3E4AB53365AE9183E391D843E8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064948Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.451{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_contains.pyMD5=3D625586ECC4D7BB7AC86E9150F2F81B,SHA256=2926B98F3722CA2BA23D40CAE49E786A0307911AB4F7CAFB316C8F4D5D16DB25,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064947Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.451{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_configparser.pyMD5=7ECC81B25762B85196FEB269B12174A3,SHA256=0DC245E4417FE3322B065700169A6E0B63D8E974AD50B9F5E3476C931E717CD8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064946Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.451{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_concurrent_futures.pyMD5=47DB52B8A43E4208EF5532E763524446,SHA256=E2E0C32E8952D529DAE4F8FEF2909F865D0AA813F09EBA7170C66015FEC904A4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064945Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.436{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_complex.pyMD5=A9D260750F0FF501D6A9AA8C66A11001,SHA256=1F8BDF2A9C646FC9A40E62754431E53A78F1D97A4EC705FC9D04611E410329E9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064944Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.436{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_compileall.pyMD5=79BB6C7E10D00E73308278CDCEBDEBBD,SHA256=9CB7A918511CD8A70450E08E2BD1B767054C48BDF0EF57DF321030BD0A9B4B56,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064943Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.436{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_compile.pyMD5=AA24682803359418B439BBCF0E0B2BB8,SHA256=0218A27F45436F96F7A72B9460A232817D793E6123FF94E1D24429D3336F1BD6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064942Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.436{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_compare.pyMD5=3192DDA88EF91A6087A87E0FEF3944EB,SHA256=2435216696CFE7ED7B8D8B6B00622AB6B6B1849698E31B65B2C56C42A42E7BF2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064941Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.436{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_colorsys.pyMD5=0C05445C24C5E4A348CFED2D45F732BE,SHA256=832134CE16A38A819D7BA1D21B7EB724B3559F3562DF4E330671634997903F3F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064940Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.436{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_collections.pyMD5=3F69090A1256F622BAB645A45D1109EC,SHA256=6895E15C5192B9B4AA0001C1B20F806665BAC9CD3B4A70F09C668E80427BE522,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064939Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.420{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_code_module.pyMD5=FDEAF0BC7D2E33C7DD5081F19BABB1BA,SHA256=E1DC11EA3371700A3BC37710A0B6BEF64FAFE00245FDE912DC2C35252AADAC4C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064938Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.420{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_codeop.pyMD5=9F64C3B56EE72DA2989FBF8100784A93,SHA256=8A4D6A692EED5A019C772000713801467978A441FD7E4802E376E2DFB47E1A33,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064937Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.420{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_codecs.pyMD5=2F0B3A564C62F3D9882F70AC1ACB3EFC,SHA256=A525B0F43D1657B03737D97AF66E93D54914B17DAFE8905BD95F322A6B1F39AC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064936Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.420{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_codecmaps_tw.pyMD5=B17C1A6D94694D9B6CA759C28B92F094,SHA256=D14E2E02C97E8AD528B45A4B4F2C737592AD895C8ACC69EFA8DC6CA72A176BEE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064935Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.404{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_codecmaps_kr.pyMD5=A8101F6A8C1102C7442036B87049ABA4,SHA256=A6ED28F88AB5D1D3927A13083D0F2AD7459E5D345DA10022EC3A908F85606AB4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064934Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.404{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_codecmaps_jp.pyMD5=DC418401CCBE5922870A21256D125E93,SHA256=5261986B05143187428EB3AFAE7DF53DE00E6F24DB76B4F9982500E114718C05,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064933Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.404{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_codecmaps_hk.pyMD5=B16EDC61944C70F2C8F5FD1E41A0AA77,SHA256=DB877DD02FF201B871B9533EC6D3BB111599FB3532D36104BD9E126AF0EFD734,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064932Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.404{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_codecmaps_cn.pyMD5=2CB79CA84590CD3EDEA7B7BEB37A5D86,SHA256=8D73B4DAFB1FC6BCD6CF67BE9FF53AD4055DE12B883FC52A5B18465A3B38A39B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064931Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.389{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_codecencodings_tw.pyMD5=4A6C6C7122A22D1C14FB8AB159E70849,SHA256=CED9F1A261AC71975E162FE3D43A718BF45791FCDDA832F703E2DF391496F650,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064930Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.389{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_codecencodings_kr.pyMD5=6359B35887C391F66AF04A91A547A1D4,SHA256=259FBC5494F5C0F0E7E4CEDFDA79767CFEAB3AAFF463CCF3EEEF88882D4FE2C2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064929Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.389{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_codecencodings_jp.pyMD5=2759FBE0C69429F2B490C6D62F52ECCD,SHA256=DB60E817743E535AB3D016948EFBE08C28BDF6CE132C6C7477B4F0F7B6C72952,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064928Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.386{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_codecencodings_iso2022.pyMD5=B041F3A2032588D13E3B1A1E1F62E2EC,SHA256=DE1174C2006CBF5DCC11E27E4E46A0B59F5C7A9878FA08EF273E495C34A74AD6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064927Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.384{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_codecencodings_hk.pyMD5=8F96C44F641FA3EFFFC409CDCD4E1D2D,SHA256=E0D2D66D7FEE3084119295B31C6B1196B8EF162D9490A402B944EE35CB1A4F7B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064926Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.367{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_codecencodings_cn.pyMD5=BED74000283897210CDAC9C996F9B0EE,SHA256=30CE0435AAC38C8F14DA1BB0A4A47374D760E7D20D31B18591EECB56BE6DBD7F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064925Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.367{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_codeccallbacks.pyMD5=3BAFAB726BC851738D53826F41258F6F,SHA256=86E4132980E164F0FA1E5575DFC906E48DBF066964CDB1D0480A8BCBA79F71D8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064924Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.351{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_code.pyMD5=37EE13B43516396619B456133EBF4F40,SHA256=14DB15D2540308C582A68B4D48A69B5C7DFAD32BF10253A889DECA6A877AFFA5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064923Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.351{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_cmd_line_script.pyMD5=5FBFC4CEC1AE184FDB8BB62701493900,SHA256=54CDA035CA490E9CB32355E16F9FA99DA270FCFBB4C5942014C81DDC906A601C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064922Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.351{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_cmd_line.pyMD5=5F3002CC342F717DA272456984E14C3F,SHA256=68A1CCF64FD119858865971DE1B334AF702D3408EE55A0AC7CA73932CFFF18B6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064921Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.351{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_cmd.pyMD5=A7CEECE5A9B23BBCFD72F569EEE2BF03,SHA256=6FF1EAF9BC6E3320C15F7C37A0872C4A0D392BF43C0DDC5F2D6783F322EFF04D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064920Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.351{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_cmath.pyMD5=D7024590ABEC92681C3065FC5219E657,SHA256=3B02BF9A5D31A4A11EC0498A8EA13375FA40D50800F6669697C45357A1DFDA34,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064919Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_clinic.pyMD5=6666EC147416BB84EB4056532097C282,SHA256=2A1964A35FF734FD18582B5F3F76CC2D3731BD243B6035406DAA48A8BEED80D1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064918Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_class.pyMD5=E87F61FEF486851FC5C6F545965E601D,SHA256=88703FE1531974DB0354FF94FEC111B5E68AAEEAFB3B618E7691AA309FA2E411,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064917Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_check_c_globals.pyMD5=08EBA974B46540728C5A3F784CE1A137,SHA256=FD4BB7CB1D5EB562016618D021D054DAA59D97ED9DE78747286F33C710F015B6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064916Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_charmapcodec.pyMD5=12ED351F326BDB2F77168F408A891D68,SHA256=7B39E2F63F4CE96B7D533A1123D53CFA66D3D54B44B8FB04E4C1DB457C995A8C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064915Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_cgitb.pyMD5=5468B25FB9B936F7BFC0918041EEBEF3,SHA256=961CDE703EF1FCE5BBB8190C9A87C5CFDE560864BF71FAB4ECB6597B0E423167,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064914Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_cgi.pyMD5=513C1EAFEDEC84E24BD6B3B4356DB4EE,SHA256=61CE5A185A07A3974FCB46B6786074E2B9AA1B78157D3FE83780A3902FE94738,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064913Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.320{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_capi.pyMD5=972F0D7486843CB13B1DF373708C2916,SHA256=4E2E30BB6C19245DBB4228C684BF30C35A675C7A71B6B2225DBEDC762ECEBC5A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064912Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.320{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_call.pyMD5=9B5F73225E9140C16279B1DB28C1FD4E,SHA256=3363B437B77A324A639D0B78D61760B5E54C85B7114BA8F75B779F8C977287EA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064911Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.320{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_calendar.pyMD5=DFE6382F35E38ED5F96621B64D72C642,SHA256=F0E72B48B9BE9A9E43668DE05536846AD2552AB413B28ADE810BACC4B66C5E5B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064910Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.320{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_bz2.pyMD5=1C42469798F49C9AF42E6052506E0082,SHA256=19601C54DCA14DE39D98247931F57C5BE7DE191DBD94AB52F91D12AD30BE4571,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064909Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.304{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_bytes.pyMD5=B5136780CB70F0429C6B021DA8B41ADE,SHA256=CC2C26963B645CC82CD0DF2AE84F46B573A41BB635AAAA865CE51B2DF6D55D1F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064908Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.304{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_builtin.pyMD5=E9BEFB4BA5E376A0495A6BC0AF8EB770,SHA256=9B5E4C4670C9C82E700066BC48A2B659736C7C941A1F7D042F0502D5A81FA530,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064907Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.304{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_bufio.pyMD5=8948A96C7B270D38F25E90C9F9F2AB93,SHA256=340C288B86F2A97B2A4A8FF7012F42A7B3604C249B789C9E687F86DC7795DDB6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064906Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.304{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_buffer.pyMD5=B37E147D7E1202C4FEFBD16BBA7F0A86,SHA256=4D380F2F60B9E20A74D1EB90330AB119FAAA13ED10BB9DE998112CC9BF352EE3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064905Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.288{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_bool.pyMD5=610DD69E258A9A2120DDDC3699F70B18,SHA256=D173E265D0D61CE32B1566213BA276E289590D464F2B70321DC60CE889B5E5FF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064904Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.288{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_bisect.pyMD5=D19E45FD344532318E6E0C043F083DB8,SHA256=333A40958F642FE26DA7CAAF1A7CE021F5F79A30ED7C2768FD0B15C88A64F080,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064903Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.288{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_binop.pyMD5=9CEF9034F1F38E303951C46F50D39D42,SHA256=A3768CDFE69979E751BAB5B086D3B73D254D9C649B270B252BB50EBDA79AD044,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064902Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.288{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_binhex.pyMD5=EBCEF0EC7942595509769E1F425FA9A2,SHA256=B57ADD1F5C6DB94A138E7477685EFFE42A3C79827060537BA93B0698E6F506EB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064901Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.288{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_binascii.pyMD5=C313D31AB3F3C4F61F4B68CD80B1B9ED,SHA256=3DBA67A1593EDFE24FFEE8F390490ADDB942768B22E8820F30D58C693CBDAE74,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064900Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.288{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_bigmem.pyMD5=A9B6518926BE8553F5CC7F3B5EFF49E9,SHA256=AE353EE846F605D767ECB78ADB62841C489284B8980921AF3BD39D75C3CB845B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064899Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.288{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_bigaddrspace.pyMD5=DA7839F1BC2F1B83370EF47E7E26986C,SHA256=5A7C7F273E785689292F90C378DBD53B80B40608F908D45E368286AEAFAEE473,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064898Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.286{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_bdb.pyMD5=30A3F556AEFC1C914F7C8A5C14E727D6,SHA256=81A35E28FDF6DCDC963A334CA1E76027D71294AE6EC846A85DB65687F273691B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064897Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.283{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_baseexception.pyMD5=5A642CB00A708D7E71F44F0BBC55491A,SHA256=763F3D72B43AD74D76142F61C2F7AEFD57381199A0D5B7916354D0F9D052D72B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064896Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.267{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_base64.pyMD5=33652B8B1F8F54802ECA9D7EE55A0EC3,SHA256=8BF26DFAE6769D4A6011956D47E51A762C2E77F8A2CB488805C68008FAA00A33,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064895Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.267{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_augassign.pyMD5=860D8ECD3A40681949FECA8143C4B74C,SHA256=60ABABF7335034782A7BA9F805C07E40BC00EFCB112CDF4CFB8EB7EAAC0552AA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064894Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.267{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_audit.pyMD5=E437642E381E875207D058C4994E5DC5,SHA256=ED9D3D1F401BCED7A2BBC9B4FD25C474CAB6C6163ED38DFF63BF7EE9B4A5D6E6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064893Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.267{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_audioop.pyMD5=0F9C8F16A7842A28DB3D15FED0CD1B8F,SHA256=BF8F7291193ADC7C013D422F53D7C670F6178BFFB83035ED33BA93EDECEE046F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064892Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.267{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_atexit.pyMD5=536AB2CDDD3B6F4BDC06858D7EAC0429,SHA256=D4DBABB574BB4906A94B34BA3F8D495CDA0C8471F40D2DBE1BE5ECBFDE28E7C2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064891Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.251{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncore.pyMD5=3F56DDA1F325A3DB7E3CCC7A30DCC9A0,SHA256=42F50B99F0966692001C535EA76BD9BD8D703485A3F3C905B40B44D4DA1DD46C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064890Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.251{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\__main__.pyMD5=47878C074F37661118DB4F3525B2B6CB,SHA256=B4DC0B48D375647BCFAB52D235ABF7968DAF57B6BBDF325766F31CE7752D7216,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064889Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.251{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\__init__.pyMD5=8FC622854B65DEEB5EF2258AB2E5DF21,SHA256=BB65DBA366FAF826F765AF2ABC155CE748AAB15E1953016ECDE6475BA97C67CB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064888Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.251{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\utils.pyMD5=3AEA4B19A662F7948280C099D98D320E,SHA256=70904B335CA46B3416D8C49A40BA66D364A6FEBC03992485903CD407BC501914,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064887Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.235{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\test_windows_utils.pyMD5=0F00F5CB995432B593430D8D37FA404E,SHA256=5E7830ECE13FE82300AB1D802EFDC1CF024B357F174D3B1BC05EF386A98BEDF5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064886Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.235{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\test_windows_events.pyMD5=665A8B674C1DBBF7E8503A1D4FF1EA72,SHA256=2119DE3F40F7EC1A455D0D3972BC39CBF2D19EE8EAC51CD5604A7A052080C155,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064885Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.235{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\test_unix_events.pyMD5=C6BC09D07CA1CB4C50276589B0506430,SHA256=74E92DCFAC5DE4D79F3EE70D492ACF20359C96B2C579B383F81EAB37A3A32A89,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064884Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.235{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\test_transports.pyMD5=EB1A9F6225C7A929445F770D52310D80,SHA256=7A4B11C7B5285B524C40B98E6D2EEFEAD2CCAC4DBE051A7CB7247D9413368F56,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064883Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.235{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\test_threads.pyMD5=B11F6193D266D816BA9ED15538F700C3,SHA256=4E57632C4CB46FAD07A096AB75A033CE2F23BF46679185E56557FACE5F77181D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064882Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.220{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\test_tasks.pyMD5=98899AACE6599816EFF302D203C662C0,SHA256=8EE31FB10896AD09AC96897ACE41C80FFBF0056A9819F4E9E7DAF773F6358CA5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064881Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.220{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\test_subprocess.pyMD5=36A1A8ADB324ED41DA47478D2746C97B,SHA256=0C5986DD686C43E5F056F2E42B0D29CC44C5AFF08960DD44CA42181C22A50D21,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064880Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.220{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\test_streams.pyMD5=C920AF1F6FDFD501640C9FB11C34F52F,SHA256=228F4F47FB83C71789891770061865B76A4E13BA63469A0336431B9AEB938553,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064879Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.220{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\test_sslproto.pyMD5=83502123CF897DF05718090FCA3ED988,SHA256=EB51A161D0E420C3F822AA922482A426FCCA6721B72F6C2A55EE5DC3D3B50543,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064878Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.220{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\test_sock_lowlevel.pyMD5=E911536494475C8E3085DA9032EB981A,SHA256=BA6A9D4DC4BA103A1C2BA0B4989E26E700D4AA632712EA71A7AF35AD5331BD39,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064877Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.204{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\test_server.pyMD5=DBD7425DBEA55B3BF45990DFD11EFFC9,SHA256=E53312BE23B77BACB4B63823498681700640F7EBC6808FB43E848D574A26EC76,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000064876Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.204{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\test_sendfile.pyMD5=F1A99880FE1B7D216D8E78FD9A5CA57F,SHA256=9B6D61BAA090E14BBE92AB362FE46E923714EFD2029CB462EAD41AE8C61F3686,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064875Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.204{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\test_selector_events.pyMD5=109F269B1F2EF936C34298FD511A6564,SHA256=99E290FEC6D14AC291206FE5B6537E8F1E4C647FFBEE16976247A38CBDC96D29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064874Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.204{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\test_runners.pyMD5=428AA0F6EE82D3B1FF9C68ABB9130DB1,SHA256=D866F88D566F177348892EF8D5FA5E04944D3B372BCDF39646527054BC3992A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064873Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.204{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\test_queues.pyMD5=4AFD679D38D2AE2781B765FDA6208919,SHA256=1BDE7CAC58196D0A4F04BCB4E335502F548E8FAFCD5E6E5F61280A8E63FC1D40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064872Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.188{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\test_protocols.pyMD5=5F81AFC06B4E5C107501BF237569BD6D,SHA256=1488B9FCC94B045E5EEADD81A21E02691115768FD8B5882EFB9C1D4B725EC31C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064871Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.188{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\test_proactor_events.pyMD5=5EA93C1F1C15C5CC75962FD338491E95,SHA256=858FA434320181CBEAFEB7D2E12058293F505BCE789085EED03065C08D1762DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064870Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.188{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\test_pep492.pyMD5=E3836BBB6483721004AB5E662972DF69,SHA256=A7AA739E236B05002766A02B9049B0D638A88EB6E506692BFB8BB70420B06F5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064869Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.188{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\test_locks.pyMD5=E9FD650564F19F402E02C469B3ADC736,SHA256=D39395453C6D1247010E3B1C5F75278BE0C3112F9E2EDB595AAE9F9228A92F9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064868Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.186{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\test_futures2.pyMD5=10338EDDC7E2A58D19683AC592A51E7E,SHA256=ACD714099DD56D90D9951D231D29BA2C558130041FC344240A1F8CDD59864B2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064867Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.167{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\test_futures.pyMD5=874A8E407321B9F94403349101EF142B,SHA256=8BA5B1959695276254358B78DEC5D93539BBDE7C40793EFC27C7E1DA3000D3FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064866Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.167{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\test_events.pyMD5=E43A16F5C33086EE410C5400553EC01A,SHA256=831B77D9ACB6B36E790C3F8DABE391DBFBB97FDC54F22A838B2C2AA148DB4BAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064865Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.167{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\test_context.pyMD5=13B407B1CF62EDB699BE3804F4EE7FAA,SHA256=9F5C11AEF06FA7565C0D4B7BC2265D903047052BAB2650F7E8011CBDED9EEE6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064864Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.151{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\test_buffered_proto.pyMD5=667FAFD940E15F45BCE766695530475B,SHA256=F577FE3760ED5C8585B6EFDE1583851246CB2E9D30EACCFAF71E21BC5DDE05F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064863Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.151{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\test_base_events.pyMD5=82CCD8CDB5A010A9238FB8683865EE34,SHA256=A00F979440A00C5BA41B1B0539B5C062F5A2371176D930C2E0A2262B50A5CEA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064862Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.151{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\test_asyncio_waitfor.pyMD5=601A22DD195A3B4F942A3E6516856095,SHA256=6BC233E08D8FAD1ACB81E71A1E6087BE6298E73C2C2417B87DB9491D396399CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064861Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.151{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\functional.pyMD5=9E9068575EEE37C09B1DA29BF994DF63,SHA256=523CC8ECD207F9D404B8B6B272815E978C8A00652487D85D53CABB1A74C6CE17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064860Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.135{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\echo3.pyMD5=C6680BF1B31FDE459D6C342ACDA4FA3E,SHA256=8984B5E38796388A91082579589BDE141584490E038023511E690C5940B73FE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064859Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.135{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\echo2.pyMD5=5524DB9168A258CD82903889F5173002,SHA256=6D834396D6657D1144A9103589F17DE4A8B1AB914E2B4F980CC26E21A5B98C7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064858Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.135{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncio\echo.pyMD5=06D9C85BB95D22E39B30AAAE32395CC6,SHA256=FB8696E67686DB3E7ACEF757FAB99783540436C6C6A3FB3A189BF717A2911A7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064857Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.135{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asynchat.pyMD5=4D6C6F0D857FE9B90D7E31DB801A11D3,SHA256=F3C3A53ED7B48B7D7B8881D582C1359638A67CB9271350DF47B99298B4F786E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064856Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.135{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asyncgen.pyMD5=4939C85877BC9B771A0E948B3E6F9336,SHA256=5EDEC1071F9D3DBA2BF9E31049006C5966ED52460E52EC4D807D6C0017C5F893,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064855Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.120{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_ast.pyMD5=ECC161B2F66C5AF473018B260237FDA7,SHA256=2A9EBCEF77AED5650C86881460903DA2009FED51488F8037134D6B4A2D23D304,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064854Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.120{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_asdl_parser.pyMD5=B6A755C56B430FD25BD7F45F86E5837A,SHA256=57FD292FB547B12C2B38D6515E5ABCD5E71D4306E275953A1E15A89BEF544CB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064853Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.120{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_array.pyMD5=6A7630B6BAA97620FC6E52049D0B7679,SHA256=5D848F6FD8C287B149E5A4C5F9678A5D60780C656C4A070E58B107F8E3B2A755,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064852Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.120{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_argparse.pyMD5=F09847F78927FDA873F1664624169600,SHA256=BB8B298C930435AD8EB4B516F7C5FC59664DC85F4EC810FB661C70C621F9F85D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064851Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.104{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_aifc.pyMD5=3A988181D65DC8E2A831CF0B02E4E124,SHA256=D72FCDD4BCD46F4FD682022CE32CC8E4491EC473397E89C3F76BA5BA9B7878A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064850Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.104{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_abstract_numbers.pyMD5=054B949FE4B6FD39F2FB35D32CBD1F87,SHA256=C8755D15F151FB97A4D25D6DC13D979AC23C847808DAFA62A5A2132B64522A14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064849Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.104{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_abc.pyMD5=937C44E7584B7CB2FABA1C7F41CD787C,SHA256=80468E244EF5DF5CCF7AF412C1F91AB232D0AC8F9B9C1B2829119106C925890E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064848Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.104{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\testtar.tarMD5=8AE56950E87DCADFDEF07198B4E157E9,SHA256=760200DDA3CFDFF2CD31D8AB6C806794F3770FAA465E7EAE00A1CB3A2FBCBE3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064847Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.089{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\testcodec.pyMD5=2D3DC13DAE8814FECC8B5A15CDDA30D3,SHA256=E3D47C4C1B0E319F8C9DC18EA5F7770C390B727E6EB6157E92ABC9E7E544563B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064846Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.089{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\talos-2019-0758.pemMD5=FD3B4A968BD2273670CFE2E716236884,SHA256=74B54652A4CAFE634F9FF518D50DFC282380F1618649F27A9CC97C4B630B737C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064845Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.089{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\support\__init__.pyMD5=5328B7D7242EA9D33BCC90580ADC78AA,SHA256=0327519539B72DA73031714ED0381BBC07C434E22281622E6C80BDBC75D3EA5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064844Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.087{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\support\warnings_helper.pyMD5=D5EB134F80F66FBE4F611FB94756CD0F,SHA256=65429D21546FF4294945DBA3ECEAECDA1D629F8410BBE1C4784FC0CB4D4291B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064843Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.084{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\support\threading_helper.pyMD5=FC70D036AF0B68F8CE75D88BE9A051C7,SHA256=6C69121BD5A71EB617375276F08D2F61A835D394C5E9ED02A7B509CF7D4E56C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064842Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.066{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\support\testresult.pyMD5=7B3F39D87270777B11B3B7656B254BA9,SHA256=83B0531C197167C84BF3863C4C709CB499EC30A0938006DED941C446977F1721,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064841Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.066{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\support\socket_helper.pyMD5=CB6CF9F27A8AABD4CED058C1C7F6A65F,SHA256=C6B8B0E664967A2CBB5A4882A5021A2CC61864B20F216FC2D26A32BB722ABC03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064840Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.066{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\support\script_helper.pyMD5=F92FAD01796F7A3F9192D1888CB18945,SHA256=E8B1F8915FE6AF721C64394D3F1999699003AEAB27B9F32E5996869AB74BDC03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064839Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.066{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\support\os_helper.pyMD5=53C1E81783F6D6479C0DA2CE610D8304,SHA256=57E3C8BFE8AFA58484F5D04C6B3D59A901A852A36A0EA4BD971FF4612F2C7FAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064838Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.051{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\support\logging_helper.pyMD5=3DEE144AD3D8F7C9ABAFB386F27D151F,SHA256=D75C17EE1FEBE3C07E5173711520AEE2316170BA7E35A266A2E4E1CDA6667183,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064837Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.051{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\support\interpreters.pyMD5=32CAA4DCC41177251B2BCB6C43BE0867,SHA256=527FA24FE88FBF8C1DF86FCAD596C8A8A4D74872CDC5C987B40CA9E4E2AB5E85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064836Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.051{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\support\import_helper.pyMD5=9ED2D29AF986A797278C5C4BC3F8D2D9,SHA256=27D05EBEF656D60AFA5062B03D59C6FDD90C550E40E93DECF7265973E5BFD6C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064835Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.051{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\support\hashlib_helper.pyMD5=B56136B8BA1A3295E0B37E771E45B028,SHA256=D7A793C12290761A046D872B59E15B3881DFC9B6C5817127999BE6DBAE8A076C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064834Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.051{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\support\bytecode_helper.pyMD5=B7C11B4DE9A1CEBC28EE5BE678317810,SHA256=8FFB7D3CA0C097EE975672CEE14697510881D9BE4D72AEDB73FA726BFCDAD319,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064833Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.035{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\subprocessdata\sigchild_ignore.pyMD5=B0774D3AF65F918D64C0FC7CA1DEA37F,SHA256=D586A91B344FF88CD0255E96F6CBDDB93223CEB328A41614264464D8BB3634AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064832Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.035{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\subprocessdata\qgrep.pyMD5=8D64427DE5CB0A9A8E304717D7D722FA,SHA256=82E5AC57D875452CFB83D2B1D06B5C8F231936F1614268CAEF0CE778E58BF185,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064831Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.035{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\subprocessdata\qcat.pyMD5=3AFDB772F4FB11E66888791BAF0314D7,SHA256=039D2C9D75EC2406B56F5A3CC4E693BB8B671F4A515136536C61884E863C62A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064830Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.035{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\subprocessdata\input_reader.pyMD5=3EFABFF7B31954BDA815E1233FD714E7,SHA256=5D54A740C809D36CB59C73033A730E1A62002BABA2DC5C100B5D4DEAD677C901,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064829Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.035{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\subprocessdata\fd_status.pyMD5=C0CACB52533384C4BCE02B5FF8805B4A,SHA256=145AF6E4FD14C0EC62DFF74BC64D467A086F24E8EEE74B4E2DFDD07638BD4EFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064828Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.020{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\string_tests.pyMD5=4D9F806D4049360E4D189ECFC9B57134,SHA256=7B3DAD365F0DBE155EF7ED01196B997DD7627D4769077A83AE66328B956A85A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064827Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.020{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\ssl_servers.pyMD5=BAD15D06705CF9BE02E4759703F06FC2,SHA256=78D1E7452909C97AB48BFAEEDBFC6EDA075677153850E1AFC3B420407425522D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064826Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.020{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\ssl_key.pemMD5=2517E1C4ECD54E37BB6AA2C02BD63C5D,SHA256=EEE0EDA3A08E239798A90E0E42CCB8305ED9CD28E9C24A48777C484E389709B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064825Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.020{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\ssl_key.passwd.pemMD5=B3B6685B90E056EF6C9321247CAE2BD7,SHA256=CC974B150EBA080143A4E4B3F58873DDEA758ECF2C583941DAEAD8E9AA02EE51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064824Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.004{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\ssl_cert.pemMD5=3881A1A51E4C72AE0FCCC1305B7BF15C,SHA256=5A2EB85E7F9A29956C4A1EDE39962CD9C451FD3008B0953878B1D6B0B90B2776,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064823Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.004{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\ssltests.pyMD5=8B55BA43F7572DD73E2358A8AC98D992,SHA256=75C68DE45023039AA7F20F3B85AB06D8473A60A43DCC2102462F2CB6C9AB35BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064822Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.004{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\sortperf.pyMD5=4D3CBADB3FFE8CD20651768E4897FAB4,SHA256=33BE79E404366FE2296807DF6FAF0C618333D5F93E98F59C153385A5CBB499BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064821Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.004{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\signalinterproctester.pyMD5=38C90A4D7EB8104F6B16EFBCD38CBC46,SHA256=EB893015DDA2205E3D1B2B825A52E7DD2CB8E51F129D2F367D56BBBCF1D411B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064820Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.988{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\sgml_input.htmlMD5=8AAF376455FDE9397BF959F5641BEEC7,SHA256=0F7ECFF4E98632EEFC32AADC9AC678DB02A6BBDCE4C2DB18967C20CE65F44033,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064819Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:56.988{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\seq_tests.pyMD5=C95DFC4B62EC7CC460B0C0299136C96A,SHA256=64BA64F209CC50B94334EBADC3C3B3F481871575E5055F5BC2739CEB4796C467,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031933Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:54.902{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51390-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031932Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:56.998{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D7B217704C238C4F6DA2B3A28D07B3BE,SHA256=09C3E00BDA105A3342E2BF6096C59697D4AEBC7FF389312DAF957D0A8B07F8CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065408Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.990{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190426-055448-00000003-ffffffff.binMD5=DDD9698141D111F6702E3483543B3D73,SHA256=3958FDA428CEA693838215FF75F570BC4B55D98DBFA9B9A75BEF40CBAED00473,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065407Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.990{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_pow.pyMD5=B70EFBC676358264EDF92FB13E52F7E3,SHA256=9454787B159E9A6CA405941478E423A109A5D49299E7A37AC9ED6475A514B098,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065406Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.990{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_posixpath.pyMD5=12783B35E932C60EE28332D25922F2F5,SHA256=42B1DEF68E37453296753DE796B706F3194241C8ADD5D100AC9CD386F7561B43,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065405Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.990{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_posix.pyMD5=BCE698DCEDCE42A56B67BE43DEC0852D,SHA256=7AFEA341B7CFC52AC0EFD98B74D20622454182A08788A7A72AB3965031CC3812,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065404Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.987{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_positional_only_arg.pyMD5=CFB7FE6FE26C07816C4B8FC67CDA634F,SHA256=2B580D338B2E159A5EA1B5634FDF7C4A72DF44F16AEED0E7FE82FC48B6AB9FF9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065403Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.985{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_poplib.pyMD5=EE571BD4ECD79F577A8A37FB987D6F21,SHA256=90E53CF3CA97C7B20277AF1ABD9E3705DF4158EE0B4147F907F2D02CB2A09807,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065402Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.968{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_popen.pyMD5=D644F5E15BF6C13E26913FFB9777DCBF,SHA256=1C768165D86C9D6A0ABEEA674C044DFCF484242E86F97E31CC7B352EB6380768,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065401Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.968{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_poll.pyMD5=AEA3A2E6347A116E0A214E17B58F2A05,SHA256=4E4B3E0148DEE372F1CDDA5BDFDE8F4FC6AC359F47F049D6EAB87BE4B9CE0E07,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065400Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.968{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_plistlib.pyMD5=93293E3705E9DA6352DE13F77EF9B82A,SHA256=D3620472B853B753D9C8BD543DA523BC480F0A70AB76799184F5A5ED9CDD4688,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065399Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.968{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_platform.pyMD5=6BDF55F6797849B7F0D5758D8FEF2AA1,SHA256=E601A563AD3A3774471C8AFE844C5EC68261AB12178F9DCBCF9F6C036E108317,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065398Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.968{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_pkgutil.pyMD5=1D0208732CF6E4772EE195287D23CD50,SHA256=3DB287E7D328CA17B1304DCCD128F8EC034929DF48DA3C9BAC934EDDD5EEED15,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065397Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.968{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_pkg.pyMD5=F74AB50ABF2E0D4CBD4C98C75E4D2406,SHA256=D6F7CEB45E2286B728594CD600185844DF0EA45FA3B76A32E690BE7C279864D0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065396Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.953{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_pipes.pyMD5=BEB5258D2FBD004106C832C750A16C53,SHA256=022BA8FBD8ABAACEBF665D678499FDF59FF1C0D9E8BA40403F87EF6E649A5D4B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065395Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.953{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_pickletools.pyMD5=AFC7BD6BFB56F7D1B232D4EA7D40EB58,SHA256=AD956819224B6806EAA8F4CA6581D19DCD3042B2E160EA174824DAF5546F74B8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065394Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.953{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_picklebuffer.pyMD5=C37B3F33042656DF9C894F7C0405F9B4,SHA256=068285F6B507F9E76C97FD8434E9C28CD9E73F1BD99B75360F0106BF04AAC8BD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065393Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.953{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_pickle.pyMD5=A7B2B62CDD221E0D469ECA1DDEE5DFE3,SHA256=AB34BCBDE6F76204F3A61146AD857B15297AC02C701001719B15EB8755C95D2F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065392Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.953{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_peg_generator\__main__.pyMD5=1CAE9C010248AB147134BE63F81F1F27,SHA256=32546BC2A075766524CA38AA2CD5B9B0509E5940CDAAA55494E1905A2F2AD588,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065391Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.953{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_peg_generator\__init__.pyMD5=AC4BDB77AE2C8E164829EE14C796E71B,SHA256=50FB846D1105CD9A5358DCDED4299A16361F803125A975E56089E717163D0916,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065390Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.937{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_peg_generator\test_pegen.pyMD5=55920274AA88FDCE739CFE6509A916E7,SHA256=F52374CA8F43FBB10BDACAC94BC7AA604339892387F89C81F884FBB0925B1B3A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065389Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.937{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_peg_generator\test_grammar_validator.pyMD5=80665A5626EA6F90E4D25C1C7CC4188C,SHA256=63E4F4B4AAFCCE5B67BBF6471697B4754E4D0187F5F988E2DBCA6AA90BF3D390,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065388Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.937{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_peg_generator\test_first_sets.pyMD5=FCEAEE4AB4C86FC23A86CE8F0273764D,SHA256=06FEAB2178AF4EF313FBB3BA90CA97EB6FBB3D7D40CB7D39A75D31541EC6E8C2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065387Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.922{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_peg_generator\test_c_parser.pyMD5=3312AAA95B2092CD4498DFFD4B471E97,SHA256=287A89C90F1DB3CE7BDE84CFF8E3AD99AEAFAA210D200CAD3E722EE84A53F721,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065386Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.922{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_peepholer.pyMD5=F35BF7D8525224F66057933664909C2C,SHA256=7FDCFD0069432F858023F474763B49FF638F2F513EE5F680F3D16FD5C9CA1E40,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065385Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.922{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_pdb.pyMD5=052C79E1C61AF08C5BD6E97462F55984,SHA256=52932515E0DA5EA840B16DE62D7E790EB57926ED080F38A8CD4A05DDDFE9FA04,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065384Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.922{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_patma.pyMD5=87EBAF759AC6CC30A4DB0D5582A15453,SHA256=921D2D63CDE5CA9EEBC9EBA4EE86A5541702CB5AFA50C5F03589CD1CDED64F4F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065383Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.906{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_pathlib.pyMD5=A2FE432C4ED770FACC4F1467DE80DAA2,SHA256=E2B19F59F62F55C2D7D82E82AFF58F26D9A17913C10D630C686E440A0B68DB5C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065382Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.906{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_osx_env.pyMD5=72959457986C0977A57DFEF628600A17,SHA256=6B9793CC0F7B81CE31D1A4359D0DAAC710E1E5EE5817BF602ED7CE97154684F4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065381Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.906{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_ossaudiodev.pyMD5=0508E1ADD5909A16CA34991226032842,SHA256=BEA8590E3780D3326015630577BDF24A61E7F649BBE7DA14227C7728BB2A4455,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065380Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.906{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_os.pyMD5=61BF8CF9D3735B7E5FD6963B70144596,SHA256=D4736203156E8E9754C590E307512690C32ABA1429462F4F7F8A4246A2C79F24,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065379Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.890{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_ordered_dict.pyMD5=AB0257070B739BD5604796F3BAC06453,SHA256=25284978A98F523C32C295E1CFB5F4BF055E95C2A4A6F1C8405C930ED00D1C28,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065378Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.890{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_optparse.pyMD5=FD904270053952B017059D97AAF2BC0C,SHA256=E265D97DF96C21258832716F294D9D7199518310BDC88BB8544FF8C49EEAFF1E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065377Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.890{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_operator.pyMD5=FB2DF0C924F59F90C34B78FB71BD7493,SHA256=04D5CD9E0F8A2FCFB1A3CB09D40AE9077F39834EFBB96D6D679FB543FDA86785,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065376Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.887{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_openpty.pyMD5=67FBAE556B8C488736EE0600EBE2BA91,SHA256=2887B055B36B4D99179EF24C429D468062B067FFFE61C78C51CC8F5C458DDE7E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065375Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.868{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_opcodes.pyMD5=1E2E62FFA308649776EA6E27352918B8,SHA256=8FDA8DF686B5427B0540C49040E9E2D48292858952D07D150B45A96B0A5309AD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065374Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.868{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_opcache.pyMD5=4E4474BCF44335C8C3B37D4E507FE2B6,SHA256=95BA07B587F7D4FD4EA95613B489ECD9C9A04AAFF140D876174689D31D6ED4A4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065373Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.868{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_numeric_tower.pyMD5=9C8CE3E6364905C2E4AA20F1BD8D7D41,SHA256=90176C45D8A7F6545C118936C0EDDE0F14741EB7CD116E0C85CA6D62ED481BB0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065372Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.868{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_ntpath.pyMD5=D8C6E38A261344870A2B47B1766E6D11,SHA256=0DB595AE236AB3BADA306E5245290EC40C862EF76E51891AE9A5FC6A4DFBBD4C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000065371Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.329{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52452-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000065370Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.852{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_nntplib.pyMD5=E171ABCC9110F84161B91E640C2C9AE6,SHA256=A5C6124AAA4813EE54C49B6428AC3B54023635BBD7779F3DC1CDAAA59AE32A2D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065369Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.852{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_nis.pyMD5=CAAAFAC48A80DF577CE2B3C981B1A0A2,SHA256=120D284C0DDF3410F442BEF3EC89EBD3BF7DD3E193336A92D40D202E6663DE78,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065368Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.837{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_netrc.pyMD5=5D4EE98975D522190E17FE676C2D300D,SHA256=1016B6DA7D376E547F63267269234DA00289E3AF7FBCD540B326445EDB5907CA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065367Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.837{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_named_expressions.pyMD5=7B8F7C0EF60D80512777213C8ECA008C,SHA256=25605B4D1D867D8E3B87D4814DA463B652BEA891DB8FEFC9F12E5AFE07698F80,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065366Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.837{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_multiprocessing_spawn.pyMD5=C8D5C5DDBD0C9686B510C647EA4DBBB6,SHA256=CF4CDC1F18B79697F660829AA4D6002D27143ABEF28DBF67720F7A8B17C20FCD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065365Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.821{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_multiprocessing_main_handling.pyMD5=F195515D9015185BF507748A97835854,SHA256=DEC73DF97078E955EC0CE0C751B20BFBE24A90C9C26E7D1116970C3FC6A6EEFE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065364Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.821{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_multiprocessing_forkserver.pyMD5=E4508F82CFB79C13F558C0D4D557B2D9,SHA256=EA36C5784149A7EC6C6EC7FADEDB4E7BD8376FB46C3C81909D7254CDE8A1E3DC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065363Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.821{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_multiprocessing_fork.pyMD5=358D0D9DFCA438969BECF63C64BC8744,SHA256=55ECF7EAE55A46C2FDE5569A407F0E2802496762C8E61D764B28AC81295B1EA4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065362Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.821{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_multibytecodec.pyMD5=299066CA1042A64F80509F0DEFA0E45F,SHA256=C354FB97FD34633755382987F2DCE9CD3232879794B8343F617CB7D85C559ED4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065361Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.821{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_msilib.pyMD5=D22099DE787216B18F646BDD0F4FA6E0,SHA256=7C8F1E38D6065247D0061610680B88EE65C12323C78D77FFFBF9D01F11675AB5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065360Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.821{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_modulefinder.pyMD5=FB668A16DCDA6967DA96723FFA0295B3,SHA256=ABC89358DFE842E4201EAF707A4F5DA6AE1BD62E0A8CEE660B55C5F6588520F2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065359Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.805{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_module.pyMD5=690193C3789CD63E3A10B5E6DFBAC5C7,SHA256=E55FB53B20801337347BAF489E5D95C74931EF9E50EC6FC3F2E3345DC06FDF4C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065358Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.805{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_mmap.pyMD5=848F28A9970ABAB95579E28F36B0C70C,SHA256=66CF311BDC6EB116D24A3AEEAC7092FABC924B74B67955971A8D198A84B8A90E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065357Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.790{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_minidom.pyMD5=B6C2ADBF4B690B8DCB4939DA7C2D3903,SHA256=2E09B74FEF645A5C7D1DA4EBB29B3DCAE68A93253085B4AEBB222861C73FD14C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065356Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.788{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_mimetypes.pyMD5=586496AA68CB635D24C24814A73F68BF,SHA256=2E2C4F91DEF47938474051B6209A30C63FA1C847119F66224F65C88F900C6878,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065355Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.785{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_metaclass.pyMD5=D534FE86EF975AD4821B5DB48E74CEF1,SHA256=2D959446BFA650CD93B80690280F6D9E22AEF73035A89C534D8D2DDFCDE27B87,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065354Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.767{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_memoryview.pyMD5=7E50CCCBD0EC5BF2D8319F156E064E3F,SHA256=BA5026AE7EF553A56DD0C7DC3E49978523870EBEDA70E4030073F0F18AF63509,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065353Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.767{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_memoryio.pyMD5=1E4886AEA60BBA5BB40E51D9B500FE3B,SHA256=668803DD69652F7A1B05F41F81E064A8BB4F58A037416F153D491615C8EFC71D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065352Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.752{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_math.pyMD5=4003FC448DDF9E169CB6A6704C862E2D,SHA256=17FAFD0E3F13A8DB827C1ADFE78A121EFAF741CB9AE1B75B33186A7C3BEF7BA1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065351Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.752{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_marshal.pyMD5=A4DFB27AC28FEEF098FEC6BB44150A93,SHA256=0E44A6A60546AB6AD89BB5719719B687FD33BCE96239DC19E6A265055844AF66,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065350Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.752{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_mailcap.pyMD5=BE6E976E6276806B7A06A5A2324F4ACC,SHA256=EA6E3C95DE46E68EAF4DEA33BBE710804019DAD885B0C213E43560E43D6C0B2D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065349Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.752{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_mailbox.pyMD5=7FE49E2758EEAFABCAF68DC4E3D3D8ED,SHA256=CD0B5C3DF592A7215730D977399781EA71185AB6203B402FB85A9CE25CD04655,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065348Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.752{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_lzma.pyMD5=A117FBF49CC7CD95106CC984277711E4,SHA256=979FFC18B09067C60EAFB2D086F14EAF9AE995A1B9C0865444000B851C9E1F69,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065347Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.736{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_longexp.pyMD5=84950854085BC9CAF1E8D5C6E690E7C8,SHA256=0C6674FF951062A7567A3B2CF1B5434C443040BB2E75254AAB689FA55F16043C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065346Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.736{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_long.pyMD5=74184540A5A07E4C28C22427EA3D0B7D,SHA256=D0DF7397437D9AA849F9FF21B224DBB2AFADC1737A1E0A93FD0B176692828F88,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065345Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.736{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_logging.pyMD5=407CE3893E030611DE2B93FF9D924EF0,SHA256=D21C10796751E75F8A87865EB9B00E512594828F9BB1C4E93FF85CC09CE29E84,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065344Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.721{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_locale.pyMD5=A4116E78FBA0E90B949DE469D6F2CED9,SHA256=1E9C500B9C153D7B754F386805560F1F36AE8C984A845661463FF5429144E8D1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065343Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.705{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_lltrace.pyMD5=7AD6677CB5F833C7AB3D704975831191,SHA256=F7E90B59854563B85A1A9483443D40DF2F49599F2FA7920F6065D6C142DE9FF1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065342Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.705{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_listcomps.pyMD5=1C984F1EE5F7ECEE9D626F0ADFBFC464,SHA256=29D078631EFF15EFE8E2EFE2A35888562B298A4E6865FDB100B193BA59EEEB41,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065341Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.705{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_list.pyMD5=C7E32D22BB9760BCB410893D93C1CFD6,SHA256=7D5BFAC5A6EF856AC6A5A793CA295EAA63AC47357C0DB715EF5F25C3D72F948E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065340Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.705{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_linecache.pyMD5=E52956E1A5F9C1059823A2E838BAB5A1,SHA256=4B952A34467824E9CC32A0BB2EF525A27E7BED9F06EB162C397CD871FCB7A00F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065339Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.689{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_lib2to3.pyMD5=97E5B7A4367A6E2A107A80223CB6B727,SHA256=11AD19DB4C00C20199FBD38FCB52E6CA111F30FDC66978128F0D7EA6C5239C56,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065338Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.689{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_largefile.pyMD5=C6B065389F48F9115E2A65D8F89815E7,SHA256=D5E23E4CEBE90B6496ABB9F14B0A9E681312DB949C515B4F3273EA66B2673FAE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065337Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.689{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_kqueue.pyMD5=941153199D79648671C339AEDAA57A56,SHA256=32EC79FC66A09165E3574E8BBAD63FAFC42F93FF17C799C4265DC4E3990A5775,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065336Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.686{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_keywordonlyarg.pyMD5=C011E458F7F445DC114726A1FDCE02A0,SHA256=C27A672A9B000D24327E6A4344E383BA364E9C73AD9E091C30C4F1C98CE98ACF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065335Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.667{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_keyword.pyMD5=723624D5C94F34B233913A10D65A277E,SHA256=C834027374BCE293B1AA81B64F56B19639924EE23FD53BB5EC4DDE4EEBD05F88,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065334Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.667{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_json\__main__.pyMD5=EAA4A9D41FD16E095364BF4A4BC60657,SHA256=1B16E1F223858685CE1A857D818F773D964CFC5F3665D1AC68F4492B1AE1C95F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065333Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.667{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_json\__init__.pyMD5=8C9B2D2671A9CF521069329971B84329,SHA256=C92E6F5922AA56F49A453A43DC99E171925C18D1B86B7F9E9281593023DAC090,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065332Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.667{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_json\test_unicode.pyMD5=CECFCEEF0A501FB5BC7D502DD607F610,SHA256=6C3EFA66ECBA9158432B8137CDDB178146B1B796AEDDBC40E4864F11DE79CFC8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065331Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.651{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_json\test_tool.pyMD5=F2ADB2CB6F619F95C41617BBB8FBEB19,SHA256=B82A057FCEEA1996F226792B99E9602F1AE4B2F4957E72C8A522081884BD4E7E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065330Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.651{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_json\test_speedups.pyMD5=FFE5D6E9E6AC491EC837A84856BCDF97,SHA256=A16F0F96E30BA2C06F0313DB2159E54534C4C62BB25BB9EADC8C54F744649096,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065329Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.651{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_json\test_separators.pyMD5=EF62156F290D5FE19DB57065CF0F9238,SHA256=A72ED811CDBD40DF22D64D3868A5C5030145FBD0FF805145C6BE1E8F4E2E6A9D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065328Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.651{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_json\test_scanstring.pyMD5=DDE0D4F76518ED16A7EC4A6459AA1788,SHA256=55780BD983E2FCE9060ED1B076D4BEA3BFE1C1510137F915D33207A252427372,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065327Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.651{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_json\test_recursion.pyMD5=BC47898A98C35E19B483F774F720FAE6,SHA256=719E252C3E76B4D210A056BED62624C377EA37FFD134B1C8750E8FB8626B6C79,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065326Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.651{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_json\test_pass3.pyMD5=04FC820E721B1DF70688B830EAFF2C2D,SHA256=BD4B73ABFE475C90D672ECC3D3CE9FBDB4BC4DB0B3BCE263A6D17D0633F2AA4B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065325Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.636{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_json\test_pass2.pyMD5=3A2690293D357215BE3E2D8FB8A263A5,SHA256=F741F1B0015141E45E351CB980443A49DF4666E6A44A78FB369B74C0CAA7797F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065324Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.636{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_json\test_pass1.pyMD5=A7E072EE991D84E54E3D6E0E7F2CB094,SHA256=F8665B0CCD2054622EDEBD201DAACBB620B521CD2139C83B9B2904010F3C6566,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065323Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.636{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_json\test_indent.pyMD5=A269D293E06BC621F34BA39A590A25A7,SHA256=06D886D0A9315FC38660A4B31107096A501171156870D42E42FA9A57AB2A67EC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065322Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.636{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_json\test_float.pyMD5=6A69E4BCF9106828B022F789AB5FE6E6,SHA256=DF131FADBCC1EEB91ADA359885BED63DE21901357CF2166A3699523CB3E1B4F5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065321Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.636{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_json\test_fail.pyMD5=B73E36D420B74B2690FEF1140669E573,SHA256=4EE645B371265691E336DA3FC9109ADF2FB139230F4A48CF07BFF27D55508FD5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065320Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.620{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_json\test_enum.pyMD5=77BA33446B9D59136FF5AA7B3A887F7F,SHA256=F1664C98EB879EB2DCF906157191E9F72CE049978D1B071AF732D36CB347E277,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065319Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.620{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_json\test_encode_basestring_ascii.pyMD5=6BED72555496EA97276BDAA4CACA98AF,SHA256=C3F667E6C4308D28487819C2E2CDC16A2564CCA34AA3CCD730E849070331E1C9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065318Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.620{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_json\test_dump.pyMD5=48104972BC95FD003515DF3213B9B5AF,SHA256=F7FB6673B80AB028F1FEDD1F7E4BDBB4CC895F2BCACFF48D4FCC194C7F51EFEE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065317Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.620{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_json\test_default.pyMD5=15D066145555D5AF787ECE8861B3208F,SHA256=F8DA033D566EA03259A5487C520B64A410720D85CA44E1AF7EEF106DD3D2EE0C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065316Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.620{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_json\test_decode.pyMD5=BD8F6CAA999B80584F26698C35E0B010,SHA256=47860BF074592B4AB8A370132C6B85E063514B0BDDF43800AB79996C2B69A4B9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065315Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.605{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_itertools.pyMD5=ED97FC591861DE6559BB9D86777CEE96,SHA256=5A0ED61FCBF73C315378C4725E57D1B2AFC717458A190F4D46891FBA23D460F8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065314Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.605{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_iterlen.pyMD5=C343F16B567ED049E83B5AF1D2EA15D9,SHA256=040273850B01C5CDC244B384029AC472443D535E10CC2E0BADA9C0861421E0AD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065313Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.605{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_iter.pyMD5=E29D0E3B65BD5B8A265AC00923027B85,SHA256=85809B548FB2E455BAC8D809D1CACEE889606DB0FB5AEC253EADE9D6FB0F496F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065312Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.605{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_isinstance.pyMD5=65607C4B38A7F0BE1B27A9581E8431FE,SHA256=08CB0F3732C94201FC572CE95CC8D2AF14085B030D5D06F7ED88B76252A259EA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065311Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.589{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_ipaddress.pyMD5=D1CC8523E8B8172961A717740149E0B1,SHA256=38251BFCFC70A247F1CE78B551902680895381D60A25076EDFA7CECA1556D3EC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065310Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.589{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_ioctl.pyMD5=B600E132C292C85019DE11E9CDA5FAD8,SHA256=E741D14A68AA1C9E70BF35D3F0FEB71842B870ED9189E801947FA5B489419CD1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065309Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.589{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_io.pyMD5=C6F0B9DE8BF7638FB6E9CCE7D09F710C,SHA256=793DD97860EA372FA9E080C02A305DFED307364EE30A3B8806D64B6E690995B9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065308Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.589{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_int_literal.pyMD5=7FA4597E9A610CDAF0DF074406599CFB,SHA256=827BE5C05DEF49B17035761E1D1CF8A62A53C2DD637B012303CC35C623A0E389,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065307Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.588{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_interpreters.pyMD5=0D162CA99F3869C00A61886E754A616D,SHA256=47D52D047951D3030F843CA6AEC2EE7C50F1CC1CEC8C55364EF458378E9BCFAE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065306Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.586{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_int.pyMD5=E64D53701E377DA4A99E0B41130151E5,SHA256=099EC71E4CF893C6C04282E2B6016D12423AA826313E45E83F125EFD2B7BE258,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065305Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.583{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_inspect.pyMD5=630E0C3451BB49083AAE16FE55E800AF,SHA256=705C8C03F99FA06A9E6DFD8D1D270E26A0808E3832B6DE51AD26242587E22E41,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065304Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.567{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_index.pyMD5=006A9A5EEE7B0AA5F87CD550E05FEF9E,SHA256=368DA407B60FD51B6268AC4BCAA68AA066F3230DB6625BE3A5F365548414917F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065303Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.567{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\__main__.pyMD5=47878C074F37661118DB4F3525B2B6CB,SHA256=B4DC0B48D375647BCFAB52D235ABF7968DAF57B6BBDF325766F31CE7752D7216,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065302Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.567{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\__init__.pyMD5=C3239B95575B0AD63408B8E633F9334D,SHA256=6546A8EF1019DA695EDECA7C68103A1A8E746D88B89FAF7D5297A60753FD1225,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065301Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.520{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\zipdata02\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065300Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.520{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\zipdata02\ziptestdata.zipMD5=837113676836EBA57A1C6545927BB1D6,SHA256=C9D23EFE3FB1810EED0F1A81A7D7233AA5C11B1529E9905BC1526EE978FE9EB6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065299Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.451{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\zipdata01\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065298Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.451{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\zipdata01\ziptestdata.zipMD5=9C68BCFAA117CC531BEBE0E4DC83D0C4,SHA256=CF939FE1DB2FDD3D2DFB8E81D0CB15871961B0F18CCF6F1A5212435A98F7FE86,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065297Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.451{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\util.pyMD5=77BD33E30CAF737807862C0366D24750,SHA256=B4CCC3CD9B8C2F2D959FE8592C96DD32D56529ADDD6C10D81C14C5A8D64B755D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065296Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.451{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\update-zips.pyMD5=CB294B03A0F8E1C737817494AA018D1D,SHA256=E913F2A9F4468A538B684118EF369D449143BC3448F59FEB3C525B6B049FDFD9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065295Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.435{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\threaded_import_hangers.pyMD5=EA0A3054F21885C7D40D18B4F174D4E5,SHA256=4623E605ED887E5CA142AF5A0570CDA6DB6FFE753C7E32E9A23EABFAC9BCC505,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065294Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.435{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190426-052856-00000003-ffffffff.binMD5=E093712E84B60F401F90A2C1A81F182A,SHA256=CD0B45437F46ABE4273CD5DAE204A2CF5698F779A5696BBC771C58D6C4F6B824,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065293Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.435{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\test_zip.pyMD5=3C0805E46B3643FF88F729D6A8FD0E3B,SHA256=CCC0BF7E512C98A39E7B37B5C97907E0E42DD584781774BECC44C9C1C73F9461,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065292Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.435{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\test_windows.pyMD5=2E6BA877E224F7B5D81B82D1AFC570B9,SHA256=8B8F4A2D5680B2CF68CB72EDC35EA2D8A4C95B3DA7627C971DE5FE1DFE5F99C6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065291Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.420{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\test_util.pyMD5=071C245336C660DF3676097D4A914A3B,SHA256=4D70F86569F9A9183522A75E55C659C41328E7455FB961033895895AE98DB544,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065290Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.420{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\test_threaded_import.pyMD5=ACFCEB909C8D63D79D615A9F2ABC10FD,SHA256=03445BE18862F1C0D5BBD50DA26B2B46E16E8687411127927476181D01089B39,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065289Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.420{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\test_spec.pyMD5=AD249E98ABFC01F9D89A0AE81A75A70F,SHA256=2B471607A29B52F8D84BB2D70961326D9BE22C00CF3298D9A51F3A7D6B83639D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065288Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.420{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\test_resource.pyMD5=710186037DD40540D25FBA7E40398BCC,SHA256=021DAF947F761C235DD49A640D6B5C3F46F018E946E8B9E3C654547058370480,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065287Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.420{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\test_reader.pyMD5=14E1BFCAA041720F621EE99C07F8D704,SHA256=4E4CB2424043688D448E58EBBD78C406D600079A3D2B642BF35F5FF36256DDFA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065286Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.420{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\test_read.pyMD5=556080BED3368948C129BAF25BA694C7,SHA256=13BD039D72841CE28AE0322101AE81BFBA85CF3D57C8B2056CD49A1553F29E3B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065285Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.404{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\test_pkg_import.pyMD5=81B19B11A00A712C0C0024AD7E00647B,SHA256=7BC935957E44D3B18D6032FCCA6808124014BCE9389261DAE330563E7684F154,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065284Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.404{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\test_path.pyMD5=4C9CF7860A45228009E83A64DE25A3BC,SHA256=95A69B5632BCDD12F0429B29ED0BEE9ED3209D2E2B7D8C05F7A3730D6013090E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065283Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.404{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\test_open.pyMD5=315B1C277926A268BB9DACC906DE433E,SHA256=EF7A16173AC46586C8EB86F5B1F565CE85B033BB85267C65EA65DAD44EB12FF9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065282Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.404{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\test_namespace_pkgs.pyMD5=F47F9CC3E7614567C3BEF753C98D292F,SHA256=732C31A81C1256BFA165F3CD927C78D43471D1B8E897055F8D75BFCAFA39D95E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065281Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.388{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\test_metadata_api.pyMD5=3574A9C84F7B65980FED027DC5A29C7A,SHA256=4A8D2A07A47BFDFB06C5B789D38347952C096DAA8513381970D7DB2569A6F22B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065280Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.388{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\test_main.pyMD5=019BC57DD9D6E8FCB3A98D3E01A16C48,SHA256=B2AA9B562BDF1C3684C9D6BD12AC62C5C4E492DEDEF03611D27EAAECDF44E169,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065279Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.385{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\test_locks.pyMD5=C4ED96D4A46C9DDDAEC30CAF829F4A46,SHA256=3ED00C92109F24466CA09811C95E4322A2DC8068EBCDF50DFEF8B7C594476F1C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065278Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.384{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\test_lazy.pyMD5=53E2DB7B3B6A49F6AF8E4851776C4345,SHA256=BB8C5647CE638CCB45735A3F8E913CD514DBAB8BC8F16027D059CE88DAC3F8F7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065277Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.366{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\test_files.pyMD5=A1A871938A43DA6CB7F1BCFC52E161DF,SHA256=854F0FDFBFAA46D7E8A9BAA33770E331E50DD66E53577689B68F34D892851DE6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065276Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.366{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\test_api.pyMD5=4D745C81C3F665444EAB238B8EF66F1A,SHA256=9B0320A3BF4D7E730E4928EE096EA000D1C80C3CD9EAE17FEC675101BE760FED,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065275Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.366{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\test_abc.pyMD5=2C780B017ECD1DB274EC555FB6ADBCD7,SHA256=D4CF5F37502388FF2D4DF72DCD0C9ACBFDC169AE581868AB88F04E76AB65E83F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065274Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.366{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\stubs.pyMD5=189C3BE044AAE727D3B3DE7106DB6F26,SHA256=110396872E52CDE021829D4AC32F342462164A24B6F68ADEE6211D435496689D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065273Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.366{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\source\__main__.pyMD5=47878C074F37661118DB4F3525B2B6CB,SHA256=B4DC0B48D375647BCFAB52D235ABF7968DAF57B6BBDF325766F31CE7752D7216,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065272Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.352{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\source\__init__.pyMD5=C3239B95575B0AD63408B8E633F9334D,SHA256=6546A8EF1019DA695EDECA7C68103A1A8E746D88B89FAF7D5297A60753FD1225,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065271Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.352{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\source\test_source_encoding.pyMD5=37A6301037CA45DF4A7E94A968F350B4,SHA256=2B336D93330B8CBFD2549EF540C20360E7DE69C4E9DBD42310ED652AC09ED898,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065270Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.352{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\source\test_path_hook.pyMD5=AE0C47BDA09A5D561CA22D1929E24929,SHA256=E376A03EC843B0E45663A38EC4C79B1EAB53ECDB09134C77DB6DE2D15B8AB984,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065269Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\source\test_finder.pyMD5=EC16D4A41C1B000F3A3DF71050676C35,SHA256=DB00856FE96E5ECC4AC2E86F70125729DC452546A7FAE1F493B392BE57CF849E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065268Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\source\test_file_loader.pyMD5=C97ECF44AA1BFEA1076AA124200A3B6D,SHA256=A6CFFE1AE604408257AAFDEBB92C2B67035DAF6A4D77167B504FC9F7FCD4FAFE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065267Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\source\test_case_sensitivity.pyMD5=6B46BB20FFE667AFD0EE4F4B3138C45B,SHA256=0E2436A1B8D958210687E53AFA6CFFD7F405CB76F888FBF2346E65EE2436DA09,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065266Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\partial\pool_in_threads.pyMD5=BA500A8593DC37E5DF5E6E4C40BDC5AB,SHA256=1F1F510FF7A664C73C52E4BD4D4420B73BA5CEA282D2A028BD375E61DB9624FF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065265Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\partial\cfimport.pyMD5=5A001D57629CF138601CCBE5F17F289E,SHA256=2EE3DCB5CDB84FEFA2D3862E0B09B22F56CFC3671782F389F9A5E4C4A361B3DD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065264Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.319{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\namespace_pkgs\top_level_portion1.zipMD5=763AF8A808D780C144E92969A3E747B0,SHA256=42376EDE22FBD49CD23ECB7FCD690206B53E5304C1C75FCF36358AB8ACDDA62A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065263Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.319{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\namespace_pkgs\project3\parent\child\three.pyMD5=30D207A906984F4C7F68246AC6FCA957,SHA256=49F8A3D18FEA8659D5B325E23D6672AA94FA9D0F6975A1B7335B648BE43927A3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065262Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.305{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\namespace_pkgs\project2\parent\child\two.pyMD5=7AE7F92C4823C9F343F3CF1F73CC1E0F,SHA256=86A94D7EE54CD1DCABE0E9D5B0532B48671595C17761A9AA1CE004763E530818,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065261Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.305{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\namespace_pkgs\project1\parent\child\one.pyMD5=14869E08B2999FBDAF325E28BC241967,SHA256=F1487F1FF5E5BDEE7E8D0D3938FCC93F83B6E893DE7A55D416AFA2D63B17C758,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065260Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.305{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\namespace_pkgs\portion2\foo\two.pyMD5=6CA79589C1331FA70FE553387FD58836,SHA256=98A896979DCF8B2A74456263076953F23316C31D7E144525D7AC022F4981A9CB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065259Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.305{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\namespace_pkgs\portion1\foo\one.pyMD5=002C0C3DD72075EA93C1F9F17BC55009,SHA256=8F083D9F27AFA6518D7B058BB322D3E79C0BECF9F38A96334AD7A3CC4B3483FA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065258Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.288{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\namespace_pkgs\not_a_namespace_pkg\foo\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065257Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.288{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\namespace_pkgs\not_a_namespace_pkg\foo\one.pyMD5=002C0C3DD72075EA93C1F9F17BC55009,SHA256=8F083D9F27AFA6518D7B058BB322D3E79C0BECF9F38A96334AD7A3CC4B3483FA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065256Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.288{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\namespace_pkgs\nested_portion1.zipMD5=6C201C0A8A4F3C62BDCF121E53D531BE,SHA256=9D6E1C27870CB53512A2E29AB03E61C25188EBED57E933EE5CE4E749D72C0A87,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065255Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.288{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\namespace_pkgs\module_and_namespace_package\a_test.pyMD5=EA8BE63F81D381768CDE1B741A7EACA8,SHA256=1F2837FE53CC8E6B4521CE1BB5334112034C601713C6C1758C5453D31376CB71,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065254Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.286{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\namespace_pkgs\missing_directory.zipMD5=7D008B3FBF50D3014B548D776379A7B3,SHA256=2507EAB0CB7A594B25FB2FC1C6A0B0F27AF53D1980BA358D4E0C1B1DC32A9E63,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065253Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.283{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\namespace_pkgs\both_portions\foo\two.pyMD5=D63860EE3F484D9C6359034E733CCE21,SHA256=0840CB89E8678DA285ED4E3838AD018D86A127686FE608589EFBBF7157FEFC5C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065252Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.266{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\namespace_pkgs\both_portions\foo\one.pyMD5=C82E1C33D4907BDBD659E4C9AC8F7372,SHA256=4355B337EE4571811295F8CB425ED725A992A718B884B1D16461E3E9CA940B5D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065251Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.266{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\import_\__main__.pyMD5=47878C074F37661118DB4F3525B2B6CB,SHA256=B4DC0B48D375647BCFAB52D235ABF7968DAF57B6BBDF325766F31CE7752D7216,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065250Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.266{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\import_\__init__.pyMD5=C3239B95575B0AD63408B8E633F9334D,SHA256=6546A8EF1019DA695EDECA7C68103A1A8E746D88B89FAF7D5297A60753FD1225,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065249Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.266{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\import_\test___package__.pyMD5=BA95D3434AA48FD46EAF50BBC3E6C3A1,SHA256=9EFD6E241A26E253E4EE518053EEAE2020BCFFE41F0DC492A07FE1F87F051532,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065248Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.266{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\import_\test___loader__.pyMD5=57EC952828D8B45CC91E89195E1BE5A9,SHA256=798C34AE9697AA07C7A2DF24E6F1B44F38428531E4ECB7CF71477245E5CA52D4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065247Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.266{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\import_\test_relative_imports.pyMD5=B7E776F41ABDD4828E1ED3B083122E21,SHA256=211FE0F30A5DB1BE3A095523994FC1F3D8481D469FCFE70F9FA24E067D41FE84,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065246Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.251{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\import_\test_path.pyMD5=84EB89D16108AEBEA2F66874E02DADE9,SHA256=7CBBD9D574C5B31A57CEBF9BF46E7D194DD5B06D5019BA90BF6010CF73994A8A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065245Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.235{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\import_\test_packages.pyMD5=6750957AC27B7DF5D2A755EB1B229869,SHA256=E5F59EDC4DE2D13B692626C7B9A5ECA5D1CA0E4B97E06200F46274E67A8A38F2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065244Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.235{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\import_\test_meta_path.pyMD5=570D5C132B4039D2A18ADB3D7CF94997,SHA256=FE9C3D12F1C44868EAF37FE27AD5570F3546363E0E570BFD498C83D86029BCAF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065243Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.235{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\import_\test_fromlist.pyMD5=D1AA006D69261A9556493BDAC68333C5,SHA256=4B96E7740C8D86AF948939CA2182BC300667624B9120222042EEC1C524548674,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065242Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.235{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\import_\test_caching.pyMD5=5AF7ED8936B4548178F404950B7796D5,SHA256=8556B49AB5F106AB94176910058DB05130C0CB446A0B1F67DAE952F947B81D21,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065241Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.235{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\import_\test_api.pyMD5=0B252A1497766DC46D20C2511FDE60B3,SHA256=DB847C58AEC71A3E550A5CD8BB3C79FDF02E3A1DF28F8125885BA68156D981E9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065240Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.235{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\frozen\__main__.pyMD5=47878C074F37661118DB4F3525B2B6CB,SHA256=B4DC0B48D375647BCFAB52D235ABF7968DAF57B6BBDF325766F31CE7752D7216,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065239Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.220{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\frozen\__init__.pyMD5=C3239B95575B0AD63408B8E633F9334D,SHA256=6546A8EF1019DA695EDECA7C68103A1A8E746D88B89FAF7D5297A60753FD1225,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065238Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.220{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\frozen\test_loader.pyMD5=AE4FEF7C46CC2EE69DCDF420E869CA4A,SHA256=F9E38B25FECD4A5FECEB82848E72FEC9DBA6A3DE9BA6C872D9220DDA0E424B81,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065237Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.220{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\frozen\test_finder.pyMD5=676C4DECD7F22C213FE440DAC6B8EA7B,SHA256=78B4688030050C9E411EBB7D1FC90EFBFC885FBDD86C423BDBA20414B7D9A25C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065236Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.220{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\fixtures.pyMD5=3FB3004D2667321AFFF4CD09BEE34D43,SHA256=6C7F553A8C740E2FDDC1F3CF8B0A957A048806575576F066C209B9BF3652B323,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065235Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.220{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\extension\__main__.pyMD5=47878C074F37661118DB4F3525B2B6CB,SHA256=B4DC0B48D375647BCFAB52D235ABF7968DAF57B6BBDF325766F31CE7752D7216,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065234Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.204{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\extension\__init__.pyMD5=C3239B95575B0AD63408B8E633F9334D,SHA256=6546A8EF1019DA695EDECA7C68103A1A8E746D88B89FAF7D5297A60753FD1225,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065233Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.204{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\extension\test_path_hook.pyMD5=3360534CEDD85D77B089C44FDFC94E9F,SHA256=AB8E466A7F215FA3DA46A45A26DA25CB3BF33730EDFF24E1CF162888631ACD7F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065232Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.204{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\extension\test_loader.pyMD5=630C5EDA429012CE0C6325354D4202D2,SHA256=597127D59C37FAEC32116779B841C3C2B464A5B0D0EAD1CE18C50EBD304452F9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065231Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.204{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\extension\test_finder.pyMD5=232218B1BA07D905C86BB472403121C8,SHA256=6865CC54735942109BB92DD553C81ED6FA62F246FD3C615B925F1E33B07F6386,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065230Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.204{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\extension\test_case_sensitivity.pyMD5=87B4B5BA5CEBB92137BA285FC665DE5D,SHA256=C48264C0031B4824316610BC7E3177E112434A2F4A48778CDDD47E6499914516,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065229Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.188{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\data03\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065228Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.188{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\data03\namespace\resource1.txt2022-01-17 14:25:12.000 23542300x800000000000000065227Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.188{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\data03\namespace\resource1.txtMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065226Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.188{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\data03\namespace\portion2\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065225Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.188{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\data03\namespace\portion1\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065224Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.186{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\data02\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065223Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.183{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\data02\two\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065222Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.167{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\data02\two\resource2.txt2022-01-17 14:25:12.000 23542300x800000000000000065221Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.167{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\data02\two\resource2.txtMD5=5130A328F2E9D2B2C6690D77509DC335,SHA256=8D3EF7FF1A0B9E519AEF60753D25B97AB16E92D7FF738008BC7C0E66D7291E42,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065220Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.167{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\data02\one\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065219Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.167{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\data02\one\resource1.txt2022-01-17 14:25:12.000 23542300x800000000000000065218Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.167{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\data02\one\resource1.txtMD5=62F1DC44B9E478898539A0BE6BD024A3,SHA256=1460CDB7A7300980BC07AA66813131ACF55F5DD251448B652BE01DCF23178C22,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065217Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.167{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\data01\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065216Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.151{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\data01\subdirectory\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065215Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.151{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\data\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065214Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.151{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\builtin\__main__.pyMD5=47878C074F37661118DB4F3525B2B6CB,SHA256=B4DC0B48D375647BCFAB52D235ABF7968DAF57B6BBDF325766F31CE7752D7216,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065213Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.151{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\builtin\__init__.pyMD5=C3239B95575B0AD63408B8E633F9334D,SHA256=6546A8EF1019DA695EDECA7C68103A1A8E746D88B89FAF7D5297A60753FD1225,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065212Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.135{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\builtin\test_loader.pyMD5=42EBC371A66A3362C39995CB421B55BD,SHA256=ABFFC9348109C88FE4DD2A327808821F0DA22C6B2D56DBCE99F19A334D8D7FDC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065211Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.135{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\builtin\test_finder.pyMD5=C803E20D4FA554705C2E33B822AF29AC,SHA256=7E36D0474DB416D3E9B776ED192F587CA2E50441C62D7C392F8F7E4FFDB21D32,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065210Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.135{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_importlib\abc.pyMD5=64D9BA83E85DB2F0081F885C9323F370,SHA256=ED83B8980FD2354DCD64BAB7799F6B47A06242856644A75CD3AAD7B557EF2512,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065209Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.135{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_import\__main__.pyMD5=569E2F7D95B6048B836AD944C028DDF8,SHA256=C48064D8658BB5FE46AFE99F6B3522BD241199B0977504D6DB4CC5BEBDCA26C9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065208Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.135{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_import\__init__.pyMD5=095755D69C34F387D7C4E2D99140A2FB,SHA256=27C5960AE4B5660B22FF63935A5F8F80E82FA2C204E092647A6024790ADB5C4D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065207Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.120{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_import\data\unwritable\__init__.pyMD5=3716460AA2D2253C25988638BBA7C915,SHA256=A8720452F6032226604A55DB6D9A450816D6643E88562E3EC70C7F77CB10A448,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065206Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.120{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_import\data\unwritable\x.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065205Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.120{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_import\data\package2\submodule2.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065204Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.120{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_import\data\package2\submodule1.pyMD5=99576200637C91BADFBE0500D4E3AD1D,SHA256=CA9277F3CC1854ECA93A513025F8D90D48B7C894B33FFF396E0B930B30833BD1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065203Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.104{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_import\data\package\__init__.pyMD5=8440D1A88A540DB2988A8FBEF4764C41,SHA256=E3FA7030E5CEE47647DF01CFFEBC4281594636A3876C5D7B409E559F21F2ED94,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065202Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.104{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_import\data\package\submodule.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065201Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.104{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_import\data\circular_imports\util.pyMD5=26DE9AA26F4F0B109363B91EB9F8BB97,SHA256=0A00579F58936A271C5A5E903D2D4F26BFA11347F83222F217263BF2ECFD546C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065200Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.104{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_import\data\circular_imports\use.pyMD5=1BCF7A356208854B085D164ACD106B68,SHA256=590ABFEC8D6B364CB467DCD49A452D4DF2C053703DCFF8FAEA832E91DC88A597,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065199Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.088{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_import\data\circular_imports\subpkg\util.pyMD5=26DE9AA26F4F0B109363B91EB9F8BB97,SHA256=0A00579F58936A271C5A5E903D2D4F26BFA11347F83222F217263BF2ECFD546C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065198Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.088{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_import\data\circular_imports\subpkg\subpackage2.pyMD5=83BDC98CF45AEF6253D54D99988DE4EC,SHA256=1C19BB7BC70ACB180F4E980D41BCAD183C881F470F43AEA2EEA31DADF96DA776,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065197Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.088{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_import\data\circular_imports\subpackage.pyMD5=D0A2A90CE8677DBE585569CEEAB29985,SHA256=2AA1C086A9DD1853B3EAFC45B875AEE5ACC94DA1262E6B9C0189445E47658F2E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065196Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.088{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_import\data\circular_imports\source.pyMD5=FE6AD76E049CE888E5541CD5A232C4A2,SHA256=09F6C9E96A9AC0A67B70A13D37869AAE9170DC75D01FDFEC51331E55E0AF04C1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065195Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.088{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_import\data\circular_imports\rebinding2.pyMD5=6FE2AC53B446ACFCF751D3B0E9C07623,SHA256=C37D914015B3A8F7438F7D9DF9BBC286A6EBAD526DC7A1973F6BE0DA2B21DFE5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065194Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.087{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_import\data\circular_imports\rebinding.pyMD5=A90632706C1C2997B1AB1DDA1B8E13D5,SHA256=92980D6A5112EFCCD21A6AD81B1DA800B014876250452A89C7C7ED13A04160B6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065193Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.083{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_import\data\circular_imports\indirect.pyMD5=69380EDBA31FF4FA45AC6897D46E4A4A,SHA256=047E26111C07BF5EDF82753077A2F042EE38E6E5F1F6B66D5E1F839C37933FFD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065192Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.068{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_import\data\circular_imports\from_cycle2.pyMD5=3CB466142FF7603CB74695B329A37D2F,SHA256=EE9100E507F95607BE7CA57727230584A8EF2770A5D93978118DF94F77FA3E3B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065191Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.068{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_import\data\circular_imports\from_cycle1.pyMD5=22EE86C529DC26C36A6CBE56F2AB7DBC,SHA256=DEBF593DA4D368D3F432B0908D646AA5FD7C6A2B9F4367F9AC4F9C0EB930E93A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065190Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.068{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_import\data\circular_imports\binding2.pyMD5=7B44868F632E8550CB322E626156EEA6,SHA256=921760B626050E195C47C6E46C7B01BB39CCA18097FAF0E2D238A0D4888B512F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065189Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.068{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_import\data\circular_imports\binding.pyMD5=CC4022FB1287D654ADCA563B52F42B94,SHA256=E0D54CE3906E0540BCF9845468F23FCE2B35D4D2B85C28354AF2B307762D656F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065188Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.068{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_import\data\circular_imports\basic2.pyMD5=9DB03E8738AD28CB0D3CFF641144C32C,SHA256=DBBC711E83AD2CDDEA4342571A731821FAE135B3BCB0BD3C1C8BD18A0D68BB4C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065187Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.051{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_import\data\circular_imports\basic.pyMD5=FCF1A769D74BBCCFC03A7298FDE9C237,SHA256=5DE0AA4D9A61A085DF7506B3A3594C47F0406C3CEB9EEACAE11BAA3B82D27EF0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065186Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.051{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_imp.pyMD5=30B9423918B9688FE22A2973414B5111,SHA256=F805B2E10CD5E8A8F0520B8D59C3754871D9E0CFCD112C761A475A178A701FFC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065185Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.051{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_imghdr.pyMD5=A7D9DE13E04EB07DC642EED4D89A524D,SHA256=CF052117F2B78274E94806EC2E7233EB3390D71A18E949C5DB785621DDAB252A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065184Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.051{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_imaplib.pyMD5=4B7AC2FD4AFC97037E285A3396615918,SHA256=F47CE0634D18F2D1BBF17F1B761CA044F68EEABF39DD28E84AFB828B5C1D333A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065183Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.035{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_idle.pyMD5=814272E89CDD3EA65D003F7E6FA818F6,SHA256=1F8CB5EB85D927510988B5F9F0A1B568284B837923D38D308AD9625FE058E715,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065182Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.035{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_http_cookies.pyMD5=6D84ECC00939311E7BE3325D9D4E40A6,SHA256=18E670244455C1300A1DE64433F5340DDB557933A149084260C809ABADB785F6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065181Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.035{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_http_cookiejar.pyMD5=8F74DDFFCCE80F2976EAFBC4BE87E6EE,SHA256=64AECAC244357A62E4B0D84CE66114CE5C2E082BF5C38A65A9FFCB4E986430D8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065180Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.035{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_httpservers.pyMD5=980295099EAE159784A8DBAFF27504E3,SHA256=554C48A87341D760AA6F9C0EE07A93F8B433BC6E0341A7590859DFF43B680F9B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065179Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.035{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_httplib.pyMD5=6844123E1C44BA598468483D621E704B,SHA256=16A446F21CC26D3ECBA120E25659D73EACF1D77C873BD1724070F57FF327B1BA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065178Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.020{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_htmlparser.pyMD5=03BC30D47078AAE1FDEE1867E1818883,SHA256=183CDE8226471C0790A8ED2DBA397A7B5BF5D218C56D1DA72DC690AAB1C382FF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065177Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.020{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_html.pyMD5=D846BBB9284833A1D16F9DC2CB4556A6,SHA256=B96FBB87B2804703116310BE9AA3CAF04D00096F6034A83EDBCD7EBF085CCDFB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065176Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.020{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_hmac.pyMD5=1F340FF673D486DA191CC5ADF27CCA58,SHA256=D4A46598802B090FB820711B06FCBBF32404D52D0937F99ABA5B0AF47A5ED589,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065175Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.020{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_heapq.pyMD5=05B8F6DF38D1B761A6DD1E934C6152A0,SHA256=BC7F227197D52ACD400F6E998C57293AFD7115B3BB0D52359F09A978184B65BC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065174Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.004{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_hashlib.pyMD5=0EA91A99CA98FEB28C51D9352E40B37F,SHA256=AE35FCC89AFD52612F44A4AA0D335182511625D2EEAD34B223A48815AF062B84,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065173Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.004{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_hash.pyMD5=7D425DAAD4050A57E5AE4584720D6382,SHA256=35C3927B5B9892370A068EABBE1C5CAF0F143C5FF5BE228D47AB054320976F67,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065172Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.004{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_gzip.pyMD5=D4F94AFC1420FB54C332CE8D8B258E01,SHA256=171CB4AFD1B6DBD9D3D04F0FF6833F5876DA06B4BF7C0F8C6EED722EF04FEAAC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065171Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.004{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_grp.pyMD5=94FEC4FC49F355F1BB89015323EBB7D0,SHA256=12ADB6F084303B12DA7A4955953904EAC19B96F6F560A371BA28A8336C83B117,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065170Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.004{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_graphlib.pyMD5=7D824FD8E5500447216DFEAC7E7560C7,SHA256=357369516FEE2BC5FB1870E0F875950673491FF4FCE1F87531F27452793E9685,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065169Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:57.988{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_grammar.pyMD5=C0408727B78A37F71B8A21D19A12D39D,SHA256=3017C4DA23ABE79D0D1CDFA037A033E0CDA6EBD997123F16F0E0B601067E6497,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000031934Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:58.014{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F15A535708D6B68789425DDCB42FCAE0,SHA256=1BF967F0D697A9DF9E17F5E737CCD616F32D0AABD2163B577AA33CAE9B5C5FE5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065665Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.994{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\trace.pyMD5=BB2B2BC41DE7DCF42C3D7DFDB0CC0205,SHA256=5B8FB11043B5EA2179B1F00303E4918DA52872620AA77393A4C5C5389EC564DD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065664Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.971{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tokenize.pyMD5=A17093EC72AAEA5AC4577A66AA08A854,SHA256=2358675675BEB7A085FB97A7470B7E96327DFA8DE25BA49C5E5B4153197A4086,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065663Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.971{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\token.pyMD5=AA65A2487B85B91AB92597D0AB01B3DB,SHA256=DEEF9E816F02D761501BB6E28870B204E2341D39D3D5D0131F5853781CBF2C0E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065662Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.971{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\__main__.pyMD5=C24672F1BCC17065F7661F34E4983521,SHA256=A535E36B6F3EB57EE9B7F9633AB082E41CA0BB8C3DD701521240757468EF5151,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065661Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.971{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\__init__.pyMD5=14390783AA1E90D8F86404D373069A87,SHA256=AF231CE7C9696A15D36655FB407EF74EE4DF59A82D46B64AD39A7A3B770990F9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065660Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.955{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\ttk.pyMD5=748475B73FEB46A2AA9BECD1137DC825,SHA256=3CF6A5B5BDD93125BF045A41DB6FB3E1B21B6C13AD966F25DF847FDAE7C3160B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065659Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.955{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\tix.pyMD5=02B37ADA412374DD11747E2E6D5B28EF,SHA256=148289ED9E1231E055A28FF6BAB1122E4094994914A532ED83F7C1A6DE8C1383,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065658Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.940{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\test\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065657Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.940{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\test\widget_tests.pyMD5=AD58BD3C2C32662C1A68C21D3D1490A4,SHA256=88BBFEF2548E20164856F726F05543CAAEA8541F666054B6BB83FE3F86E6B496,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065656Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.940{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\test\test_ttk\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065655Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.940{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\test\test_ttk\test_widgets.pyMD5=9BA003E71F7D1F44F2E357BC3DA44990,SHA256=488F8D6B82844839341762652E8A616601E52C271E5D1E04CC6754FEF7188ABE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065654Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.924{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\test\test_ttk\test_style.pyMD5=099472B555F22C435CDEB543DE8F4DFF,SHA256=98F7AD733685C66B3AC1E785B7BD2D00C811B0BF3BD18462CBB6FEB603BA2228,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065653Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.924{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\test\test_ttk\test_extensions.pyMD5=C8359A19B89C0AF3A69A907980ED5D29,SHA256=E51806EC9B6868A4CC39BD32EA0FC3E922B6594947CA0EEDB53E6C9E2DF00934,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065652Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.924{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\test\test_tkinter\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065651Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.924{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\test\test_tkinter\test_widgets.pyMD5=1B84A5C3410E46CD45DA0D5EBBF13CBB,SHA256=1BA31EDC18418B06CCFD3063208B13E02220993E35E0EBB091BF895AD4284137,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065650Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.924{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\test\test_tkinter\test_variables.pyMD5=F4912C9294A11CB34FB30B6AEE1185B7,SHA256=DEE7ED85C9F00E8B49507E59E3A0089D4B1234D6A5685FF3B5FC04B803828901,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065649Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.924{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\test\test_tkinter\test_text.pyMD5=0F42CA4F8F4358108796E68C819633CC,SHA256=D75BCD69A6FFC35DF80E6C6C48D29550E02873ABA89CC2AC16D1AD20C95BDE07,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065648Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.909{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\test\test_tkinter\test_simpledialog.pyMD5=FF9AFA2C0F704EBE4ECB7F6CDD0A5730,SHA256=A9843884AA73CAF8628DBC9E7F10827DC618CF23494F445918EF0E336679CC6E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065647Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.909{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\test\test_tkinter\test_misc.pyMD5=4B92478F27D58D705C525588FD9805F0,SHA256=14ECDAC5B5739FB509FB4E2D19951BC6723AB935E61FE75AB1AFC396C4381A35,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065646Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.909{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\test\test_tkinter\test_messagebox.pyMD5=F127E3EFBF4EB43055D80EEB3EBBB477,SHA256=BBCB7096321FDF0BEFAA8D0A4AE9021E630B8A2E6B13E53FA96FDC0E1114D324,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065645Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.909{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\test\test_tkinter\test_loadtk.pyMD5=81DB70FF98E58B43ECD2A479CD338798,SHA256=E027CE698B748232107A82782EE2139B29143E950FF9B2846157032489331AC8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065644Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.909{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\test\test_tkinter\test_images.pyMD5=FDDA8B387AB6FCD07738B95E26C549D4,SHA256=843C6B09EB52985B1D2E24F546106171A42B31B38C951165816C0FA3B8770323,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065643Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.909{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\test\test_tkinter\test_geometry_managers.pyMD5=A09CAA44BF284F83F95785DFF1A887AF,SHA256=D04138F0FDE6696C56E1BF1E0C88DD10E08C591952FF0727B0D6AAAB51F0A62D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065642Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.909{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\test\test_tkinter\test_font.pyMD5=245940066DA328C373262D9AE23B13E7,SHA256=256160C0744663E4C6951809C7A4815E5B9E5E2485D4E62552FE4D76DF4BB611,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065641Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.893{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\test\test_tkinter\test_colorchooser.pyMD5=A3F188C9227342798CEA9645904F65E6,SHA256=1800C82F417F415671F652D5F8B3D32FD7367A651FBEB6066E040B42660A55DF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065640Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.893{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\test\support.pyMD5=4FEF178258B0F28C4892BA16607651A2,SHA256=ABD54976CA70CCAC6B1CEF545815361C5BF914B00C89E79CEF15E8C0688312E7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065639Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.893{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\simpledialog.pyMD5=62F17EBDED75D772600164E67E863430,SHA256=9D8D289977C2C326AE924C948CF0784F58D57C9764F6C9E7E9E67CBBB80E4BCC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065638Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.893{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\scrolledtext.pyMD5=E224BF4CFB463DD451D65281A4EAAF5A,SHA256=022186757915906F5B36F2FC885A047AB0A2AF3C5B837C29FCF4649262F838AF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065637Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.893{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\messagebox.pyMD5=8A4C43D98A8D48A67F0A9BC45AA5EDE3,SHA256=57E037EAA580D6C4453C2E5FA907A23961385A656EAD1901B73281ADF8F5986E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065636Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.893{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\font.pyMD5=2DDD9B6837FD08A2FCE45648BAA026D0,SHA256=B9AA2DF909024B1F27CA46AFFE796C8F1771CF627B10494789D5FB808421D8FE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065635Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.890{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\filedialog.pyMD5=841C965EF062F4D93BB3E64F1530AA3A,SHA256=BD1E0A5590D322067F0D882E30FB5F47843A2F1AFF8BE9B43EE8EC67171DF1FC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065634Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.888{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\dnd.pyMD5=48B4B2C9011E36690F1E22B8CCDA3283,SHA256=EC28874FBDF05B2E53D8785BFD86579CE3A90D600A80AF4890E7D39DF4BEE90A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065633Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.885{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\dialog.pyMD5=E3698D26B0F03F16DFF027DFF3D54F94,SHA256=C3621732FDDDADF719B67355EBA80AB4968E554DA101C0199EC163BCE456B6D4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065632Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.870{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\constants.pyMD5=4F4541DBE0AB4056AB31EE6DD0FAC1C1,SHA256=0FFD883463F20255FBD458D8ABD15A6842190F2F5CC182416CB9A15FFB1E1052,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065631Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.870{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\commondialog.pyMD5=198F3C9C19FEBC50CDA065AB18847B4B,SHA256=E8509D9186A303CA8D950C231011584F5FBC01210A070C6ACBA33FC22297FC97,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065630Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.870{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tkinter\colorchooser.pyMD5=6D612973F1A0D9C71DE6924D8ECA1127,SHA256=C18048B86214C5C7A30115A89D1553F64C21455C2BFB6F08F8C88657777EB5BD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065629Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.870{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\timeit.pyMD5=C6203F7BB9ECE6B3D3289A2E9BE08D6C,SHA256=2632615C935A02D88636E5587955240CFD76D5DCCADC570719C3346E61D78182,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065628Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.870{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\threading.pyMD5=BA0D86132F5C487A75B98FA25D87C3AE,SHA256=F2B866B188DB092E67C1773D73D8F76EB4E8E4EE9B5B3A859C14379B8EB570D5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065627Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.870{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\this.pyMD5=92F4A7B0A22F593C8BDF429CAC3D4589,SHA256=5A89B1A1F22384960E69C554633A98558231F11A48260952EBFC21CA10F0625C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065626Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.854{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\textwrap.pyMD5=23A46648FFEC2BE524DEA36472771AFA,SHA256=288D890D5440F4536EA74E75284C89931ECEF9D74D9033E8E9FA772C78789623,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065625Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.854{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\__main__.pyMD5=4BE083B434FAAE16C65A41F056CB1DDF,SHA256=8FEE2D703E4AD62EC3B4E567981A076F369468CA38D7CE2A5448710FE1F17382,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065624Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.854{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\__init__.pyMD5=3D02598F327C3159A8BE45FD28DAAC9B,SHA256=B36AE7DA13E8CAFA693B64B57C6AFC4511DA2F9BBC10D0AC03667FCA0F288214,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065623Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.854{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\_typed_dict_helper.pyMD5=553C6CAF8ED875B0AF1042252625093D,SHA256=74F741841F812FF259D51DF8FDB277A353CEE6E03CC51689D54DAC3BE351F8DC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065622Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.838{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\_test_multiprocessing.pyMD5=B226F9636FF943828A7B62722A8413FA,SHA256=E87952670A592C224DCCA3300C5098E82BB6072BB941E3B0D098780C76371CC7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065621Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.838{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\_test_embed_set_config.pyMD5=86E803E12647109A2669A917E4D06ABA,SHA256=1495E9AAF037AFC1B5AA090F761B4124399C1221F5BA6833DBCBAE609ECF5335,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065620Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.838{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\_test_eintr.pyMD5=CDF9AFDA6627A201819889C985B9C061,SHA256=E7B2C6268BDEF5EFD1AF8F69B26B2F4D42AD0D3DEBCC760DF4A60D6E3AD76087,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065619Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.838{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\_test_atexit.pyMD5=4E15155129B504E325210A11A9750855,SHA256=A1B1BE277E44D760DA2E71358773F51621F1AC81C4094A67FAD2E81B41EFA136,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065618Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.838{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\zip_cp437_header.zipMD5=49D252C0799A7224243ED37347473E94,SHA256=E2CDB56FEBB5106607BF5F9B92B2B7A9516814E7650139CFE46F6B36BFCFA327,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065617Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.823{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\ziptestdata\testdata_module_inside_zip.pyMD5=22655D2EEBED68BA9C401ED7CC45F617,SHA256=F5FD528216ED76DDE2DE1B235A3CA6E31B84DF4DF6B9F0C0A5338161382F8951,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065616Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.823{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\zipdir.zipMD5=CAFB05D8C8640330D6405FDE07E3A6C0,SHA256=19CB87050B0FB410DA3B88DF752C2E1BDAEEC77AC052B04FEBEF31A68823CFCB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065615Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.823{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\xmltests.pyMD5=E92F248306CA018C14B1D6AC35DA1CBE,SHA256=7CBC982AE48A2C04FC4744EB1F1945E74430E227361FA949EA5740890AD58D05,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065614Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.823{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\xmltestdata\c14n-20\world.txt2022-01-17 14:25:12.000 23542300x800000000000000065613Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.823{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\xmltestdata\c14n-20\world.txtMD5=7D793037A0760186574B0282F2F435E7,SHA256=486EA46224D1BB4FB680F34F7C9AD96A8F24EC88BE73EA8E5A6C65260E9CB8A7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065612Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.807{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\win_console_handler.pyMD5=D29AC53A92A553A789C812FDDE79F5F9,SHA256=C61A9BD1A909AC12252FA53AD032FFF3506B9F08F6151FAB8AC670851AA5BC9C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065611Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.769{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\tracedmodules\__init__.pyMD5=E8210ADD754B9EEF271ADF9B115D7B10,SHA256=0F99F12A7ED87BB2787C247F360EE2FEBCD6077738179A31E631881C6010D50B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065610Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.769{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\tracedmodules\testmod.pyMD5=4BEFC036F48A725B2DA5FC0062E80A73,SHA256=54F28FFDB62AE3E792FAE4C3347974173E2FF2CA9F1345DE7BFFDDC12209EF79,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065609Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.769{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\tokenize_tests.txt2022-01-17 14:25:12.000 23542300x800000000000000065608Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.769{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\tokenize_tests.txtMD5=52FFABE38CF008B2C5821EDC45C326F2,SHA256=15F3EEC6D2BD365DAA8224C5BA9A6DBEF00D8EF1CE5F2D8FF60A057492EDA4E0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065607Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.769{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\tokenize_tests-utf8-coding-cookie-and-utf8-bom-sig.txt2022-01-17 14:25:12.000 23542300x800000000000000065606Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.754{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\tokenize_tests-utf8-coding-cookie-and-utf8-bom-sig.txtMD5=8FA2BD60E630510363DEAEAB1995BE8B,SHA256=0A8C335C24E07D747D8658C5441AA0BDC0A41C4ED7690F083AB7CBE3817EFEE8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065605Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.754{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\tokenize_tests-utf8-coding-cookie-and-no-utf8-bom-sig.txt2022-01-17 14:25:12.000 23542300x800000000000000065604Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.754{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\tokenize_tests-utf8-coding-cookie-and-no-utf8-bom-sig.txtMD5=D32A6B30BE39AB7165B79E8FF28F8353,SHA256=CFF7678394E58518901EBD65C066AC988666BFAF3152A0264DB014A79F6EB609,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065603Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.754{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\tokenize_tests-no-coding-cookie-and-utf8-bom-sig-only.txt2022-01-17 14:25:12.000 23542300x800000000000000065602Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.754{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\tokenize_tests-no-coding-cookie-and-utf8-bom-sig-only.txtMD5=72F0C10353850C92FD5460153F7C2688,SHA256=B8CAA98AECFD4114BB31818D9AB55E2F067899BAE8C493D49D0C0A5507298455,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065601Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.754{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\tokenize_tests-latin1-coding-cookie-and-utf8-bom-sig.txt2022-01-17 14:25:12.000 23542300x800000000000000065600Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.754{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\tokenize_tests-latin1-coding-cookie-and-utf8-bom-sig.txtMD5=2D393339C41B997146938349AD906374,SHA256=DA6136F1F6D227E30B9D741B059AB7E44BF78E5A851C8A37BD7F9904E5063756,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065599Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.754{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\time_hashlib.pyMD5=56437BF2F7B280079F81C1FF1638CE46,SHA256=2F15150A98A5584EDFCD6E52A491FF3097C84D502A90B6C3021889E31B2D5EBF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065598Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.738{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\tf_inherit_check.pyMD5=E496C730296D9B57AF9648AD245D7F20,SHA256=CFF586174109F4901052BFFE80F102EFE1703A8E4AD9E082B8DA26A7F893CB79,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065597Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.738{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test___future__.pyMD5=C95F394828AC73A521E5EFD5869DF428,SHA256=7BB2517BCFE3B936B34B001E3E8089B9926A36503E0461FAEA970A44679151FE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065596Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.738{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test___all__.pyMD5=38B93F44152C9D53E6BFCE5E4C7D4D23,SHA256=C2D7DD4FE2DD59DE1BFA0985F53C3434AD9F300D245F752E884F4ACCB75DAB03,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065595Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.738{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test__xxsubinterpreters.pyMD5=3A4C6E44D80195C92D2077194B9858A6,SHA256=F4349880CDDF7583E3DBD69D788899C8930ED34C9E4D405AD591377702B278C6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065594Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.722{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test__osx_support.pyMD5=9C1072E48D1671B20539A5FE278D836D,SHA256=FE7205C0EDD11AE5733AAD4BF7EAAF412D7CE06D2470F25739791B6F1D2F7C27,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065593Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.722{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test__opcode.pyMD5=105794BC35B652CBB7179C7E0C34A4A6,SHA256=4F805D6FD472FDFAEB299C391001F842BDE3D2C86B401C35B41D0F4EA8DA86FB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065592Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.722{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test__locale.pyMD5=6D8DEE2E4A869511D487DA2F8C6F5498,SHA256=CDD0A1A7105F40678793AE37B7CD40F9690AA33606FEE6994FACE92638B98056,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065591Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.722{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_zoneinfo\__main__.pyMD5=23B8DD1E1E2313F1E500AF1F74EC5FE3,SHA256=B6943037914CE89195847B23F031C20AAEB1CF9BE5DF1C8C83F1F1448C146472,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065590Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.707{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_zoneinfo\__init__.pyMD5=062D96E920E7CFE24C451941AEC825EB,SHA256=CA92D8348699932984D6238999EF67C1503FAEFB540840C94638F7FA83FBB1EC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065589Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.707{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_zoneinfo\_support.pyMD5=268581CEF14658F6B02E9DD09719E1D9,SHA256=295F1037679095A721EC3F15BF4F01C3C2041798B0FD41A3391F8B6E76E56D0F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065588Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.707{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_zoneinfo\test_zoneinfo.pyMD5=01C4E5FE9B68FF2861D3D0C03407A795,SHA256=D768276076E1FF19206280A1D6BF1CCB7D2ACF254A690C4A10A59B5B83DE2AA9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065587Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.707{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_zoneinfo\data\update_test_data.pyMD5=EAE20040CF397E3A961C5A0169CAFEE8,SHA256=F8EC807F599342F8FB5FD3F3131AAE2B8FB855F6A30938620ED0506676EF363D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065586Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.707{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_zlib.pyMD5=858CF0C39FF760C474E959DE24F8CC8B,SHA256=59CA85B8114C86CEA28EF15753ED8BF33E9743F2E29FD2D591EFD94B5CF4E998,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065585Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.707{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_zipimport_support.pyMD5=D687ACFDF31298EDB3999F7C08B86DF6,SHA256=601BE612D0B8E80BF3818257301CF51F21CDFA693B5A626794A0B4C035A7A92A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065584Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.691{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_zipimport.pyMD5=FEABF03A9D32FC077B192222CC7CADD1,SHA256=32540E651A32853A483A625317925F155F017F7E701F7E89E4D3BD2753BE03C5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065583Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.691{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_zipfile64.pyMD5=AADCDBCDAD1CD99D757AC64ECEB7164E,SHA256=B729C999D59E02EA5AD688FE313A92465C73C9438845F3016E612A2D7987DD1C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065582Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.686{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190426-060711-00000003-ffffffff.binMD5=C2781416640C1AA2C38522A5552B1CC4,SHA256=D52ADB6DE06A0B4E7DA588A10C149475E342A3AAFEAC6D4ED5746FA90C0E4BA9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065581Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.669{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_zipfile.pyMD5=B6FA1393BBB8C01F62F0668BCF4278FC,SHA256=1D4B6D9190D3BDA80E733E04E6910485BF9D21FE7D3F537BE9D1248100AAD1DD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065580Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.669{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_zipapp.pyMD5=AE6DB6C6EE882ABA23DBBF6D64FEDC02,SHA256=997601E7ED88A87A85C389C12449BB61FCEE003B8216455963837E8666A2553B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065579Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.669{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_yield_from.pyMD5=96B19A00558F42745CC3E4F71026ECDA,SHA256=BB763FAC00EE7D54E40A204EF4DEB3E6426A12D5992D3E769FE7199A559B7EF8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065578Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.654{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_xxtestfuzz.pyMD5=A1950F4A0F4961882982A735F8A89261,SHA256=724CB084529CB7DEA5EEEFB5EA7D68255537B6AD6E69B3A9F83C05428FAD1709,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065577Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.654{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_xxlimited.pyMD5=306E5C556E7CD3BACF7041DB3D7950E8,SHA256=1F57AF17ED436CBF80A2CE18E8F7A6C00CFCED41D1A4F10C47C032B35829AC50,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065576Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.654{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_xml_etree_c.pyMD5=AE8FFF3286A40A2DE06CB5C92DE16C7A,SHA256=C79D611CBE7440F41E99F5C452C25212E4F45DFE6F704F2B59237C70A28AE067,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065575Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.654{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_xml_etree.pyMD5=F9FA0116FF6E5007F55362530DC97254,SHA256=BCF7DF94A3D9A4E2F3DF213E3263CE9F161E6ED99F468097327F06951DC2391F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065574Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.638{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_xml_dom_minicompat.pyMD5=6C671CD87EAF95E54589F7D905F19226,SHA256=4F7ED42C2FE38B512450743A1FAAAA2BA3EA08A8A1E24BCD064A6CCE5D3CA550,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065573Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.638{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_xmlrpc_net.pyMD5=CDBB76822A5AA816478B0D08FCF94AA0,SHA256=D4DE925A4A1A569FD61612CDCBD149876881B8EDEE7D34191483D80CB129A127,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065572Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.638{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_xmlrpc.pyMD5=BD9410004334F64303C546C0FC97A032,SHA256=2E9ED6270FAAF9E9087CBC8E7C682F52AFF74B2A6B3EA3670E27614EA65BAAB4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065571Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.638{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_xdrlib.pyMD5=1C93BDD201A072134C4AC540471526E6,SHA256=338727ACFF79F9D5DF4F46B47828758930AA0C5FC847D31228AD97BC924D8B1F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065570Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.623{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_wsgiref.pyMD5=5495BD610D975B09851178A075BD7B36,SHA256=BFACAB53B4339BE4165FF985ADB487D9721637BF3EFBE2D898A284C79CF3EA80,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065569Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.623{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_with.pyMD5=2BA8D647CE73B71DD804446E828575A7,SHA256=17141BA5BAB491EB2304BA8935D2ED281129B0DB7660E92986940F7B9E3483E4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065568Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.623{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_winsound.pyMD5=F06F3ED1546ADA1AE143DADB88448707,SHA256=BAC10A1979E3937558BE53236614627EFBFE9D1055ADB9B06D417FF768D1F32F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065567Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.623{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_winreg.pyMD5=1BE767C1B58EAD6E628B6A31A9E0F6C6,SHA256=9865D7047389DABF28AA4B621D8D15378B2C54DF89DC341F15B7AED864BD4EEE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065566Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.607{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_winconsoleio.pyMD5=94B6353B3436913A89A382158B2CB134,SHA256=FBCC52ADAB2E722D29EBBE9CF19098C408FE7764AA7AB88362C5E611FC732A52,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065565Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.607{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_webbrowser.pyMD5=D9F9A95F68C03172AA287DC87AE0ED6E,SHA256=4021241BF94332CEE626B31806E213C8F725418CE92486DD296DC460685BC907,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065564Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.607{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_weakset.pyMD5=10A35E720CFD375CDF74DB5935AA09FC,SHA256=60A1E81356188C67349FED24C1B1C473D1CDA280B78385DAEFA003C84F180DC7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065563Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.607{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_weakref.pyMD5=BE222D255F1B415DB10A929B67D5FE57,SHA256=A8563D62723E3375774DD605C0101352836DC1350CB9EC364B3426C31057B58D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065562Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.591{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_wave.pyMD5=A27E9D86DC37305967673C1067DE4F8B,SHA256=934100FED5759421266F479E79C94E4AA9AE8D18DD140E201FA479027FED4AF3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065561Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.591{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_warnings\__main__.pyMD5=FB272CE702DD000A8F7545E5C273319D,SHA256=DA045DC297BD06CB381D4E3A035D3C0D2BFE77E900398DB25B42DA2B9F74D815,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065560Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.588{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_warnings\__init__.pyMD5=D8F11572A3A9BC04F6498506689FDE9E,SHA256=BF03061398222D08952BD8F05096F5622D80CAA3923836BE6E24D88642CA6AD4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065559Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.569{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_warnings\data\stacklevel.pyMD5=69842A4E385A447082BD987864022ECE,SHA256=D9C5F36A3D08B5C38F84B73F3FECB262C23929D8CCE03B118E4039FA2A6D5A4D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065558Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.569{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_warnings\data\import_warning.pyMD5=CBC563A0318086A3613C09978FA9C64B,SHA256=5A165D76248BB995A8C79C73C4664926F83487C8614BC3F000D58A83608F72B0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065557Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.569{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_wait4.pyMD5=B9250C749A78A267C6F254AE1C9F2F44,SHA256=147D7EA3E6A88DBC38C8F84DB9EDC17243FC1CA2B94B1201646B1B8043264E91,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065556Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.553{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_wait3.pyMD5=99F93DD904D7240341572258DCD13189,SHA256=73B36280C6BF87967EFFC99B741B325C075AF591715FCB1EECFF24E71A86365A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065555Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.553{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_venv.pyMD5=2811773F35F0AD039FFA8E6CC2946A6E,SHA256=30219999655D334C8F9F42D15D9D9D60E75D8933890D31BFE7822653F382476F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065554Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.553{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_uuid.pyMD5=6D62D92C0C37D8782190C157A3571685,SHA256=B7CADA9484CF0C00B23FB19AD3E13F6C61FC14E6922EFFDC2088BAB627338BED,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065553Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.553{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_uu.pyMD5=58550E4EC17FBE92B1C6F20A24D2054F,SHA256=7644A0C97B5CD4231D6ED9597844FD4D9514A7CA85EE190A2566FA8378164831,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065552Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.538{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_utf8_mode.pyMD5=13F7B23876C4BDB98F82D06C6CFDBFD4,SHA256=B9A0B9B39D6B55438D1D80349453A5C748AFBD3F5B68CBDEBE78DB3A265D8428,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065551Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.538{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_utf8source.pyMD5=9364BE1B5DE90B7932C1AD8E84F30877,SHA256=9A2697B66E9CE7BD9EA3397838152F0AE8F5DD10A6270153970493980CEE84B5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065550Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.538{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_userstring.pyMD5=7E66318EC88E4B4FCA59363722E2BE37,SHA256=4B224518D8D77581CBAD615C3961CE5CD71B3FB684D91CB63DB16F2CD1E6E2D4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065549Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.538{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_userlist.pyMD5=8BF0F6B72039327236809D140FE2C2E7,SHA256=E72D4DE50BA3F8C3EE5B45183BDDF304C5AA74593776E33BBB8301D9D0C2DB84,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065548Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.538{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_userdict.pyMD5=EF48544E2F1DE6456B4D64273A801ABE,SHA256=F2C2E07217CF5228493AEAA51709684B24A0051B74D049E53CD292CC15F45DB3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065547Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.522{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_urlparse.pyMD5=68452DD00140EF971145B07F9248DE52,SHA256=6FC14011099FC36ADF5F0B51A2CB6AD661CF56F6772730E14FAF3440D2F5DB4E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065546Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.522{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_urllib_response.pyMD5=EB2DFD71A4BE2609A9C0436A110D9D05,SHA256=9C6C16EE0FA2101FE550848E5A16977A22294B209E6FDF10D89D9062B5ADFD1B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065545Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.522{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_urllibnet.pyMD5=6C5FA95E4DA338AB05DF259AB764F27A,SHA256=5BEE0E0275E127E2522E3CBDB03D86BD3B78EE6F17DBC1D0DF9C590B33C32819,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065544Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.522{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_urllib2_localnet.pyMD5=9D0C8B602B17BA5C544E024582886022,SHA256=4146936A638F05AA02B48A54D764902629102563078EA09E9E17E00ABF2EEE88,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065543Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.506{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_urllib2net.pyMD5=42345D78F29252445A74AC6DD16B3BB4,SHA256=6989A1F30861911FBFEE0197086E3A7CBFD6191B4921267A53BC83910FCDF297,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065542Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.506{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_urllib2.pyMD5=2081658205BC90FA0EFEDD0ADCE1B2CE,SHA256=4DF401F4EFB81C2C9DBCC26C58E07333CE30ECE5005A18CD420D687F29D42632,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065541Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.506{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_urllib.pyMD5=216548700E88B51147BC73BA9CBD812F,SHA256=BA23A7D867000B5C6FC22414CE69FEACD005E5F7C4F30BE4F037F7143C54843C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065540Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.506{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_unparse.pyMD5=74B572AD1487B2B78A2660B1DF986BBA,SHA256=6A587DD9330E589111E338CB5E3B1F1F8860D5F11D540990CA54912FB1BB20F9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065539Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.491{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_unpack_ex.pyMD5=3D0036B8F0E8806DA7C28EA078EF48D8,SHA256=FF57D90B59296F58E30246E6BEC9247AC3F4230AEFA31AAC1B1DC0EBF36FDAC0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065538Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.488{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_unpack.pyMD5=C873D7C0D380CDC300722A8FE36F4B94,SHA256=48D4D727A34B54195264E2A90937422E54D27A108C10ABCA4C711B1BC494E17B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065537Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.486{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_univnewlines.pyMD5=779E797D6682FCF1C36C818140C9E578,SHA256=4F42781783CDED3234DEEA66C2B50AF347C5D9B62AA84D95A7AA3506F1029B79,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065536Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.469{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_unittest.pyMD5=622F6D7806E69083927A6D1678A1D016,SHA256=C25423C3353066179B0F572DF3EC7AEE92593D5F4DC26F492935AF104C5176A6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065535Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.469{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_unicode_identifiers.pyMD5=3E07632186CF9EAEE575D1306E8E4E8D,SHA256=F49AD445AB0B76D8AC5D174D0AFD6360E7F4FE81E4DBDDD07FAB2897AB17DA60,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065534Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.469{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_unicode_file_functions.pyMD5=B5149CEE686A195D04FAB61F822B6058,SHA256=4F2E02482B0595AF45C23D39F36451145F612F990E67733A14945C32B4B006FC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065533Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.469{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_unicode_file.pyMD5=7537F0AC776A342F866395A8A975CCAA,SHA256=2D1B91441299748AD2E2CA5BFFDE3AB76DCE2C9856AF3A1C895F50EC31E13B4D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065532Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.453{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_unicodedata.pyMD5=86B3F601FF97CFCC27974C79A984A125,SHA256=0F405B8D907E358E19CE15E74F5C7B70EA2726EC2C3094D8D7EBD97AA0363840,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065531Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.453{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_unicode.pyMD5=A43616CD4D1C658A1AA7C376C98F6A29,SHA256=A8075C057A9663B0A92168E5DCAF09F8D58B59BB4FE5D39D1CEE3719A41C5794,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065530Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.453{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_unary.pyMD5=762FEB97D12569ECBFD74301052C2326,SHA256=3CC384C4CFC15FCAAD8A4C6B5E207F13B9B68CAAAC83ECC466D9B65D32029285,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065529Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.453{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_ucn.pyMD5=76FA97356E8A0C98C99E1261604FDD25,SHA256=7C475EC18019221AC654976895EC76CEB5596F2890CBEE518053C76A9AF5743F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065528Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.453{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_typing.pyMD5=B8E8E3CFF5B1A6AFC9228E1E31A60ED3,SHA256=AD3E503668156A49B7D974D9BC20C2C8F160DFD97E10F3B66CC4F49C744643A0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065527Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.439{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_type_comments.pyMD5=01B620C6C1D380B92CE8A1C2293F756B,SHA256=3FB3219D5D9496575D4358C35D27DAA82BBAA04726DE561E8AA237787C3A35C9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065526Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.439{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_type_annotations.pyMD5=55F1BACB4C124ACE892F0661B995C937,SHA256=FBFA4F9E3782D05C4D02BCD181707734D37CB8EA2AB3A5F5D64CE6B678881CF5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065525Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.439{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_types.pyMD5=8C0DE5EDCD7AC07D6D8CC06741C8E303,SHA256=4812028ABFB2A0E742A72F80216CBD4600C3FFF3AC10DF804A7B48B172C8D05C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065524Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.422{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_typechecks.pyMD5=964F4747247326136D1E58468ECBDDA5,SHA256=DC9145D4321FF4AE999AD247B31F7D374DAE076BEA8670057C5D0C87CB319393,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065523Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.422{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_turtle.pyMD5=29614A0433C3BE6B3E5A5F60C3571225,SHA256=091F5E441EF68A83CCC3E04FC167A1482781FC047D973D5A07B5096FF46B08A5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065522Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.422{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_tuple.pyMD5=ADCEADECF4755D050A7E9BD16D716E7D,SHA256=D9970E4EFBCA7B9105A652AA4533ACE658EE2A9D13FD64472E72FD27072CD7CA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065521Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.422{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_ttk_textonly.pyMD5=0FFD6F82228FB1BBC6988C7A430C2BEB,SHA256=72B0E4DA9D2070915D4EBAC081F0AE293ED2D94F0B7E0320BD6E65836C7B466D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065520Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.406{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_ttk_guionly.pyMD5=333DE58AAFAC30EAC98FC2CEE4DC379F,SHA256=1AF7C5E932A79BC0F09FEF5EE4FEC2C79734F13DA588FCE638464BEF630FFAEF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065519Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.406{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_tracemalloc.pyMD5=CC8DAB1EC897FB8CB6CAE6A6D8984273,SHA256=A77603CBF81C8EBDC15600A4434F1AA27E8972D1084E5BDC27FDCDC4D4F00EE5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065518Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.406{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_traceback.pyMD5=7BF2B468A4C4DDE2C6551B303916E537,SHA256=7CF8F1CAE0F2BD6E9C7AB1D43BCB366FD3ECCFEF4611CC2082536D2B07DF9F47,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065517Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.391{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_trace.pyMD5=0D1066F0C5F60EDF86693F50F08C4EC1,SHA256=42712D37E2FB5FFAA9CAFF1B9609AE93FB25AC3AEB022489CBAD805E7FE17157,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065516Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.391{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_tools\__main__.pyMD5=19DBDE17BE8B361DA1BF34EB637FDD6C,SHA256=1F65F6804F76A8234AA83E092B8A20DABA30884CC4BE3132D58FD3CC75A9167D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065515Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.391{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_tools\__init__.pyMD5=E33BED96FDF18A0F0E258C25C80CE4AA,SHA256=46E5347DBDFC3B8B3411AEA667DC1D6BAEF6CD1DB958618A45EE7D960CDC97F7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065514Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.391{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_tools\test_sundry.pyMD5=044E5250DF07F68C13C97A639EB43900,SHA256=AC8201EAAEE95436A8D04E542729DD9080F3DC1E20E7A3733BDBC6BE639BBC37,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065513Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.388{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_tools\test_reindent.pyMD5=E49D8BD7BF5101E35363894E3B91BE91,SHA256=77ECA1E64ED6794AF5CFCB5EF385F44B8E78F71399B30EEEAB1741D4488A788F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065512Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.385{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_tools\test_pindent.pyMD5=40BA55BCE8F8DE15ACF2F5C5A1E6A175,SHA256=B6D832A6AAB7F5BC79E22482DA528B1E89CD02972BE3A8B84861820257CA77C6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065511Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.368{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_tools\test_pdeps.pyMD5=6F465383B98D8B5E2988D4BEFC0FF24A,SHA256=B4A96C8280ADEFD722955251724D4C9A3C03DB20BF9018FFA8A65598539EAFE2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065510Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.368{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_tools\test_pathfix.pyMD5=DB4C53E867C3E3BEE7A06D34AE8DF9C9,SHA256=34BDFA4B93855625160B2B48D7125967780A35AED3CEE93B030B79319451783F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065509Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.368{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_tools\test_md5sum.pyMD5=43C5877FFE2470C455FED35FAB7CDFC2,SHA256=6A67C441C8BB7D227E05CA88D5F901541B58775181B315B87EB75739E6FF5925,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065508Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.368{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_tools\test_lll.pyMD5=4FAB3A7440B5D70889D26BD393744959,SHA256=05A98E8968DC466BBA96F1403D8E67CCC9DAEE5563A409614F9BB3DEEC2089F6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065507Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.368{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_tools\test_i18n.pyMD5=173D56B8069744303C68764AC2A41BA7,SHA256=D508CAE92AE78F9A7528266FD85393AFA1322D34980D078C5C03154DF3F665F2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065506Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.353{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_tools\test_gprof2html.pyMD5=69A9A1CE110F5240A4F519F12183B4BD,SHA256=9BF63D46BCC85F1C5A20CAFD02D09566226B10EBC1B4B3984573134187C32058,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065505Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.353{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_tools\test_fixcid.pyMD5=4A9A573464A455FD79D03F37AEF69AAC,SHA256=00A3FD72345E3E90B9CE737C80A3EB2CF03EDD487B6CED999D72437F6C6256CF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065504Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.353{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_tokenize.pyMD5=4B6758D7F37451BE86BDE84DD1415FB1,SHA256=AE5CBC35B0582E1B2A913B1DC894C15CF05830DDECB213FFBD370A0CDB554E76,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065503Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.353{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_tk.pyMD5=BA830D47BFAD797EF143C3C7A866443E,SHA256=A6EDB9A9930059BE3534EBFD3756FDEE036D9EE5769A61B5FC12C56B3DC494CA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065502Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.337{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_tix.pyMD5=2E2A9EDBB8253E7E626D12B00FBE4E9C,SHA256=819806214486E79E2024CF3AECD10908663899738480520231AE0900AC413964,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065501Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.337{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_timeout.pyMD5=BA2D478D8E250BF617EBFD80E4D39A6D,SHA256=8CC7003CC81284170645DF37DA8243D090C60E81DF64957CD903691C81230FEF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065500Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.337{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_timeit.pyMD5=6883FE853BE1BDECD111E6A9F05E302D,SHA256=DB71F439873011780AA91AF6A0A4A9DCCBBE559B2D4F9C1A1559380CA0FFF411,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065499Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.322{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_time.pyMD5=7C07686CBA95E8209D42612177C84B58,SHA256=F34D60419DBF7E69BD88EDCCDA48F5DE4B35FA32CC50B009E9251BE5130A629D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065498Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.322{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_threadsignals.pyMD5=890E36C763053381C9D2906A280FE73F,SHA256=97B4B74CEC535A6738BD0637C36C7C634F6A6A1593B3FA59360974FE7FAE0628,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065497Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.306{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_threading_local.pyMD5=5016E48F6EE31D3B0F62DCE2194996FD,SHA256=AE691D827EEBA214550464A72C7C29D0C911640BBA4A2440DFBD265BD3AF2CA4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065496Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.306{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_threading.pyMD5=F09404122A78CBE010D9D2D5045A5371,SHA256=41BB6F413C2CFD15596342DABE4358D2A92B969F428300CF793B40E31B8D7052,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065495Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.306{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_threadedtempfile.pyMD5=21FD07EC4E923DEBFBB4FDC54200E942,SHA256=2BD52BA8CFD521EC12890FCA610A49C42A1B60F73531E46C9663728CB195FA73,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065494Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.306{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_thread.pyMD5=970542703353DE1FD3A9480B82AF5FD7,SHA256=D6BB6A051EC28695AF11DDD7F380200F59637A01DF6B18B0DB2D38ACA6356BDE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065493Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.306{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_textwrap.pyMD5=D7EABAC44CC17479E6E0BD7AD8CAF1DB,SHA256=653CF85476360D821FB85FB80613A974D0CDEFD48205D887963FFE1CE2AEE269,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065492Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.290{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_tempfile.pyMD5=6B3C3649F8E837E27279A695C0179469,SHA256=5B75109EB14F01A64F2ED2B49692D888FB16650DD836B4CBDA4968C720BDE7CE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065491Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.290{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_telnetlib.pyMD5=53565BBFC76C20B8FC89A1AE46EAAE93,SHA256=C2E60124F55DAF36AB501EEFB354425E7E16545ADBA89907707BF0717A4653AA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065490Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.290{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_tcl.pyMD5=ABA7A9AE87ADFF15601AF64541FB5FC0,SHA256=424222610CEF8E9F0087BB505675D8878657DF5D014348D38CED9B905374C69C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065489Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.287{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_tarfile.pyMD5=66E3CA1D08921D57D3CED62D1538AD06,SHA256=C25323E2A2CE52EF0CCFD72B9FA55F58364447AF6D1C71F64C759CBF90AA44C8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065488Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.268{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_tabnanny.pyMD5=B084B69AB8FE7BA112CDBE64813325D8,SHA256=2EBEFDE74D2CC72C430F60E27384906BA3736BF20EC0250382540599225D15D0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065487Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.268{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_sys_settrace.pyMD5=BBA142F94CE2A2BF2E323A1BC4E96328,SHA256=540324B8F762BC66808AF8556F8F6910ED13EBAFF29E1F518FB14808A1DA5517,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065486Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.268{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_sys_setprofile.pyMD5=4D815BA551C7359E907309163BB19FC5,SHA256=5A45D2D6A2E007A764BE4686627D4D59411D10EC6EE2477E71F6F03B387C40F2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065485Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.268{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_syslog.pyMD5=38FDA52A55A5D2D1B005821ACD27466A,SHA256=6BEE66421414DFB6FF4DC3C666F09A315D6B5E7AF6DEBB381720965F46A9DC48,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065484Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.252{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_sysconfig.pyMD5=0E90FEAF79A3C8C2C16292F6729E0843,SHA256=EC3FDF2C5E568E870F3455390A37CED59BD614F72E4CFD311860B48F62F1992E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065483Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.252{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_sys.pyMD5=0ACF0BD1A179C1F7CBA5D452DE419798,SHA256=E9C2F50EF21A974AA9E876EBB6C5BA39EADCD0A0C87C245B6AB3FCED2C55C2A2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065482Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.252{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_syntax.pyMD5=620153854780F7F8B1A332AAA32D6DFB,SHA256=0C34A966B2EF3B94F8777AB63B502A5281A6FFB086BD949ECE50D60838B2374C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065481Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.252{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_symtable.pyMD5=5BC8216B0F1608341DDC7D9C7DDDA730,SHA256=45FD418591BE8DC6D9B2DC7E7E103A6A5804B45362C99B492AA45E1E02D857B2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065480Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.252{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_support.pyMD5=2CE07E9AFEAD52EB13CE9D38AA18D87B,SHA256=0F086F06188F7EA269C9A9AF8F35139D348263B95837AF657B19C482F570B663,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065479Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.237{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_super.pyMD5=4FDB0E043D65A7918D3449A1328C67E4,SHA256=B31D2E2F9FC51256D705B23AA09C676E18ABF4701FC3E61C621FAA3AD5B78BB8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065478Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.237{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_sundry.pyMD5=1DA0660A2E97DBA9C0D4C5ECAB779E23,SHA256=89D4AE76FACA3BB7ED8B54C40BC45CE767584768222C7A0307210E1D46641386,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065477Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.237{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_sunau.pyMD5=7527D0459EB1D849C7EDB5A21EDCBABD,SHA256=0570C34F8ABEA204D8585ABF7AE85DA5B69ED94B5B983EA56189881810B28164,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065476Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.237{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_subprocess.pyMD5=C4F8C5277FA7327BE0369440ADA6BD4A,SHA256=BCCB76B4CB0A5074659F005C00C1216DBC298CC3B3FABD7757C7CFE7CF9747D0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065475Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.221{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_subclassinit.pyMD5=02A1C3499E2ED4496876DEC74B219DBE,SHA256=51C145BB1AD58D6330ECCF58FE27FD203B3DF27C86E5D354A40BD1EC3D4A867A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065474Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.221{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_structseq.pyMD5=8654C8F2E05EEDEED2C802BBA4D58015,SHA256=A57717470F06E9BF60F538B850D65DFF2FE5E5ABD5045210E9CCF3798ECDC03E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065473Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.221{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_structmembers.pyMD5=9AADDFE1A91C0CC61943E821203E1901,SHA256=F78584C7609F868E53E48DD4EBB58B11D99C3DEEB91CDAACF38DFF6E0AF31D08,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065472Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.221{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_struct.pyMD5=7553BE446A8BC4E215F59C7D281C7073,SHA256=03AED581677C9DF227C77EC25C59833EFBA170CA3800EE9234D0500B9926A247,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065471Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.206{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_strtod.pyMD5=34CE572DA4085F5A87B5D1CD8AA8038D,SHA256=7F13C79789DB518EC584FDBA4C56EFF4B045037D19CE5D48B3D29DA894B725C8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065470Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.206{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190426-060442-00000003-ffffffff.binMD5=25C5BCB5176638FF7B8321BB87F6DD67,SHA256=6C9B56655AEA7C8FEB6D108714368DA0785F285D3AA7969886502ED206F52AB8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065469Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.206{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_strptime.pyMD5=82349ECA1CF3D436E24BC98CAE6673E8,SHA256=BB3CA448B2AE230098F99D03AA3246E0169F6FF12A552128D4431061C4E8B761,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065468Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.206{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_string_literals.pyMD5=95464212FE3000EEDC5AC77320779C3A,SHA256=0E35C67D0E2B2F603CC2AAF975E59F3B74D33F97A21067887429F63BE676DECE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065467Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.206{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_stringprep.pyMD5=380B5E34E3853D1B194778A375FB4071,SHA256=D1070DC9A44988DA8EE1D4C6DED439DC8A3F818239313C8B11389684A52F83DE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065466Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.190{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_string.pyMD5=04B54544A757B9E6B422FC6D2B67D9A9,SHA256=2B7CADB401A233793C02BC224038F63107381F0BA911EF85D496844521D5EF1A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065465Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.190{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_strftime.pyMD5=1147F1CE8991A937E8F63C1B63F9C6DC,SHA256=61438CA52EBBCB39F46F110DCA41FF71C13EBC876EC9885A67B787CF65237F0D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065464Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.190{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_statistics.pyMD5=A4B83B81F001DC4132AE1BF0C6507A4F,SHA256=8715792116027D87800AD2D75F7EA4FBB5C62749CFCD0B231294743BB2C3B256,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065463Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.190{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_stat.pyMD5=44CA9DDF4241733AA5A9618715F99254,SHA256=438093D2C97DCBF236EE0B88DC2F96B57089448BED6EFA85605A1584BB82E852,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065462Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.190{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_startfile.pyMD5=5E8BB8C2AAD19877BE9B0B8A5FFCB0E6,SHA256=20F26B85721EB028623836F9C91574E8E2A55EACD6DF8A565F5BDBB4F1DBBF9A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065461Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.188{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_ssl.pyMD5=30DDD59F0D897AA156D4D0CD82AC5E6D,SHA256=F221B16579419EF7BF1AE5C5DC3961CCCC5A933274901E8C0AB17E7CCB866BA5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065460Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.168{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_sqlite.pyMD5=3A4D3BFC1D6B9014F8F3EA738AF73E29,SHA256=32EC88A6D141FCE62D7FF1C3F5578B9C12A4C53C54EC55592A848D2D11F1D16C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065459Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.168{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_spwd.pyMD5=A50D4AC3ADBA3E57667BFCA61100AF17,SHA256=E16D3E34B08549CDC5C54D535823F8BFEBFFB312FB5064EE20406089A2B68F11,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065458Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.168{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_source_encoding.pyMD5=35A3402DE403FC6EF3880D7105148010,SHA256=559AF8992F8901F8857EC89E92772F743F0B5F71402D2EDE30BF8DD6A72AE264,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065457Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.168{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_sort.pyMD5=85D5E54DA67863AEA474ED0EF4F80E68,SHA256=69ADE0574E1930CBBF3B236DA8DECD8BC2A90496AF3207D287CE63EC1D39F896,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065456Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.168{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_socketserver.pyMD5=BF3B6C4B30AA98DD2F232D33E34C7D5B,SHA256=38135384774F032CAB2E594224584BB40AB9BDFA63FD8E632992ACD7D5D95E97,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065455Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.168{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_socket.pyMD5=C1ED63B31DC1290F51B44EA452CBC3F3,SHA256=C7F2A34335DEFFC4A1E18B25513627DC2B6AA2039D422264BCC3917890769DD3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065454Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.153{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_sndhdr.pyMD5=13CE16EB5F6308B376DCE545BBF85D5D,SHA256=575F5B304C33C6BE341F0672D3A4073B3506A772005FE88F722CB187D35C60DD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065453Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.153{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_smtpnet.pyMD5=A86527AAA53D3EE297FDEC9470E13FCD,SHA256=3D6E189C4F935B6649A417280484EE4B68A126A86048CE130080363D33B077D3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065452Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.153{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_smtplib.pyMD5=3D506BB03AF9F8B32738B7A9B8C02E3F,SHA256=9DFAAFED5DF5E1BE5943661F86C149FB840174C49BE1135B3484791ACD02614E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065451Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.137{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_smtpd.pyMD5=9B2A7695FBDC5C88990F09F9B3E4D2CE,SHA256=2C36C1135B4EE85462A309D5F6858893A2E00884895D5FEBBF5A03B0F3EC6B7A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065450Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.137{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_slice.pyMD5=759D3FB9273CBF280935BB9AA47F1D9D,SHA256=B658AA745B14B8D12F8CD34FA73C797A76DFB268200D1F9D665E76F2AA6E0343,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065449Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.137{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_site.pyMD5=E34806130A2E151AC23C6F6F111E552A,SHA256=E0E332F9A705ECFC8329C25A0A1DCA52D6039CA1643B614C0E43979AF26C0047,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065448Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.137{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_signal.pyMD5=AFFDB443C00BE8A72C6DFEC8DB1CAC16,SHA256=00E1FC09CAD0627D8EFAD4D5DD627F8454951E525FCF038A2D09CE33BF82E41D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065447Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.121{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_shutil.pyMD5=DD8230372C7C0CDE1B490D06B36BCB1C,SHA256=CA4C30351F0EBACB7022A18CD695C1336AFF54A0B56B8AA4B4BB299BAF8D48D9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065446Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.121{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_shlex.pyMD5=75B0DE4129609D6B37AB3B26BFF663D5,SHA256=3D17AA78C5065B16ECF532F2029EDC7DFBA588D8BD43368F08E5A77A201EC96D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065445Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.106{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_shelve.pyMD5=F99C4A6EAA0474B98B72CDFC11F3B05E,SHA256=61635CBDA743620A67B36F4750EE20C67384481879902B912AE6A906614AC367,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065444Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.106{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_setcomps.pyMD5=74B088FF6AE35A2CB8903F075DB0FFE5,SHA256=1414E57211624A9230F141B0E633F7F8EAE265EB7C30EB0D631A5D72BF2D90CA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065443Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.106{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_set.pyMD5=C2EB8951B2D1CD2B4660162F19AA692F,SHA256=CD2E7734DA8E3587193F86B714DF6841CE9996D88F04AEF79032A836F1D485BB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065442Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.106{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_selectors.pyMD5=1AB677A23A82FF23469A0872700052A7,SHA256=3D7D9D2B3C502856A9474A56F3F3F644DE3229054D659211E576A677F03384D8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065441Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.106{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_select.pyMD5=91BA3ACED2969456CD0353E6DE361B17,SHA256=690A378A02ACDED9602E52839874D6A28D277B318972AA9447FF76EC96F16BEF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065440Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.090{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_secrets.pyMD5=CB2C70AA3B228417B5797DFCE65243B9,SHA256=2507436DC12912E0A8DDED63FB8F1398AB7C5C37CA82CA2782FDC20DEF1FD33A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065439Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.090{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_script_helper.pyMD5=66BF962DF74AFE66AB9CDE12A66A2B3D,SHA256=25F182FEDD9AE878453EF6E8A0A9734D4D375F134104F0C9F0CDCDFF11C37643,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065438Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.090{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_scope.pyMD5=7C591AF23D2FB23BFE3DE5DF7C33F968,SHA256=2FB194EC896EF1F201A8735AD61A5EF7DCA3920B0DFAB4C9684220406B8958EE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065437Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.090{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_sched.pyMD5=4B5EB9673C54D41FBA3CE28714D14732,SHA256=02FE299DE1BCA3A22004370A3A57D928ACE8A91D7670924AD4EF25674AB17984,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065436Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.090{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_sax.pyMD5=D98676AD523833E7EFAA8985EB9C516B,SHA256=B9382FF5BCA461376375E5B33232A4F9857E9F6256E75FE02DB1543930E94AC5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065435Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.090{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_runpy.pyMD5=E904D83482E42EA0BCFE31D0A82A8284,SHA256=3B99962FFDB9875EB3978E146F72227434A693E531A39051B143B0063E973B0C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065434Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.087{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_robotparser.pyMD5=2D6EF63334B68D7CDE0898B67696C7F4,SHA256=0F15AE62BABC63E9E1A167383AEA5F5D1EED37D7131A6A9C857F38A3D5BC13D3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065433Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.084{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_rlcompleter.pyMD5=EBF4052356C7A41358AFC4CFE6C5FCBE,SHA256=751E56CBFF298F36C3DE4897873C84A667B5BF74AFA56D075EE049835111B2B4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065432Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.068{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_richcmp.pyMD5=2D79ECAE175586213BB95AAF6ED974C5,SHA256=57478C6FEFC92EC1D4E80A3C11C5023C63BD79B22860ACC684309FA1A57432DE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065431Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.068{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_resource.pyMD5=DED3E91B7461E94E8A087BC74EE0B99B,SHA256=E4303D40490C1B4CA0E45A86D5ADD180C553FF63519983B2AD83A95480FC884D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065430Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.068{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_reprlib.pyMD5=52B73EB3A896D56E1AB2DA63A9BE5012,SHA256=DCC115FEA0AC0E05F402067E34464F99A345D30099D7EDE0597F8487FFE8F595,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065429Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.068{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_repl.pyMD5=38162019EB887F4BF93DAC4900F0FD9A,SHA256=D5C8AE46FAB01DC06DAE5AE6667C1AA2B4A10FCD5ED47138BBBA03A23A91DBB4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065428Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.053{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_regrtest.pyMD5=0508AB5DCEAEEEF6D26A7AB338A7D5E6,SHA256=DC720BAF7373F387C57870B515BA6AD2F6CFC40B54B50EE1393C5B7690861407,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065427Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.053{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_readline.pyMD5=09E57EC7AF401298B84C74EAAB840E6E,SHA256=BD6FB886FA98CF2F56F32DACCAB7E9D4762E5F0F2C0D1212323576229E0789AB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065426Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.053{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_re.pyMD5=D79AA10F4349403A3B4D9DC3CC48C398,SHA256=4BA6121747501DD0EDB97A21EFF7225CCD9296C791E2164962C8F4DE5AEF2155,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065425Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.053{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_range.pyMD5=5AC5D5DD229E2BB596A674C9CB904B13,SHA256=4226A464816ED6D4590689F1482342440D12AD576E72AEE3AFF8E9789FA7E1B0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065424Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.053{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_random.pyMD5=BE9940868931484F2582CC221BEB6DF1,SHA256=ABA6A3FFDE195A9A77750F2B5EB523D1B6DF480D985E708832D5CC072D31C6A8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065423Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.037{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_raise.pyMD5=5DDFDB0F32D762F1211F9CE36A517ADD,SHA256=913AF2D91FDABE98AAA987E577BBF77934810B85BE1B97C6675A979F2D56DE05,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065422Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.037{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_quopri.pyMD5=0ACC2242113A0682986B26132512DC24,SHA256=681B1A2373C22DC1C385B50E012F7DEF09AF503EDFDA6BEC02C8C7CFA2690D64,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065421Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.037{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_queue.pyMD5=64B79A7015E8F911B7AB7C2F06DAC7D6,SHA256=1A38CEE9DC32FA0DDB59AD9F1F84C9B0B88F820D5A54833DB43DFED7E2BD91E1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065420Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.022{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_py_compile.pyMD5=ACA9704FE2D63BFF3B3064AE820CF969,SHA256=456097687F16009369EE9054E18A5A0A3138320546E2A169968EA8AE662589C5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065419Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.022{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_pyexpat.pyMD5=7591EC1D63091BEB535A0FF379F11B22,SHA256=AB22A26A1C16C05DB912A878996CBFD1FA76E526FA08B008EFA53525025529A4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065418Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.022{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_pydoc.pyMD5=2F6BADB9D3F391CC381FF421F8AA38BB,SHA256=F4C65F6EC3C34584C2B8453EB0EDD9614CE334422252CA59587AB9299705163C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065417Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.022{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_pyclbr.pyMD5=3AD0C1B887CDC8997D0F4E59D7F4CEDC,SHA256=3C9BC81BFFC113319040F029F7F2714C86D714FBD864741968B34AE13BF0B62E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065416Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.006{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_pwd.pyMD5=904492BAC6B2CDABBCA978FE94CD5440,SHA256=10EC8CF9822556D597D363D146696175665226CBB795602E5ED630C7965DF0AD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065415Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.006{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_pulldom.pyMD5=1AB9E994590C4EDE6461B2BA987A4C4C,SHA256=17CF32BCEAA8068BF1E01CF182DD2D9D1F71D6642395E10166995699B32630E3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065414Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.006{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_pty.pyMD5=60A9510304181305587C30A0BC435859,SHA256=A4627545A67DF60C7BF420729684833E39873FF19338E2FBDEEC773B9C7CA6F4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065413Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.006{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_pstats.pyMD5=35840E7A47179B4F7C4B1A287C523DF4,SHA256=7E1BCBF1F87047C37D92B2E7B610358EEF29351E4A5BF2AB08B06742164D62B4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065412Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.006{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_property.pyMD5=175BA307215A9E0DEE4BB5D8133B8414,SHA256=B5172F448768FD96CFFA4A83F1B46B7C97D0E2FB2255710007AA0CA58B652476,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065411Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.990{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_profile.pyMD5=9CEE08C9ADC63F44A23502CD784652B2,SHA256=8D7427D8B3A2A168582D179B25B6A0BE83786AE7E5D95C4A9D0CDC07457ED93A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065410Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.990{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_print.pyMD5=C3E43941F61DA33B6A4140836D26AC9C,SHA256=1281C770BBCAA042BD673CA2308B62D8FB3A2F685AD4419465B3E2FD07B02545,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065409Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:58.990{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\test\test_pprint.pyMD5=BBDBF974A60031D29F82B4AAAE3E61EC,SHA256=F318CD245F6654EE563302F1B963F00EB0FF4EDF48628250CBD6FCCEDC3DD07E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000031935Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:59.030{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44B5986462CC584E49C8A29545A93AEA,SHA256=9A143DE78CA07A57B3228ECF033D9327670FEDE5967BBCC96A9A8C2D4EB5A3F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065826Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.976{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\ar_sy.msgMD5=8188C37CA44FEFFF8D895AAD503AD4F6,SHA256=294F3E46C55453EDAD44567E1330F9B43E69A07FA0655B24DD2780A4490C1194,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065825Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.976{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\ar_lb.msgMD5=6FC1CC738207E2F8E0871103841BC0D4,SHA256=1FC13070CF661488E90FECE84274C46B1F4CC7E1565EAB8F829CCAA65108DFCA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065824Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.976{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\ar_jo.msgMD5=5C62D606F4F14BC8994B28F9622D70DD,SHA256=5ADBB3D37C3369E5FC80D6A462C82598D5A22FAEF0E8DF6B3148231D2C6A7F73,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065823Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.976{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\ar_in.msgMD5=430498B4AB1E77C86BC1311A49747581,SHA256=2E04B96DA002519D28125918A22FF2BB9659A668A7BCAD34D85DDDECEC8DC0B4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065822Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.960{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\ar.msgMD5=D264D01B46D96455715114CAEDF9F05E,SHA256=B69D0061A728D59F89FF8621312789CD9F540BF2E2ED297804D22F6278561D85,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065821Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.960{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\af_za.msgMD5=1B9DCD1C6FCDDC95AE820EA8DA5E15B8,SHA256=1548988458BBF0DFCCC23B7487CEC0E9C64E4CC8E045723E50BEC37C454A8C81,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065820Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.945{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\af.msgMD5=DA8BA1C3041998F5644382A329C3C867,SHA256=A1EACA556BC0CFBD219376287C72D9DBBFAB76ECF9BF204FD02D40D341BAF7DA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065819Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.945{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\nmake\nmakehlp.cMD5=F1C102426CF8A926AADF5CA9968F6F3C,SHA256=3D4C390698EA24CB1C2AB0166C7C302EC056D841DC9F4B01979128824BCFC504,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065818Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.945{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\NEWS.txt2022-01-17 14:27:00.000 23542300x800000000000000065817Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.945{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\NEWS.txtMD5=988ADD01F9C2E6360CD81B3864C0EBFF,SHA256=B41E32A1184D26C183EB731FEE7277691EE81388755A9FEE0B647309D2118B0F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065816Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.929{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\LICENSE.txt2022-01-17 14:26:10.000 23542300x800000000000000065815Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.929{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\LICENSE.txtMD5=1D8D00849609DC66ADAC140EEB3484B2,SHA256=C446818C23ED930F816763F9AF1BCA605873FC14886739AA6CFC414EBF1D52F3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065814Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.913{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\__phello__.foo.pyMD5=21452BCD01B4FA606D021E2A35A41918,SHA256=AB3048BB63BB222868B04BED809A534986466828A6983C2686CE048C4F198D18,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065813Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.898{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\__future__.pyMD5=903D790CEF59478A60829CC3F6978890,SHA256=70A3FB890DE3673DA0118F401F54E5C6B22639F45CDA7834F638EC3198DDACF7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065812Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.898{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\_weakrefset.pyMD5=B63A969483B85C6E81E57B8FABE80F2F,SHA256=5B03D51D4CB46AA7EFFAD1B1ACE0847808E5A43F1EAE7CC9682284A8D0701A76,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065811Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.898{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\_threading_local.pyMD5=2ACCB96019A97C9B237FA45AB4E67BBF,SHA256=27BB2BD201E6157EFDD807EC5E3F3C5A8E0EA2EA2E86ED475A59DE8C6442A0EB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065810Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.898{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\_strptime.pyMD5=B4CB6BF5E35DC2F8A8D10014F66A72C0,SHA256=770CD20E1D9381A3850401868BF1CA375C6BF5AEC7F8E031B6210DF98D789E3F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065809Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.898{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\_sitebuiltins.pyMD5=2E95AAF9BD176B03867862B6DC08626A,SHA256=924F95FD516ECAEA9C9AF540DC0796FB15EC17D8C42B59B90CF57CFE15962E2E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065808Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.894{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\_py_abc.pyMD5=E9F2D6D09F06D7E0772B74B32759881C,SHA256=8F790C97331A66EA442964314843F7CC8863FB3D9B899183F6D02598D4361A5C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065807Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.876{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\_pyio.pyMD5=4CE252A0918905754099C4FD9D67600D,SHA256=A69CD689730D948710476FC1FAE557DAF7B5C4D0076ECF6970B5BED4E30AE09D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065806Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.876{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\_pydecimal.pyMD5=21CC2DE5228D758FC246AE2FBDEAC4FD,SHA256=690E82A528EFB2E9C6C4B624BF28D9F7DF9B8007C3E26FC606ABE8E4C670734A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065805Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.863{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\_osx_support.pyMD5=FC4CA3F0DD53369CBDE78E6F34D6D1E0,SHA256=66881ABF03400804BC29B465BE8A6560A78EFED1F7CED3FAF9FECAA586157B00,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065804Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.863{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\_markupbase.pyMD5=2DFE8125174DDC3D0694E41EB8489C58,SHA256=914361CF055D5D2E1B69A2603A5C94B22DEDB987D72CE9F791AFEC0524718F28,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065803Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.845{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\_compression.pyMD5=F75E9299E14E9B11FD7DAE94D061253E,SHA256=A10CF1A317374641BCDB8252499E9CB9D4D6E774AC724EDFDDDD0433EAD771D9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065802Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.845{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\_compat_pickle.pyMD5=39786C0D6501D2955C13CFD37EA658CA,SHA256=722B53F3D1843ED446B55B92D039A58B139503192B4D818B2D8B8231EB32E7AB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065801Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.829{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\_collections_abc.pyMD5=21393589F209F88AFE1B770217B16678,SHA256=795A3D48679631D7E77C5C7B02A0324F695F4B8557ADDFB9A74264CECD4B687B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065800Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.829{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\_bootsubprocess.pyMD5=977B851F41A21AB6862A9527A8490AB5,SHA256=4C817B46039F0162413A4384EFFEA304E933307E9B40527C8AB02FB64079AB7D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065799Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.829{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\_aix_support.pyMD5=4DEA757F6D3EB1A2EF11BDAAD4E23DD2,SHA256=E10D74710901AE5610CAD66273F45F24FE446CAA74AD27D3F7C199CEB92C9B21,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065798Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.829{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\zoneinfo\__init__.pyMD5=1F329A76BDAFACD64BB18C75EA2A8328,SHA256=75F4740A1DA3CFB5B3E09C537119058B4A8B1BA7A9B90FB90FCA15527C61E585,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065797Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.813{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\zoneinfo\_zoneinfo.pyMD5=1F472AA11C1CF9FC9EF1630FDCFDB26D,SHA256=D05A484CD267DF61A99FE43A7A965249072F81FA06B1E4EACE6D33AFB440D5D0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065796Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.813{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190426-065455-00000003-ffffffff.binMD5=77CE483695D4E05BF2CBC22DEE4B73B3,SHA256=20599C862C81BC9A3A804374DC00D46BA93107FED6B2183B18080349A5C3D62B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065795Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.813{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\zoneinfo\_tzpath.pyMD5=74B5E1BA73B5231878C6F4BB56A31401,SHA256=DA403A91C2B401E1AEA3027E4428710A9A32B7CDBFDD873E70AC9060CC70CDC8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065794Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.798{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\zoneinfo\_common.pyMD5=9BEE26AE868408FE0A3DE5A8FFFE9E5B,SHA256=2F0F6EC7D8777EB3CF38118BE7A3E480B81528BEA4AFAC0B30BDF2AE75B2DC35,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065793Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.798{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\zipimport.pyMD5=A9364551228CF7B54D015DAB8DA6F74E,SHA256=7B409B43CB81892B218C5171D6C6948443E29022E2D169183B245DC7A92BD71D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065792Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.798{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\zipfile.pyMD5=606DAD08DEBAFA2D826343287C49C574,SHA256=213D2AC3E4CA7226411A2F75F3CB8CC2DB54038A881816FA3458A636CE2FA4D9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065791Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.798{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\zipapp.pyMD5=A981793A5C496164DFB5AFC8212CCABE,SHA256=EF6D063E7337F6D83FBBB4CA3ADAF321B35CBB3AF736A25D2D637231346E3117,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065790Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.798{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\xmlrpc\__init__.pyMD5=F8259102DFC36D919A899CDB8FDE48CE,SHA256=52069AEEFB58DAD898781D8BDE183FFDA18FAAE11F17ACE8CE83368CAB863FB1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065789Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.745{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\xmlrpc\server.pyMD5=E7F29D94952C3B30144B568820458403,SHA256=C9C08DF29D766D9AE84C2B433D78E413A4F9042070A441D93276EB49927E0E17,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065788Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.729{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\xmlrpc\client.pyMD5=D026F4E93043D4DEB81213DA66965F20,SHA256=0FAEB1645D85AF2CCDBF0BFF1AB7F5579EC1E324E97683AF354A67CF9AA09E90,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065787Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\xml\__init__.pyMD5=BBF47A853581DA94F257137FC2931942,SHA256=8E7BC2B8A9974751E0BF0BE8E8FD3C116FB0ED2FF2E372F693A7E3659A46F8DC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065786Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\xml\sax\__init__.pyMD5=DCABA6CA5D8E6F30213653013E658E2D,SHA256=F8326E5CA606923225E0683D7391F4CF94B74B90A2833DBBD3A85749BFEC8037,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065785Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\xml\sax\_exceptions.pyMD5=A4EA3AE8669415291EE47B26A159D06C,SHA256=0F2B2D27FBDC156CB45BBB74CEBFF77DA28D6A2F6F4E60A263138314CE016442,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065784Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.675{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\xml\sax\xmlreader.pyMD5=3C79D7C0496DEFB97BA38D6D8694DF2E,SHA256=947AF33F545305A6853771B5C1E831D2958F69998AAEF48A9F0C133516D2C47F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065783Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.675{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\xml\sax\saxutils.pyMD5=F8DA395195C50B93F5B98FCE2B9A66BA,SHA256=3EC6D8E4A1414EE7C52E23A58DBCECE9653021705A4D0C0ABA0E96961258C5F3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065782Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.675{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\xml\sax\handler.pyMD5=9FD26A93F62E24979039A131066BA573,SHA256=788A465AF38EFB19485A4E27389D5DE072AEA2F9BC20E5DC1BEDC7E9708B4340,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065781Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.659{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\xml\sax\expatreader.pyMD5=E79FF76334B22E81DA14019971047BF4,SHA256=F58400B633D9A335AA12B01CFD6A00A6EC2EAC57CD4D56357AA784630BEB81BF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065780Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.659{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\xml\parsers\__init__.pyMD5=A1215D8FFF352A77ED03AB2CC1A993E3,SHA256=D78A708D6CFDCCD02037DEBB3E65D5815C82A0BA66EEC2AABAC29AC730B5D230,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065779Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.644{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\xml\parsers\expat.pyMD5=461E0DF49035F4534652570F0826A0A7,SHA256=4FCCB4BC00F1BA7BAAC14413B180C87A34A77D49A854F1AD9FBCA199DFC2DDEB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065778Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.644{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\xml\etree\__init__.pyMD5=074C97369CF6D6AB3C81A90A2EA48000,SHA256=A2006C512205BA0E5C96B2A4BDCFF89BFDD02F18EF076F3E1FC70F11CED93423,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065777Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.644{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\xml\etree\ElementTree.pyMD5=9D71B19B59224F06158F946E03A393AD,SHA256=7E29724F578E90878642AAD4FED9DABEFDEF91D29659832B3D41DBD21B176F9C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065776Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.628{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\xml\etree\ElementPath.pyMD5=BDF3A4FEF2B744368DADB3A468EFD30F,SHA256=5D12D19CCE7465B03FB57E9B0D34B92FEEA180016D88534D736A68C4F07B3DE9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065775Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.628{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\xml\etree\ElementInclude.pyMD5=8993D36D13E13BC403F006D7E85C3C75,SHA256=7B5DA3456C23CF25459EB3C95B063F3C9B623ED50EE70135E9DFE72D100B1D4E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065774Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.612{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\xml\etree\cElementTree.pyMD5=94DD5DD6A9695867E33608F69F470973,SHA256=A42C14E24D69C79D1A1462486DC28CED30875787CB9407BD56A62CCE83C349A1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065773Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.597{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\xml\dom\__init__.pyMD5=52A7C6D8927595A89F26EECC28A9F27C,SHA256=205D03F2E27639A136047A7DC21C37FD3AC7CE593899F8BFC482B33274C090AB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065772Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.597{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\xml\dom\xmlbuilder.pyMD5=881BBEEF94F77A78DC5BEB0DAA5CFF2A,SHA256=B02D7ACAD7E45931DCAE85209134B345AE94E4845AF40DCC06311A5948EB157F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065771Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.597{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\xml\dom\pulldom.pyMD5=0A230380A4E3BE76EC953C0F6CE032C5,SHA256=26A2C6DDCA4B34CEE3BC91E71C45A1C5AD603CDEEF9E267049C67AF69FFB19CC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065770Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.575{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\xml\dom\NodeFilter.pyMD5=9958E8A8D21FFE4E3F7BDC7779266848,SHA256=125B3733259B454A33B339E5B20AB0B814DC4FBA6337DB0BF92C3E8B35F38DC6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065769Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.575{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\xml\dom\minidom.pyMD5=F4593E0EBD4F4986316C70A4DA33860D,SHA256=81FD16317D9A6D0B4A1262250915490E3E987F9133F7AF999B05846B18C5F6F2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065768Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.559{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\xml\dom\minicompat.pyMD5=D2C69B5B30E8E272B3FCDFACBC139787,SHA256=99AE261E514DE6D47A11FF572D7139EB9DBCC70696E3F6710BB17543F321F4AE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065767Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.559{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\xml\dom\expatbuilder.pyMD5=38D0AC2BBD9BF4DDD21D39F4FD1CC1B8,SHA256=23C2A6BDFE9D22C3587967CE02754E7366FE93CD087244774F6B37AE902F1F74,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065766Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\xml\dom\domreg.pyMD5=1428A8AD8E0FF4731EC5F42BDE8A7ADD,SHA256=174FACA21D253FB4AC50624823614B5B3B41E7B8BDF64D59EF75E901AD43B0A9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065765Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\xdrlib.pyMD5=AB44399A4ABB9874B0F2C2D5F9FEA306,SHA256=A9043DAD797D72C31A4A01AD4069D83AC894720EF8E72490831676A8517D0853,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065764Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\wsgiref\__init__.pyMD5=B38AE8A7E90DDE3D5BDB128E72AEBE74,SHA256=7CA649FD34AD5881869A534DD9FE4CCFFF780B89A1CF8A4763387505CA5D60DE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065763Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.528{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\wsgiref\validate.pyMD5=4F0D1FDAA3EAA2CEBF2F08893D332D98,SHA256=3A9846968D1944DE876B4FA7F400B18CE5CD3822DA834EDC5326D1BEF1C0B555,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065762Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.528{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\wsgiref\util.pyMD5=5E03F1D973BE0B8D728CE2C528665B48,SHA256=161F92EDCBEABDD75D5EB460D4CF90DA64A9903E74CB87ABCBCAC1B66D429796,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065761Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.528{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\wsgiref\simple_server.pyMD5=B7D46278821659B18DBAE151058B1AE9,SHA256=E2A6C322349214CA18159541EA763EADEA4DA2A1998C002B8CA5DC3396D0E0D2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065760Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.512{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\wsgiref\headers.pyMD5=DE43247A8F9221995F9BDA75FDB451E2,SHA256=7B96D1DD47E97B5AAB695FE4062D53744E0B7C058BB1565C6E65CAF4DAC9EBCB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065759Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.512{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\wsgiref\handlers.pyMD5=5F63608125FA807F66EE56FE6DD4537A,SHA256=2BC005BC8025F17A386AAB361369AFBB0CF4E10135207E066848AE9A659F76AB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065758Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.496{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\webbrowser.pyMD5=C6235576ACFA074E0602F8286D6AE967,SHA256=91DE52B10A90BC40792725B914E2184671E2E2EE0D32E3BA6B1EC027E63BDC51,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065757Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.496{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\weakref.pyMD5=77D4C5645BC5F43355F2490B0DB5330D,SHA256=666C9958ACF3D1A307170E7E6DF53BB064C63EA4995627E870552EFA088D9A9D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065756Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.496{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\wave.pyMD5=D55129AF4810C592A87D75480D44C73F,SHA256=0CC87A2E89B8B3AF9470A8EF92944EDEFD4A05E1D9ADEA6F2326F9C8E0AE78FC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065755Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.490{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\warnings.pyMD5=75CDCBE366D13B7C463830D8FAF2DBE5,SHA256=2B0C512178EAF53227CD7D336FBC5E055509048B8E1D9CE7CBB33D56B968D4BA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065754Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.475{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\venv\__main__.pyMD5=C446A88879A21B85D92BD3F00F91D529,SHA256=8996339F7F40EE973AC404F514792180F26CB2AFBA22AFCE53F82B842C487FE0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065753Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.459{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\venv\__init__.pyMD5=A6A7C0CAC6A14E1146849161A8EE2A3C,SHA256=178C12B5B6CE34FB75661F9B9ECD89235A55C4A86D38822C9418FB9BFF7CF6FD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065752Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.459{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\venv\scripts\nt\deactivate.bat2022-01-17 14:25:12.000 23542300x800000000000000065751Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.459{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\venv\scripts\nt\deactivate.batMD5=CD761DDD8683F623C5A4B142142B4323,SHA256=FB53ED45866FEE40F01C907C1F67555A399F98361722D89120D05A2580E9E563,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065750Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.447{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\venv\scripts\nt\activate.bat2022-01-17 14:25:12.000 23542300x800000000000000065749Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.447{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\venv\scripts\nt\activate.batMD5=3F5B7CF6AFC3EBB7053DCA90FE8C0D49,SHA256=107F9AE6646D42EC3E7DA7D40266699C76A6A1FB6837FF824D47114406DA5345,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065748Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.447{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\venv\scripts\common\Activate.ps12022-01-17 14:26:04.000 23542300x800000000000000065747Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.447{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\venv\scripts\common\Activate.ps1MD5=D635A75A3A6B59EB72660C1859ACE6EB,SHA256=27C717734486373A84E6897D7E43D3428E24A3C2394C158F98C6A61E8A9C55F2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065746Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.447{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\uuid.pyMD5=5515FB646178240828D52D4C0486AD92,SHA256=1F4AB49C774A87AC3BEDB82713F3924107623C5362F3238685E109AA0ED39A36,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065745Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.428{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\uu.pyMD5=CDE9C803E2AC98627170F6CDD8030520,SHA256=35CD5F9AB4611102799F21E7EFFA5F31EFEE56826E0383F59BAFD27BB3598B9A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065744Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.428{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\urllib\__init__.pyMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065743Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.428{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\urllib\robotparser.pyMD5=A024DF2786691CF05997954F37178BE0,SHA256=05CED87A4F681014F6A5BF7370680CDCE02B392A559832CB6D2AA2F910F7D5EB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065742Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.412{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\urllib\response.pyMD5=D531F0A30312F650F962EAA31652AEBB,SHA256=3B79834FB777BCC3601B05C8A2BBFAB1A72BF99B10E5A5D2C20A7C3A4583D0CF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065741Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.396{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\urllib\request.pyMD5=3A3E61D987FE3573A7D0D38C1477E2A4,SHA256=219071C80CA49ACC258CEF0BAC6C3C248528EB6A70DBC854DE3601D0A69B496B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065740Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.396{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\urllib\parse.pyMD5=F6CB3F9CEFFA489C68A470E7061E02A2,SHA256=54D3A366C511595F1F7CD7D5DF8800163D41703E14E8ECC1076BBB5F70B64015,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065739Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.396{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\urllib\error.pyMD5=58C446B1AC6F29593716CECD86C2F155,SHA256=F0552228F4BA56228595A7F263E39D43E01F83B498D3F2E83CDA4346B6A265DC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065738Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.392{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190426-065314-00000003-ffffffff.binMD5=0965AF5A1C5723553F2B84100BFE0F5E,SHA256=0778C438F33DE0CF81ABFEB3BF8708253D85194A240488AA7A26B91929619298,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065737Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.374{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\__main__.pyMD5=61F3216563575B97702D3AA2D8BC22C3,SHA256=14C0C71B35519473106EA65B3F22A9128F1C4B87D98AAFF0A7B7B770FF2780DD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065736Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.374{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\__init__.pyMD5=7BDDAFFD3D4F5053431968B9734735AA,SHA256=806DF3A8724F8E185F438E7D4435FDFB6DADBE7A834BAEC0BAC4CB93AC66135A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065735Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.374{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\_log.pyMD5=6C5137D84F81114007547C4D84A4C69E,SHA256=7C9BF421EC62FBB42C9EAA95C24B5E93F64ABB46C5487900BE40300762A4AD3A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065734Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.374{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\util.pyMD5=5413745685C7C3F60F6B6E81BDE3AAC2,SHA256=D1218413DCA8C641DB891ED05FAB47F02404320BEA183E9063E511D3660F61DB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065733Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.358{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\__main__.pyMD5=75F16A2E31EC94AF6BDA81311688FE6D,SHA256=8073984DFB3DC77A51FE96CC094066F47AA25C57E62057F043FEB891E2806260,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065732Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.358{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\__init__.pyMD5=042DFB472B82C87AB8D4A39802EB2826,SHA256=0B16DCD078BBB9C9B22B0053670073F80E756671A69A22ACC99A42D30F1F2675,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065731Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.358{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\_test_warnings.pyMD5=3F2ADD149300A96433F2841A77F3EC75,SHA256=7E83EE661B1402BFBF81D7380FBE4510B5A408EAAA78118B123A52DF718248D1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065730Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.358{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\test_suite.pyMD5=3538F274214B97C3F83AA6B36B7FFDDC,SHA256=417922D583C5B4DB23EAE0EA561D7BD88007D6DE350E42ABC96B31EC91E2866B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065729Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.290{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\test_skipping.pyMD5=37D95E67FA4B0CDD0B86F262BDE4F64B,SHA256=6972297FB491466B19A2F6517ADAF485DAED4AEA2C66BDEC74D4D8CB62C4557A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065728Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.273{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\test_setups.pyMD5=D38AF502442B49FD8F0048BA779368C5,SHA256=3598BD4B27C7FC42D6BE2A96A08DC6DDEC1C341F04E7CFF15A2093C2623C1CBA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065727Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.273{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\test_runner.pyMD5=033A56B3418949F1A162103C143CE1BC,SHA256=971E5A9607F12496F18802357DCE6176899E8D9FE710D76B8AE1F1A8F5B7F83B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065726Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.273{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\test_result.pyMD5=E4819ED0402B6D30413674A80543A4DB,SHA256=7650D1618F3C5480E8288CD39FDBEC0BC2C4EA5C5EFB4627A6F0A9FF711659CE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065725Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.273{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\test_program.pyMD5=069CCF4194F3740C3E9520D3EFC8B2FE,SHA256=6F924273F1986F77AA8FDFFD4DC9909094286C66576435987A94FA4C963650D0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065724Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.258{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\test_loader.pyMD5=9ECFE052AF43DD3C040AF66F96E19AEC,SHA256=7E793F8D14695940C3DB89D8FA5A9576F75285AF08DDB4AE0BB477964469863F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065723Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.258{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\test_functiontestcase.pyMD5=24307CB9E975D8635D5B77A98451EE38,SHA256=37DEDCE76AA19A776FFADA134E6A965ED821EEAE8EF44494E18460EDD099F6D8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065722Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.258{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\test_discovery.pyMD5=7ED0DDB74E98CDE2B2FF03FC90298EA9,SHA256=61E2F9B3549791123495F67DD91DAFA9019CB0B4BA2FA827B60779CE723F48A5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065721Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.258{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190426-065310-00000003-ffffffff.binMD5=A3E433539B73052F53041810734D86C0,SHA256=B0B44824B4A22CEDF36A6FEE8E84B54EBEA2C721E2AAEDBB73DB7FE5F4320542,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065720Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.258{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\test_case.pyMD5=2A5190AC5BC7B33A6ED4A152BF4D2F1A,SHA256=2E34C33F444DA2218C07836F1821FCCE554DB939FFDB52A511D436D348C90B59,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065719Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.242{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\test_break.pyMD5=8957858724AA10865BC22EF2E621303D,SHA256=4D7BE740D123B356443EBDA5BA6DD0BF7D866E6B70FC2D50A9568F9B0F3CE7C6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065718Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.242{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\test_async_case.pyMD5=1E19A78A94E70F31FC9D93C637820DFA,SHA256=F3371781561595712207D9A58CA11D37E122DF4960ECA46C1AC4712FCC5CEDEF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065717Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.242{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\test_assertions.pyMD5=CE3C45948F3E9312196D80D3CF426D6A,SHA256=90258CAED89164F7E4E1341D8B9FCB67829692A7A99AAAA706F91A6795218B09,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065716Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.226{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\testmock\__main__.pyMD5=BC7C5D9A6799282563C7151C0C9250F9,SHA256=7593367BA4055F44C2D42866CBFE933F09A56E5D5680BF121D8D9CA624846E7C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065715Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.226{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\testmock\__init__.pyMD5=A2A5DCFDF98E92836C154A8BBBB85882,SHA256=7F23831918073DACB0BCB4FED102C6C30A4ED6CB84F202A5ABAFC7360EBFF042,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065714Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.226{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\testmock\testwith.pyMD5=BCBFCEDBFEEEEEB6DFE8FE971DB391DC,SHA256=3BD0BAAF8649DA5F3B9A9AE84A540C5FA9D331044516AE806B6A4177EB3C3538,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065713Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.226{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\testmock\testsentinel.pyMD5=3A650B34DB1CB7FC66AF23E20A20933C,SHA256=41E5463CE7258E2D6D80ACE032F052A3BFAB7B7209BE7C344EDA776CB566146F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065712Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.226{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\testmock\testsealable.pyMD5=A8281CA56525B781544E5EB79E60AB96,SHA256=D87880FFF621DD38CDB05638D88026E3A6A8FFA05A2BC8507DA606D4D6FADE7A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065711Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.211{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\testmock\testpatch.pyMD5=2060585B20EC2CCAEED8E68A8FE38846,SHA256=AB13CA097F4C9C7C763DC6BCF4D98EC56724FD7FEB80D94D8BB6BFE2EEE0EA2C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065710Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.211{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\testmock\testmock.pyMD5=114179E83924B38D97B3A43F9D5891AA,SHA256=919861AD2BABA6D98482BE02E326810B3A9F2D56226CBB744E3AE6C244B4A72C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065709Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.211{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\testmock\testmagicmethods.pyMD5=F3A835768CC4468435C261C2A35FED9E,SHA256=B4529D0B8F9F67CAF84613EF7892DC3BFA031FA70EAB1683869B8DB3E18CE1DE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065708Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.211{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\testmock\testhelpers.pyMD5=DC68BEA352AC9E462EC8A11511185EA1,SHA256=A91AA5EE2E656D09F41BACB40ADCE3D2E85D867683BFEA1680F0E74367F929D7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065707Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.195{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\testmock\testcallable.pyMD5=93D47D45EF67DB5D1310F5176A7E064C,SHA256=729C5A3D6F25A8376C265CB56BEC4DCD8D4D82626B047B5018AACF4B0E6C789E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065706Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.195{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\testmock\testasync.pyMD5=F3A78D82FDE684C495FF45A17A358C3E,SHA256=C1BF2B65FDA267C9C12AF97594E40F28DFAA0870AE64A6AA48702683F0469000,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065705Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.195{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\testmock\support.pyMD5=BB2110382853F9F33D6D72AA8CCE6DB7,SHA256=BBACB8395CA15547BE405A652C6C6EC07443C5021F31F3366DDE9DBA5ACF752E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065704Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.195{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\support.pyMD5=F5D62D5D36F42AB3589F76BCEE070A5C,SHA256=2EA4261227EEC3698A06D9A9E8B4BB11367D7B92F90B2FF5B44DB8E27EAC6AEC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065703Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.192{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\test\dummy.pyMD5=4375144C51DAE845EB5388805C79BFBC,SHA256=6B84DED05848AD02D9ECDCB904BF66A5830F6E599520AC9AFF0AF7F99D410365,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065702Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.188{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\suite.pyMD5=1BFC31F66AEB5E141C221467F520C8AE,SHA256=26ACD439BC5828FCBA41C1DC7D2495CE05ED4F9073375E7FBFAC05FAFDD82E64,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065701Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.171{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\signals.pyMD5=F17FE1C654048799F6A7EFC93013F143,SHA256=0ED7CF1CBE0CAB769746B3B344F65A659D912C56CD63D1A4280F9B09A77B778F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065700Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.171{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\runner.pyMD5=165014F270DCA09ED122C86BC76B5045,SHA256=CBD12BBE88567E3D2A16443A7D183CF2D3EB61BF7BD2EC0D3DF8B727E277B360,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065699Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.171{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\result.pyMD5=B0764BAC60F46C28714C4AFDFD6AC203,SHA256=A217C69DE631502084C504DE5EB5038DC9C3DC35446BBB39A1DD61C66456223A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065698Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.171{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\mock.pyMD5=AFD00A1A05DE1BBDF0248ED9595499BF,SHA256=57E377A688C95295B55E966308FEFA6B1AB622DC84B6C0FB8F805C7CF8F3F509,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065697Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.156{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\main.pyMD5=E0258596AC550C518B8FD0718A627E31,SHA256=9DC108592C08024F780B2459F4BCCFF3D0F65C0F983DA018B8A456486F216F02,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065696Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.156{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\loader.pyMD5=64E018C6AFA8026051B62BB9F4C889FD,SHA256=C26211B48625F0F5B70FCC89786EC1BCA212CE6FC98C3AC1C99BC3ADD4FA5E33,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065695Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.156{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\case.pyMD5=710D4EF33AA20F4E7F329338BDC738CB,SHA256=37FA72C690D0F8D1ED3ED95D3D37894A4E8402DA0C253EFE01ABCA3A4D420255,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065694Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.140{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190426-065204-00000003-ffffffff.binMD5=62BB206289ADC091FCC912C800016001,SHA256=85AD7AE3F118CBA1D984FB9E9964693705A12BC6858844686BBBA4A0A54C46FE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065693Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.140{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\unittest\async_case.pyMD5=92DFB2DB5D46012786CB6453FE18372B,SHA256=B447F315D70DEF5B799BD4EEE79D9F2F36F8FDF2378895EE676C31233A2147C7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065692Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.140{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\typing.pyMD5=00F39FFE5D6980DFD2A09B060D9DE85F,SHA256=3B1F8E4D6C29B112C9D2B3D4C84816240EC2530B2CC9D1C3B470D54F1468621D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065691Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.140{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\types.pyMD5=C58C7A4EE7E383BE91CD75264D67B13B,SHA256=0D3A1A2F8F0E286AD9EADBB397AF0C2DC4BEF0C71A7EBE4B51DED9862A301B01,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065690Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.124{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\turtledemo\__main__.pyMD5=1EAE94584089D07D613B6C205FA0A588,SHA256=0EA0FEA94150F1D64BF9CCB112520A347FF8A7BEC8779CA42CE911B21356F3EE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065689Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.124{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\turtledemo\__init__.pyMD5=04930AB6118D524B31A7FF915BB0A086,SHA256=1F97EA361E2359A1338CC38A2D0FB9AB55899D4E4184FFA008FB227F0A44CD8C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065688Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.124{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\turtledemo\yinyang.pyMD5=1EF932FD3027994F14CC7DCC52784753,SHA256=E4C9507C3717DDAB7E424FEB08982FAB4ACC279E8661328073B88BE652D58B7A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065687Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.109{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\turtledemo\two_canvases.pyMD5=617C1360AC08913ACA8CB134B1CE4108,SHA256=FD3B6549E8D586797653263B22462B36C66304AECD60105FBD21523A2637F003,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065686Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.109{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\turtledemo\tree.pyMD5=89F0F950133FC3733490639648E87CD6,SHA256=832EC4C83BC340EB4E046C29EC2F5379BEE806CF555915B6391BA89DE39766D4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065685Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.109{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\turtledemo\sorting_animate.pyMD5=F63F01468EF4F409360050C18B9EB852,SHA256=1EC5CCAAF6F0F9E123911A95ECF7B2E7F2B482E06627E881FD5C983763F7C9B3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065684Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.109{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\turtledemo\round_dance.pyMD5=C8FCEE1AE976BCF593C832534DDF78B0,SHA256=BAFC72E609CBDDC8D311C2CC4639D07EA7EBF2E63013BDBC18042BC094900495,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065683Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.093{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\turtledemo\rosette.pyMD5=4FD0190D1A811DAD653D4C19784D5425,SHA256=A0A6C7E1BD4382DFCCE32563991FF20926221E3908032B5A8DDA8C7AC3939886,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065682Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.093{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\turtledemo\planet_and_moon.pyMD5=B1BF2BC118C26FEE1CFF2136A59A6634,SHA256=7406348DC407147F1DA75234B3E2A3C955A2466E911E2927C065E5A14250F7D5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065681Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.093{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\turtledemo\penrose.pyMD5=C4215A47AFD9EDEE7AB705E42DEFE23A,SHA256=9D0ED4C343E83AD91315B6F4CD36B50C2B8C5F775CCC11E4366DA3024CC76234,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065680Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.093{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\turtledemo\peace.pyMD5=6E0FD413A5E2D9EFFD3D973B35C9A30E,SHA256=F2BC372E6BD79214FF3C2FEBA886FB94B034C06C1020D805846955DA72B5FCAB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065679Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.056{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\turtledemo\paint.pyMD5=85BD1C832338134E59BFAE6A93C2F90A,SHA256=D23A637C397C9AC0D7A91A4812E42BA362B7CDFDE9C7E9D13B7C37B799931741,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065678Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.056{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\turtledemo\nim.pyMD5=24520D4B7A3F05203567DF839C15D4B2,SHA256=7281B8C20B88E601B3127ABE6E696F1C3E570320D51B5A1A701F59D990AA71B8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065677Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.056{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\turtledemo\minimal_hanoi.pyMD5=45BCDC7F12811FBF5F8852AB48A0C43F,SHA256=CE48822989371C84B283EFB5B2604B097EBDCF0129681294C5507ED052C5DABB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065676Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.056{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\turtledemo\lindenmayer.pyMD5=BDF3F1C0F163207821A1DBA0A163731A,SHA256=AF4E1BA8102F30F049CAF1C4657DF7EE1A0B79DD016CA78698A1CFE4067A7DF7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065675Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.046{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\turtledemo\fractalcurves.pyMD5=4C02DFEBFB6F14E34FCBDAE0F0A46108,SHA256=64EF4AC4EB23E645C17E8699168C3132E130351592DB797A34D57CF742B41717,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065674Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.046{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\turtledemo\forest.pyMD5=CB5D1BE5908794432046E32C6159EEAE,SHA256=1B5F67104AC4DE6DB1FA425C41383B402C1A49B530323EC1FBEE39B04B74F25A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065673Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.046{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\turtledemo\colormixer.pyMD5=F168BE81F36A68D05C1B8BA6306E67AE,SHA256=9F65B057C8697DDE9EC4200F8BAF0E383388E8B7367F41EAAC50708127981610,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065672Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.025{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\turtledemo\clock.pyMD5=E54B16528A2B04156BD9493B12D3E114,SHA256=9A8C274D5A53D762E90657AC21721528B51442C352A1A194E343E5547C8FB436,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065671Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.025{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\turtledemo\chaos.pyMD5=758CE336568623F47345749B60F5DFA7,SHA256=3745AE9704F9CADAB1069DAC2291D330F7423F6AC5006878FC5A92ED812D2717,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065670Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.012{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\turtledemo\bytedesign.pyMD5=EA4731BFC366A97F7C33750955EC8E1D,SHA256=F87BFD89A92C6B77C46B10ACCC6DF266A25CE0D2589F02C5C9284603777CC7BE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065669Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.994{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\turtle.pyMD5=62B07438BF31C48386B4C863D9BE2180,SHA256=CBF890BB999CE3658CC490E626C3D80D48327BD0726A1C28B815F0234857182C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065668Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.994{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tty.pyMD5=766278735444B810C8C42470582F1A83,SHA256=45805F726BF977290DFAC21AEAC1E506E7759804BF9D01DB5DCF7D17337AEA30,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065667Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.994{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\tracemalloc.pyMD5=0233BC515180C861D919BA79B6928163,SHA256=488C28AD5FD084DD715986EA235928894F1B140AC880A5872655A99C97054DC2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065666Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:59.994{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Lib\traceback.pyMD5=9FF63955DDAAD02512C46D4042FF21D5,SHA256=3725667A85A861E1EE626774F9AE11F3EF7DAB2210222EB1742546F8057CA7B5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000031936Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:00.045{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D76CE2F5465086E66C088FBC1FB884DA,SHA256=3076316EA2DD0EBDE8D5ABCB95DD015DED000F6E44A35E15B41208C5D6541529,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066069Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.995{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\fixps.pyMD5=8111CE3E8DFF8372B8A05F13A6AA106D,SHA256=4BB7001C51C5E679D036B3825A765F6DFE136DB5FCB7D0595BB4DD9F4A54A5FA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066068Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.979{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\fixnotice.pyMD5=A5113B0A40BE960C3013E22B3A1DBEAE,SHA256=C29CBB5BED495B74857CF536962887A155EC9DBE4B7B4336EF0560D10567ED87,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066067Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.979{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\fixheader.pyMD5=D2E14FD8CFCBB3571C86120136EBB14B,SHA256=EB44E716E76146E5DC479696F8E7E643AD5E5EE6FE1218455D8E870877F13526,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066066Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.979{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\fixdiv.pyMD5=5048DF3191F0B7DEEEB8A3F4C18F77F9,SHA256=6CCEF8F64A4C90E18E4324108CA1ABD2D2A55AF3D8F0583B0B6462FE37D2B66B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066065Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.979{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\fixcid.pyMD5=54D94B76CBC2834EA8A989690AED9915,SHA256=8523604115B767A6FE8D611A2FFE7BE1FDB52A20AE5A2E8B528387BC5342A16A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066064Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\find_recursionlimit.pyMD5=5A7D3D8172A7C3A0BF4773EBA360A278,SHA256=CA19E918F7E8B95C59E7CCB09CA0A8C628EC09F6DC5BC3866CB075C8581F9869,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066063Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\findnocoding.pyMD5=5AB440BD0FE219899BAAAED12775581C,SHA256=54F1AB412EC95DCDA481FADF9ADA9A89B51FF18704146285370D547880702CEF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066062Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\findlinksto.pyMD5=6A2DC8C1FBA949A8723B5416DB3837B7,SHA256=E865AA92CA793B780399BE00E012714E5B14343E826B465BD90078AB10F719C0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066061Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\finddiv.pyMD5=962F523C9592EE4DDBA23AD8963012DD,SHA256=7DCDA10645EA9A628DFF0DC7FDE1D367516CA35FB9EF95F24E07D35947F72A02,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066060Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\find-uname.pyMD5=5FF3C0F9665628E2F521CEBA680F88D1,SHA256=8EC49837B1402F7F8A1BFB794271A5C9950B9658CBF28CF95B871750A3B89E1E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066059Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.948{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\eptags.pyMD5=67CE4AF7BFDE7F05EA3DAA9465736754,SHA256=205AD90D4BCB6485043021D7D8489E472B8A3630375173D18603FCE206BA7226,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066058Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.948{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\dutree.pyMD5=DA3D9A692053FB9E1604214969E6239F,SHA256=7581C40D51443CDF7D5879AE71058B307B903F5824376742860355BA3C337E7F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066057Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.948{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\diff.pyMD5=CF9196859BF770A1116FE53EEF111B95,SHA256=3EFA83BF094E23C66DACB02ACE747DEA2D4CF1897E7B4622B15DD971F9B10F61,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066056Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.948{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\db2pickle.pyMD5=A2CE433031D92916BE3564FDAF81C405,SHA256=F34B5B76EB6F19FCEC617481B06005B41F2832A2F02E9AE0E4FAFBD808BFF320,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066055Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.948{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\crlf.pyMD5=AC878F7C5CF7EA3BFE91FCEAF4A292C0,SHA256=720C3E43FC94A7C5C893BB3F8B4DB1A661ADC8ECF6CE34C69580275A43D9B77D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066054Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.933{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\copytime.pyMD5=DDC5C76A8DC384778F740EB3DA1BF31F,SHA256=2A444873666B578F3F6C7C5040C955AEA2B85A288BF82237652DEE90E961ECDF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066053Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.933{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\combinerefs.pyMD5=521B35C148E93CE78894F9825F95E746,SHA256=3CB83D4770B44B25E0B29611E8ECD036C99FE2024556DFC5C3C7F9B37FC0949C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066052Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.933{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\cleanfuture.pyMD5=C99C43FE46523A826D0874EED57A56D9,SHA256=1CC188C0676E313628D12077E58BD101E96816C1E5D72E6BACFF19210BEC0FA7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066051Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.933{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\checkpip.pyMD5=A60FFF258F4361C69255C243393C9A00,SHA256=A208A514E64294D805044183BD81BD85529ABA98335477DA5084C03794A824A7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066050Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.933{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\byteyears.pyMD5=52690AE32756A26A2233DF604F27DD1F,SHA256=A9822F2122E5F01A0B30D25C52724D868F727B969B052E1C58B9C23CA5A88AF5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066049Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\byext.pyMD5=CF3B95C4E07B6A2A6E136BB097844880,SHA256=E10F6E661069F06E2A4D6573647AD01C37F0CFFF4CB532EF578A5475F2881629,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066048Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\analyze_dxp.pyMD5=5742A7FF247476862223B2C680A38C3C,SHA256=8BFFC817FD327FCC2284A2949418E3A594DF4278C2F4AE86B1C2C7C5A3EA6789,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066047Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\abitype.pyMD5=D54982AB0235899CEE26C47351947DB5,SHA256=C484FA57C47B5B21394B130E4AC38ED4B6956504C2F8FBA4099EA31934EB1D8A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066046Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\2to3.pyMD5=597A82964922012DA09B1DC0354C4B89,SHA256=E1BC0D296000011C2B460BEA2FCB759C48CE543A4747166A8F9318AE4D16BC18,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066045Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\pynche\__init__.pyMD5=3D02598F327C3159A8BE45FD28DAAC9B,SHA256=B36AE7DA13E8CAFA693B64B57C6AFC4511DA2F9BBC10D0AC03667FCA0F288214,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066044Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.901{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\pynche\X\xlicense.txt2022-01-17 14:25:14.000 23542300x800000000000000066043Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.901{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\pynche\X\xlicense.txtMD5=5BBE771289A5650BB4C40CCC0608E12E,SHA256=952303585658D59B9782C0CAC8A9D9C5B99DCA60D775526FC9052C4E83E6AE34,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066042Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.901{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\pynche\X\rgb.txt2022-01-17 14:25:14.000 23542300x800000000000000066041Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.901{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\pynche\X\rgb.txtMD5=DFB202B1A8640BC1F6F96EBA7A1CEC5A,SHA256=0595A246EEDA128A28176A671463635DC1EB3CB474A43184F2611A26635C9495,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066040Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.901{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\pynche\websafe.txt2022-01-17 14:25:14.000 23542300x800000000000000066039Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.901{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\pynche\websafe.txtMD5=73C3862D4D10C1218813E3864B02909A,SHA256=EC4A2514FF760192253D736E1F5C66FFEB0ED729723F07D79516FB06B8304EC0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066038Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.901{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\pynche\webcolors.txt2022-01-17 14:25:14.000 23542300x800000000000000066037Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.901{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\pynche\webcolors.txtMD5=2A5B3F427846B26805A99FCEB82C023F,SHA256=3CAC411FA6D2E9A34C0CC631321E64D42AC37884348ED35872BC9E609C673346,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066036Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.901{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\pynche\TypeinViewer.pyMD5=740C2A29B4BD39CBD02BA4F258D9538F,SHA256=04EB375D5908A6D5124DB9E7751EE3D638C7DD285B4DCB41A80F9C7DAE83D439,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066035Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.900{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\pynche\TextViewer.pyMD5=FD96C6D1F5EFDF1E849B2658CEF4CAAB,SHA256=8B4A65478C0067410FA585F0B36CF76EEB917C97FE4EC5A660AE1FA96D568C2E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066034Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.897{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\pynche\Switchboard.pyMD5=DFB8281D474372A1F8CC3353797B2632,SHA256=0812648FE91D6D07CDB027DE11B96ECE4C21A2C5DA983ED3F053C2735506671D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066033Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.879{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\pynche\StripViewer.pyMD5=5CC5EC9B4FFBBDE752A54725952C6F61,SHA256=36C0033B615C88939C7414341BDCF7E140472A1AD9CC1774C38390C6C0E4E7FE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066032Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.879{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\pynche\PyncheWidget.pyMD5=36D81047C4A1C761A69CF018CA54D397,SHA256=ADD34A0F846DF21A51AB219850B1581D18B6BD48CD75B957DF92356239C171CB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066031Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.879{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\pynche\pyColorChooser.pyMD5=61CC2E8DCDD01E668702B4DCE0E692DB,SHA256=88975548D1E14A6DBBEC3F560465C22E36082402BC9D6B08923E52BF521B7650,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066030Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.879{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\pynche\namedcolors.txt2022-01-17 14:25:14.000 23542300x800000000000000066029Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.879{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\pynche\namedcolors.txtMD5=82DFF2672115D101CD47A8FA9B6ABEDA,SHA256=505CCFD91DC952C3373672526E966DDCDCA9D5F2DFBF84B8C8ADB7BCD1AB8E76,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066028Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.863{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\pynche\Main.pyMD5=0456E03DC6164E266585EA861BB408E6,SHA256=6A6BCDC56CB11677B7381FD16E3CE6BB2BEF10515E78F0BCC11DF2DA2DAB24A8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066027Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.863{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\pynche\ListViewer.pyMD5=75A5D28D5EE5D2DCC353E6DB0BE3024F,SHA256=B8E3D53EE3626AE6E0B619D82880CBD685A5078C240F40ACFE620E0BABC92514,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066026Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.863{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\pynche\html40colors.txt2022-01-17 14:25:14.000 23542300x800000000000000066025Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.863{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\pynche\html40colors.txtMD5=C59992321103F651EF36AE69DA8C935D,SHA256=329E38F5346A97BC26FB5DAE94B8031C06880CDC86864033EA37A6AD8075CA0D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066024Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.863{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\pynche\DetailsViewer.pyMD5=D02AB3C0C94A010328E5E1AA3ECC243A,SHA256=7A866D7BC202E25D3CD7210854BA7196BBB9E7626BF40E1B4840CB31B4A37647,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066023Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\pynche\ColorDB.pyMD5=04E529B49299BD9B265FA2534487D957,SHA256=C8D070234724E3A6F705F7106F8F9990B9E94AF277DC879BDC37660ECB58A864,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066022Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\pynche\ChipViewer.pyMD5=8F1FF33914F719EECE8524D7E9947731,SHA256=4CA81C87C21A2990EBC096A47BA18B658B5884F2C6CFABE87F5E72CB46F56438,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066021Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\i18n\pygettext.pyMD5=11C4227C8A2037C04AC586AB45800DCE,SHA256=524A7D168B2B538E154FD85C2DE18B463B00F3B9AFFB9A08295AD029597EEBBA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066020Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\i18n\msgfmt.pyMD5=E98ECC873AB5E870AC78774127E7FEBC,SHA256=19949D663C3DF559E51A097C9B52B30F58E36669974B27A7EA04C0C2E26BCCA7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066019Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.832{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\i18n\makelocalealias.pyMD5=A3FA96E70031F387D445499D6EDE08B8,SHA256=9B2D05659F02E6D38E95A8FA7F76957DD67CDDCBE8BB9B7F93EBAA36035E52F3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066018Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.832{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\demo\vector.pyMD5=785EFD938612A1C159783833AA66B5AE,SHA256=D8E77D67357A76BD98D2C8A070B659D7E715B217EAF24E1A681673F1963A1042,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066017Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.832{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\demo\spreadsheet.pyMD5=8C2D50584CD6581EA49EBDADF55B1A72,SHA256=84524A691CD2B47A6DF9C3519FB071DFF595A53ED39232C4A6E42EE9A8AE2F56,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066016Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.832{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\demo\sortvisu.pyMD5=EF9F1F15DCC284A85016574B3659D9CC,SHA256=A62BD42CD5E37089D769E3D18E9E69CF7FE4862F0A836365F4EBD64458304DC2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066015Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.816{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\demo\rpythond.pyMD5=77164E04E313F698E50EA18BD51608C4,SHA256=C10A7048E84BB8654F3A508842093B8D6390E51027F2BE36FDA7DE75A4F394C6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066014Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.816{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\demo\rpython.pyMD5=CBAD9B55F19D50ADD2B97E8165F8E4E7,SHA256=90E0A7C3BC63BB764CB14CB468CAFC6409EF4162DC4F7A6B3F2498AD8396164D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066013Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.816{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\demo\redemo.pyMD5=45DA98041FAA46DDA18425E3F4B028AA,SHA256=252A4EF1EFE3537856344981E81E8903E616C6A9946DE727513C1AF9CBA86272,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066012Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.816{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\demo\queens.pyMD5=DF4389189B3099EC32101A741AFBF180,SHA256=FCF1412B3C3050A9486D03B014B84FF320DF7D8BE5A46FF2FA9923C52B8077B8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066011Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.816{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\demo\mcast.pyMD5=72EDD4C03BBFBE8568B930917850ED6F,SHA256=C35D3B1E84CCD4064E4A0DDA047FC3762816D287B623E3037E806B450960BE1A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066010Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.816{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\demo\markov.pyMD5=6F624BC877C47DB92AAB576D740A5DC3,SHA256=0AAE237CD8212B98487902FE6AA2925916929F249618C2ECD00DC712CCCEC4BE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066009Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.800{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\demo\life.pyMD5=8AE24D7C8FC1633F33D3F7D359D0E7C7,SHA256=B82004964B39A00C3AE498DED232D45CE75D29249A19FE5F10C8B4A5958FB1DC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066008Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.800{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\demo\hanoi.pyMD5=511ABD90044658F33DB7CD074D700C29,SHA256=4866C8EBC85E571D657869A3709EED471217E69A578532E18D50B18E1106D61D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066007Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.800{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\demo\eiffel.pyMD5=9318A1E1900B4135B1B6E59E369896BD,SHA256=4C8D71DFFAC6F9675FEF90E5CAC3F4A865ADA36CB80D80C1FAD05301A4EDAACB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066006Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.800{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\demo\beer.pyMD5=0495C08F2FDCC9D099AE3C67E56C0650,SHA256=F9263CA5D3EFB243A242584CD6A08DE81298C91F4FE9BE2333AD77ECA949E563,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066005Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\msgs\sv.msgMD5=1D085A672A6FCDECEF5D7D876E4C74A3,SHA256=A6821A13D34FB31F1827294B82C4BF9586BB255CA14F78C3ACE11181F42EF211,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066004Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.778{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\msgs\ru.msgMD5=803E0F9930828B103B03B55EDA173CB8,SHA256=8715E9927BA925AE8099EDF71A3D701FE396FC0E4DF039CEA7DC84120E101F47,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066003Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.778{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\msgs\pt.msgMD5=4018686F2A8E299D86BDB1478BC97896,SHA256=D687F71F0432BB0D02EFDF576E526D2C19D4136F76C41A3224A2F034168F3F34,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066002Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.778{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\msgs\pl.msgMD5=8CFA2E38822303FDCB55AE3277F0B81B,SHA256=EACEB1F08DE0863CCF726881E07FE5B135EA09646C5253E0CBF7DDB987EB0D92,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066001Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.762{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\msgs\nl.msgMD5=E56229BAC5A8ABB90C4DD8EE3F9FF9F8,SHA256=0914FBA42361227D14FA281E8A9CBF57C16200B4DA1E61CC3402EF0113A512C7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066000Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.762{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\msgs\it.msgMD5=B74C54666A5A431A782DB691B4CA3315,SHA256=806930F283FD097195C7850E3486B3815D1564529B4F8E5FA6D26F3175183BC1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065999Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.762{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\msgs\hu.msgMD5=4F1610E0C73DAE668E3F9D9235631152,SHA256=E063AD7CA93F37728A65E4CD7C0433950F22607D307949F6CB056446AFEAA4FE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065998Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.762{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\msgs\fr.msgMD5=E279E5FFF03E1B8E9063ABC8A499A6BD,SHA256=3F2CEB4A33695AB6B56E27F61A4C60C029935BB026497D99CB2C246BCB4A63C4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065997Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.762{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\msgs\es.msgMD5=4765F3C055742530E4644771EBC6C69F,SHA256=D2842B80F1B521EFF2D2656A69274B5F2A8F4F5831AF2E8EE73E3C37389F981F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065996Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.762{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\msgs\eo.msgMD5=E44F82EAF651D065CA1A2D5FA3C91C25,SHA256=37FC66686349A955935CB24B0BD524E91823D2A631E63D54FDF17733C7502CBE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065995Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.746{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\msgs\en_gb.msgMD5=3D41FC47CD9936F817EF9645D73A77ED,SHA256=01238293356E82F1D298896491F8B299BB7DC9C34F299C9E756254C736DA612B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065994Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.746{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\msgs\en.msgMD5=D48CFC9EC779085E8F6AAA7B1C40C89A,SHA256=4A33B44B2E220E28EAAE7FAC407CAFE43D97C270DA58FA5F3B699A1760BFB2A4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065993Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.746{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\msgs\el.msgMD5=780F863903BBDAA6C371EC0D3C7E6D59,SHA256=3F6F155864FE59A341BFD869735E54DD21CEE21BBD038433D9B271AD77BA3F7E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065992Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.746{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\msgs\de.msgMD5=2203F65BCDA61BC15AEAC4F868C6D94A,SHA256=C0F574B14068A049E93421C73873D750C98DE28B7B77AA42FE72CBE0270A4186,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065991Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.746{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\msgs\da.msgMD5=227B0F255F854460E8E5146ED7A17B85,SHA256=FEEF8F8AD33BB3362C845A25D6ED273C398051047D899B31790474614C7AFD2D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065990Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.746{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\msgs\cs.msgMD5=5A8B46B85DCCBF74E2B5B820E1A7B9D1,SHA256=4DFFBEEDBF0D66D84B13088016D1A782CEAAD4DED27BE1E38842F8969C0E533F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065989Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.731{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\images\tai-ku.gifMD5=048AFE69735F6974D2CA7384B879820C,SHA256=E538F8F4934CA6E1CE29416D292171F28E67DA6C72ED9D236BA42F37445EA41E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065988Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.731{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\images\pwrdLogo75.gifMD5=7013CFC23ED23BFF3BDA4952266FA7F4,SHA256=462A8FF8FD051A8100E8C6C086F497E4056ACE5B20B44791F4AAB964B010A448,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065987Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.731{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\images\pwrdLogo200.gifMD5=A5E4284D75C457F7A33587E7CE0D1D99,SHA256=BAD9116386343F4A4C394BDB87146E49F674F687D52BB847BD9E8198FDA382CC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065986Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.731{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\images\pwrdLogo175.gifMD5=DA5FB10F4215E9A1F4B162257972F9F3,SHA256=62866E95501C436B329A15432355743C6EFD64A37CFB65BCECE465AB63ECF240,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065985Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.731{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\images\pwrdLogo150.gifMD5=711F4E22670FC5798E4F84250C0D0EAA,SHA256=5FC25C30AEE76477F1C4E922931CC806823DF059525583FF5705705D9E913C1C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065984Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.731{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\images\pwrdLogo100.gifMD5=DBFAE61191B9FADD4041F4637963D84F,SHA256=BCC0E6458249433E8CBA6C58122B7C0EFA9557CBC8FB5F9392EED5D2579FC70B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065983Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.715{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\images\logoMed.gifMD5=BD12B645A9B0036A9C24298CD7A81E5A,SHA256=4D0BD3228AB4CC3E5159F4337BE969EC7B7334E265C99B7633E3DAF3C3FCFB62,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065982Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.715{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\images\logoLarge.gifMD5=45D9B00C4CF82CC53723B00D876B5E7E,SHA256=0F404764D07A6AE2EF9E1E0E8EAAC278B7D488D61CF1C084146F2F33B485F2ED,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065981Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.715{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\images\logo64.gifMD5=B226CC3DA70AAB2EBB8DFFD0C953933D,SHA256=138C240382304F350383B02ED56C69103A9431C0544EB1EC5DCD7DEC7A555DD9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065980Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.715{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\images\logo100.gifMD5=FF04B357B7AB0A8B573C10C6DA945D6A,SHA256=72F6B34D3C8F424FF0A290A793FCFBF34FD5630A916CD02E0A5DDA0144B5957F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065979Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.699{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\demos\nl.msgMD5=2A3F03436E81A089F229A21978CE29CD,SHA256=F527E0117FEB1C9ACA6D06DDA1226C201E6DEAF89EFCA171175D08E80A9712AB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065978Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.699{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\demos\images\tcllogo.gifMD5=FF04B357B7AB0A8B573C10C6DA945D6A,SHA256=72F6B34D3C8F424FF0A290A793FCFBF34FD5630A916CD02E0A5DDA0144B5957F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065977Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.699{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\demos\images\ouster.pngMD5=FE7DC3E7562C55EFDBC7B18DB0924D26,SHA256=A2FE354DFCB09B9EEB488128F4AC0B498766FAF4A8BECF65BBCD779BDB9C4C8F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065976Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.699{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\demos\images\earthris.gifMD5=4D10E3A9B9C5CC5AB490962AFA9BFE6C,SHA256=C2DA473E55D8317BD1F983638ADB729BFF1461DE590D76F99D8B3430C71E0F6E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065975Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\demos\images\earthmenu.pngMD5=D0312D9A617BA1214FD3EDCE5EC5DA53,SHA256=9BF8D96016039D7FDB2FFC506743724636A70ED5925199AAB64CA20820963BDE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065974Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.693{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\demos\images\earth.gifMD5=34D2114D2AC22DD7F97232D241402028,SHA256=88AF7AE24FD08D5EB144E938A4381D28638BC50D15C8E5F3E30CA73B0FBA961F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065973Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.677{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tk8.6\demos\en.msgMD5=C0793F9B6AB90A4D386C06686BA9321C,SHA256=3B3D80F5E884A94C27A97FD46DDF2947FEEDC7C960BBFA359BDEA6DDD1E0DF87,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000065972Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.677{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tix8.4.3\pref\WmDefault.txt2022-01-17 14:26:36.000 23542300x800000000000000065971Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.677{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tix8.4.3\pref\WmDefault.txtMD5=E659C759ECDF4B5728636E2F46E54686,SHA256=1800C8EC457FEAEF748762C8059251E5C8F160F004B7A83E1F9A50DA5B68E6B3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065970Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.677{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tix8.4.3\pref\WmDefault.pyMD5=5D362C110E1EA37EAADFBA38C5EA3F90,SHA256=3A639975EDD8A50C6D9AD0DC1FD50C2CB9213F1F8D2879BA661C6A9CE78B3DD3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065969Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.661{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tix8.4.3\pref\WmDefault.csMD5=6C7F253929ECF65E5DF10174403BF281,SHA256=638882F34BB3CAEEF3F0F1BD4997A123DE116AF0B16289E62A537E4E63F6827A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065968Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.661{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tix8.4.3\pref\TkWin.csMD5=A17308169037BC17C818C69D4C236621,SHA256=153F6332172525BE0EE58A80BF8515D400D0D829078CAA3E1FE3BDB7F6B5C389,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065967Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.661{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tix8.4.3\pref\TK.csMD5=6EF77893A5687E223EA0215B17B47963,SHA256=776AE50D94A64DF358AE46D8FA8C5EB493FDC664696167548A0311D0E897C6E9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065966Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.661{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tix8.4.3\pref\TixGray.csMD5=6273880E6FDB5256924103503E07799D,SHA256=BA5807E0AB2867B6E31FB2539B61C4F1253474A07767DCED095C806E61D2AA4C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065965Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.661{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tix8.4.3\pref\SGIGray.csMD5=1446E52BFFE7E1DB0399AFB123DC693A,SHA256=D875F29B4A7C0E462396C40BB9B5B2798D777D53E3DC51280C11222FF5B40E25,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065964Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.661{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tix8.4.3\pref\Gray.csMD5=C4CFD691E350F0876F798B7A5D20790E,SHA256=192DFA09F01124F8EEC3E46E2BA26BF5291F91B723C2515645DFB3C10859B307,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065963Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.661{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tix8.4.3\pref\Blue.csMD5=E51F1764F33B131B503870161A91B6F4,SHA256=38DC4760292C2C3182B893E48CDC028502BF97E8D12B8F62596F8296D6526595,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065962Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tix8.4.3\pref\Bisque.csMD5=646556640B596DBFD08279B95395F25B,SHA256=25A34D43AFDFF0DBB6EF04308AC0B97CC89343E4EE065ECB61C7D3369B83C589,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065961Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tix8.4.3\demos\bitmaps\tix.gifMD5=9586106E578A263CF24F4878B2F98851,SHA256=DB223D088B0B41EA77614EC7FBFCDE1132F68B2E1C3E40C7C1871A541DF625AC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065960Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tix8.4.3\bitmaps\warning.gifMD5=1DBC69E845CE84F1EA888039D8B1A221,SHA256=4855AE49469C2C9AA238564D41C57E75CCD4A391156B273A042096382CD3C732,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065959Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tix8.4.3\bitmaps\textfile.gifMD5=C8A03FA624FE52F2E23FF5F4CB4295B9,SHA256=3B53A7DA944E77D00EBB1B352ECE6B6E50572E0222678087B86BB163A3969150,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065958Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.630{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tix8.4.3\bitmaps\srcfile.gifMD5=483493CACB6AF1A40C9250A85B53CF76,SHA256=36CB7CCA5A262C77937B45B9ED3EAC3CACC85181C133C45913FAC7481221197D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065957Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.630{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tix8.4.3\bitmaps\plusarm.gifMD5=8FF1CEBD68CF66BCFBFD9079ACB500C2,SHA256=6FC4098826CA6E02ED0BE4060014861E494913E6684ABEC63B022D60C1C73011,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065956Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.630{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tix8.4.3\bitmaps\plus.gifMD5=ADDEB98686E49E94A69CAB92D54AABD6,SHA256=16EA40FED8C12BBF64B072BACF6B1C8CA80CE26E08FEE7860B98CC9CCE44FA64,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065955Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.630{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tix8.4.3\bitmaps\openfold.gifMD5=540B5E792E4A09B6AF2A4362FB2B78FB,SHA256=B1A7E8A341A1F795F0890116F68368FF4BB0F1E0CE73691719DC24E3927463AD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065954Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.630{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tix8.4.3\bitmaps\no_entry.gifMD5=F3489C18D9A2DE4A86BC2A10C70572C5,SHA256=5ACB672D97F4ADF4AE8D31B3968A1A17DFA66C35D74A1DA262F14C12615D3F56,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065953Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tix8.4.3\bitmaps\minusarm.gifMD5=9016B58AB81CEDC76DA7DC75A4E81950,SHA256=CFE867E18C427AA88D5E2404A01AA22D042212222E8304B25275A400E650D1D8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065952Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tix8.4.3\bitmaps\minus.gifMD5=529838106788B9FED77490AF8AA1052E,SHA256=401E41B99D8C8D2EAFA41571B8D321AA419A4CA7AB8136FBE1B0ADB86084D3A6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065951Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tix8.4.3\bitmaps\info.gifMD5=D158BF37409498D7C94EAFC092942FAF,SHA256=B007A8C582991388B12891A8B46445DE6809EF6D52AAA43BF8D946AC8F9F6D43,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065950Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tix8.4.3\bitmaps\folder.gifMD5=2975E8D3AAF99066CCEE1ADEB2622379,SHA256=4E03A2FE3CD8A5D64EB924D1561FF838F473C10C3D8D97FBDE6762F3A1B44611,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065949Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tix8.4.3\bitmaps\file.gifMD5=DA15E983B22BF485BFC7249B1E94F0E3,SHA256=1AD2FBC604EC60116849574BC4DC371F8CB5796E14571EA2684C8BAB99B4C467,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065948Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tix8.4.3\bitmaps\act_fold.gifMD5=D43A31BBB551890C7B2C98423519BB1F,SHA256=486A8B71C0F9241A5BFF2B275E8F011349076BF4FDD777ED1458EB050C0633BB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065947Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.594{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\zh_tw.msgMD5=9010E34791B5DDB7F1E0AD4DA6BD4623,SHA256=DBA0584B8E1925B439F06E0BF0965E97AFB7EB39E70E0E4C9B70769EBC5F996C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065946Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.576{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\zh_sg.msgMD5=3218F8E6BEDD534277DE0849C423158E,SHA256=500546B3211D454659D845B4AB9AEF226125100DF40407C49530DE17CDD4363F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065945Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.576{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\zh_hk.msgMD5=CFDA7B6463305FA15DBBA72D725A1876,SHA256=7E1C5BD9EC1A17BB851B0DCABD0DFA9FF9D64B89603D9D3FBEAAC609172346AE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065944Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.576{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\zh_cn.msgMD5=9FCDC2E80E13984D434E3CC91E1ED14C,SHA256=4C8A855700FEFE8EE21B08030FF4159D8011AE50353F063229C42DE6292475CF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065943Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.576{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\zh.msgMD5=2F356DE14D48B1091DEAA32D20C38D96,SHA256=EB247F5184A59414D3DF7E3ECA51F5998C248CFB27D2C02E62A7A30AB35197A7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065942Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\vi.msgMD5=C127F54C462917D3B3EEF5F29F612138,SHA256=E9B7AECD456F1D2288604C982B5DED0DCF71DCA968C0B0EAFF4CA16CC3B73EC2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065941Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\uk.msgMD5=323BD95809A44B0BADC71AD36E5F095B,SHA256=7093DA7E39CEB6D3F51EB6CF1CCA2D7F3680ED7B8FE4A5F0CECEEF6BEB21AC77,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065940Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\tr.msgMD5=017F0F989BD5DBBF25E7C797CE09C45C,SHA256=4B85B345D6C43F7257C6849A60A492397FD5FD9D82DF3A2252189D7A1ECCBB64,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065939Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\th.msgMD5=7F61E1EA256D78948189EF07119663CD,SHA256=48BEAF693BF5B6EED15234DB0D375B97E6D576A749E9048420C153E6CAFC0259,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065938Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\te_in.msgMD5=BCA040A356E7E8CC597EFB9B9065F8E1,SHA256=B110FEEDDA21ECCEFA624BEF8E1476E9F221FB253880AC370967AE4D0237CA7A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065937Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\te.msgMD5=61E4CB2AAD66285E9113071057F39C35,SHA256=9E96C7123100234A7018533764502985A208F2EB3314F5B6332D46016725A63F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065936Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\ta_in.msgMD5=CF078352DA0507C767F04E31D6C14296,SHA256=4978A193076DE56944236F7F1DCECACFF739536DFB3DBEFC1F7FE2B97A8AEAF4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065935Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\ta.msgMD5=85288236C3997302EA26D7403BBA2C15,SHA256=AEFDC4255890D5B3FFE5CEE1B457B7D711283C2287ABA644155C10956012F6C1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065934Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\sw.msgMD5=5774860C8AEECBD48F1502E616158CAB,SHA256=1DA068C9AA02EF14A2440758C6040D632D96044A20EC501DBB9E40D8592E0E7F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065933Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\sv.msgMD5=3B5C3FFA0829768470BDA1B46D882060,SHA256=483916B51BD7E071E88F9EC36AAF3E08FEA823991532F832DE491C6C40B55A9F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065932Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\sr.msgMD5=BF363AB60B57F6D8FDCDBFD230A28DDF,SHA256=FA00A7B22C9941F6C2B893F22B703DCB159CA2F2E4005FD6A74A632AEB786BFA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065931Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\sq.msgMD5=E606F620F03EC0FBDBE6551601299C5F,SHA256=1F4EFD78F6B45B65F73F09B2F52FC13C2A7C4138DCB7664804878D197B6EBDF9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065930Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\sl.msgMD5=CB76F54CBE0D1AAE8BA956B4C51CBD2A,SHA256=11A6264676DBED87E4F718075127E32E107854F35F141642454F484984084486,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065929Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.497{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\sk.msgMD5=24DA40901D907D35195CC1B3A675EBC7,SHA256=976813F6C53C9BEBBF976B0F560FD7FC5E4EC4C574D7E1CD31F9A4056765CB7A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065928Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.494{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\sh.msgMD5=E297221FA73BD78577B398BC7D061D21,SHA256=E65D6E5E837DF0A2DF0DB77BCE45334BBC27EFFF9023C37119E75D49932D9D6C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065927Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.476{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\ru_ua.msgMD5=DC98D88964650E302BE97FDB3B33326E,SHA256=13E4E79A0ED82034BADE0CFF8DEF5DE1222F6968108AD710662BDB7DAF36D7E1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065926Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.476{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\ru.msgMD5=9F1C8DD58550558977821FD500E7C0E0,SHA256=BB35BB6F07BAEF72C329EC3E95D6527A2736070EE2FFE5DE227E1FF0332390F8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065925Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.476{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\ro.msgMD5=F6575EC17966320106FF7ABDFB3186E2,SHA256=25ED6AC7A353E23B954B98611AE3B7E56BDCF2B0CB0DB358253CFB8BEBBB831C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065924Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.476{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\pt_br.msgMD5=A2626EA95C2480FEA68906AE6A1F6993,SHA256=320BE7D5B730091E6FA35F196314737261C8E154577DCF6AC8C2057D44394AD7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065923Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.476{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\pt.msgMD5=8F53B3571DD29E12BD33349CFA32F28F,SHA256=6F6EEEDDCF232BDCB952592A144810CED44A1CBB4BCC2C062D5F98D441505380,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065922Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.461{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\pl.msgMD5=79AB7C13AA3833A1DAEADDB1144CCE55,SHA256=61462C325DB0065352D8155307F949869862A86CAC67AD7BB6703F57A7FA2FF3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065921Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.461{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\nn.msgMD5=985E97517C2BF37719A618F575DF392C,SHA256=06FA2D6D8C59D0B8EAC2EDE5AB0DDB8B6E095D1A023B1966FCE3B65916FA14FB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065920Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.461{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\nl_be.msgMD5=3261F397ED0291368FF1881E7BA08ECE,SHA256=77A69DD60D171B321512B14794E75A66FF753410C007997B310790D86E09B057,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065919Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.461{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\nl.msgMD5=B9B949794203D204628D4DBEA29587AE,SHA256=9E2FE3851CF13EC79A9B10A09B01CEB0A26044AE0DC90A4E00BE57745E854C79,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065918Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.461{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\nb.msgMD5=42D02C3CAF28BE4994F27CEF5A183AB7,SHA256=534C5DACEF12F818FAF4ED806997A559F95D591F1B6236B0C30B07A107DD13F3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065917Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.461{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\mt.msgMD5=D8BBEC2F8935054E6081BB5E4AE8F7E3,SHA256=7DBC4E82D82FDE8CDF522FA10E082289D46B0C1A4A7D7A5FA83FF116677F052B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065916Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.461{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\ms_my.msgMD5=A02F11BE0DF920E63E7A3ACCE746E32D,SHA256=F5B859D8DD2A2B5F756E39B0DFEB26B95878D2F54BA3CE46C56F0F26CF2B554B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065915Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.445{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\ms.msgMD5=7E6A943B7D82404F61BDBD95682073CD,SHA256=970B2F3ECC04980FCC2F9531CA6CE2BF36BC12942CB614BF70313B4CB0508985,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065914Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.445{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\mr_in.msgMD5=67368E8A5715860BABD44E54A168192F,SHA256=B7B1D379355A1D278E13EF557A887A662E84FB6A9B62B8E19A27927926270EF9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065913Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.445{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\mr.msgMD5=07F99E0A05083B10F80A4D6867163B23,SHA256=AE873BF5484EACBBE179913D43451BE53378FA701B5D81594D052266B8A09AF0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065912Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.445{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\mk.msgMD5=888014F13A82511ABEF99497A753BFC3,SHA256=4C0EB07F0FCB36DD12A3F7EDD6531616611ABF62BF7705B5A37CC59098221D5D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065911Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.445{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\lv.msgMD5=554ED2CAFD25F5F82DA54AE057F4BA98,SHA256=7E90D2008B220DB19C796C7107AD69D263B8AC8C7BDDFB879230699D978E9A0A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065910Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.429{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\lt.msgMD5=D4EC2E96995E0EB263F338DD16CC4F8D,SHA256=855B652FCC8066BA45C7DC8DBFD3807D1B4759EA8D71C523567F47BF445D1DE6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065909Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.429{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\kw_gb.msgMD5=18E8576F63B978F1AFEF15AC57B44FBF,SHA256=EDAC14D929D1C6559EC46E9B460F8F44A189B78FB915F2D641104549CBD94188,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065908Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.429{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\kw.msgMD5=CCEC7B77DCA1F6A406311FC43EE57030,SHA256=EAB468AC5BF1833D4F8CD658789413D4A46CAD16B63FB9B906CFF6DC9EA26251,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065907Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.429{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\ko_kr.msgMD5=58CA45CE26AF8ECA729BA72898BB633D,SHA256=4CAC8FB43D290A63A4D3215F22228B358AB4FA174F08712DD6C5B64C5E485071,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065906Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.414{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\kok_in.msgMD5=0AA20289A63BA3A14DCFED75EED980DE,SHA256=644F2B6D4BA27AF14891B781DEF60F708A9F18FC2F73566649B631A6DEA3EF09,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065905Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.414{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\kok.msgMD5=67FA08F588A3B44D67E42EC1025013BC,SHA256=9D215E31A39FED45B3657144E5F73C942E59E500036CE16B1FFF201FD6358595,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065904Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.414{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\ko.msgMD5=CCB2C2254D3FA3025183DB7E010CAD66,SHA256=EF6FB319C398EEA79B3A951319F831F3B186D556565D17D738E5F9B4B77570F2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065903Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.414{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\kl_gl.msgMD5=255830678C8724E65C05A7E020E68B5B,SHA256=3027CFE9EBD2172CEFC15C025786CAD47A6E2894BF0474AFC1B0C341E70202AA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065902Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.414{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\kl.msgMD5=2F79804667D6F8C77BB188D59EF5F3DF,SHA256=96FF17F1CFF976E4E204D3616D1EFCED4D0F907C5E6A0F04B4536CB4AD1190C9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065901Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.414{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\ja.msgMD5=11FBE427747012444AEEAFD6134034A4,SHA256=2B6D15A191437F1B84FA7023E34153B61E6BF1DE1452EA921E9CCBBE5D4BEB1C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065900Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.398{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\it_ch.msgMD5=E4400C16406A46C2880250522BED2EDE,SHA256=24B5F303F5C7AF6F63FDC23ADB4D713087AE74B6D18C117D787AF03374C5F57E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065899Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.398{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\it.msgMD5=3354A6FC06C298E33AA14163929E56EB,SHA256=1D72170B9F9028A237364F7CD7EA8B48BD4770E61922205CE862300103B13DE5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065898Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.398{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\is.msgMD5=ACF0452D5BB6D36A40061D2B0AF4D7A6,SHA256=778BE3D6BFE2DFFB64FF1AFB9EC8351A3343B314CF93A68E8F7FD1073EE122BB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065897Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.360{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\id_id.msgMD5=FEB4D50576BF3E11A0A40FD29ABE35A7,SHA256=BA7FC0C0452D3E482DB6E19BDF512CACED639BA72B92ED8F66D80B52FEA11AC0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065896Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.360{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\id.msgMD5=191ACF2E8A8F10A1360B283D42886382,SHA256=41C0C3D3B4491E9B36E719466503EFCD325175CB7824C4A5055CB113D347BE0F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065895Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.360{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\hu.msgMD5=E398158EE1CD49CB5286D9642D4A61DD,SHA256=993475532F89E1EA7214ADB265294040862305612D680CFF01DD20615B731CCC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065894Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.345{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\hr.msgMD5=906963A3AD09EAC781B35C190B77484E,SHA256=105A9180BC5D23738183374FA0EA8DD80484BF3947E1432E515BDC2913C017D9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065893Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.345{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\hi_in.msgMD5=1C1E1484EA0286175FADCB90937C9F34,SHA256=5A3BF0DD61BFB5A2BF75E96B11E0E3528FFAB720A0BF1923853606F8CAF0E76D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065892Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.345{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190426-065655-00000003-ffffffff.binMD5=2B055C0A8E4EA938844BFC21AD768C43,SHA256=783D42B3858509881234E126156E7063413B02E2F310ABDC36BA4AD5F5C76D31,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065891Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.345{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\hi.msgMD5=4219A929E27308ADC04A9F368F063F38,SHA256=192F4A8E77E1627712F85533C9896EF6A040157C7BD56DF3A4A7FA56AD6746C2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065890Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.345{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\he.msgMD5=A0E60036EB17208A449AAFC3AAAE622C,SHA256=787DA79AF58872BF45AB09E3B6A920A4496B5BD8A4F3C7F010CF013EC2E8EFE0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065889Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.329{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\gv_gb.msgMD5=0B6BE614EF5F5F25A30D2D33701A9F94,SHA256=86CABF3B9360C0E686CC4CBEB843E971C28BC6D35210ED378B54EB58CC41F3D5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065888Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.313{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\gv.msgMD5=518FC3964D50854081FB79189A42D3E7,SHA256=404795F2C88D0038F9ED0B5120A251D26EDF8B236E1B1698BC71ACD4DC75AC45,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065887Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.313{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\gl_es.msgMD5=78B9163C5E8E5E7049CBF91D1A5889A4,SHA256=B5688CA07D713227B713655877710258CD503617E8DF79293A971649E3134F05,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065886Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.313{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\gl.msgMD5=A3D098C1A47E380F7C25233A52FBDE38,SHA256=34D61B49DBF9584893051FFB458D6DE9E7E2E7774AC0011F70C4DD4184EBA81C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065885Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.313{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\ga_ie.msgMD5=C27BD7F317AAADB380F4C38AE0D2FDA6,SHA256=3F9615C617D3CDBC1E127B3EFEE785B0CB5E92E17B7DABAC80DA2BEAF076362C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065884Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.298{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\ga.msgMD5=67D137E5D853DB61A4B4264871E793F7,SHA256=880806867ACABD9B39E3029A5ADD26B690CC5709082D43B0959EBA725EA07AB5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065883Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.298{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\fr_ch.msgMD5=83FC7EBA68C3727F7C13C8EEAF79823F,SHA256=290CA6EB74BAEAC4E2420D0755D148849F89EE87E37860F25CBB7B8AFA3EDCBC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065882Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.298{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\fr_ca.msgMD5=2F70BDDE7685E2892C5F79C632FC2F0F,SHA256=0624DF9A56723DDB89E59736C20A5837DEA2206A789EBE7EEF19AD287590CA45,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065881Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.298{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\fr_be.msgMD5=07EEADB8C2F2425FF9A27E46A81827A2,SHA256=AAD828BCBB512FBD9902DCDD3812247A74913CC574DEB07DA95A7BBE74B1FE48,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065880Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.298{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\fr.msgMD5=4D63B4A7CF13A28A6F6784B5597EEF43,SHA256=96B1E1E12CD13A56722EBF27D362C70B467342FA1282A40B89FB16B5105A0480,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065879Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.298{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\fo_fo.msgMD5=92E2B6483B2374817548F4EAA1731820,SHA256=C3DCCF5E5904C24D4AD9AAA36160A78F5397A7452510C0C0E61DE4DE863305CB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065878Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.260{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\fo.msgMD5=5D224E66FD9521CA4327D4F164CD6585,SHA256=2EC9B03469FA38B260915C93318F446EA5E12B9090BD441936B57552EBA1E3C9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065877Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.245{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\fi.msgMD5=CC06F0ABD8F985654DAD8256598EBCB7,SHA256=9929A6B7139BD7E0F29487F7888A83E4C4F5E9CE0352738CFCA94EE2DDF3BD6B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065876Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.245{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\fa_ir.msgMD5=9778A7C3ABD37ECBEC0BB9715E52FAF8,SHA256=3D9779C27E8960143D00961F6E82124120FD47B7F3CB82DB3DF21CDD9090C707,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065875Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.245{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\fa_in.msgMD5=C59EE7CA80AD9F612A21C8B6674A820E,SHA256=6B56545C1AE1DE53BC2389BB7AE59F115BADE24F907E384E079491DC77D6541D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065874Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.245{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\fa.msgMD5=7AB25F4E7E457469DC61A33176B3AA72,SHA256=86898728B275288693B200568DC927C3FF5B9050690876C4441A8339DAE06386,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065873Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.229{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\eu_es.msgMD5=4C91AA000D4316585893025CBB96E910,SHA256=D45CC432E5743E6CEC34E9A1E0F91A9D5C315CDA409E0826B51AD9D908479EB6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065872Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.229{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\eu.msgMD5=ED9805AF5BFB54EB28C6CB3975F86F5B,SHA256=6889B57D29B670C6CFB7B5A3F2F1749D12C802E8E9629014D06CE23C034C7EF1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065871Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.229{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\et.msgMD5=C8C5EF2FA6DD8DBD5BBD2699BE1A0BF6,SHA256=4BEE224C21B0483CFF39BE145C671AA20CB7872C8727FD918C0E8ECA2BBEB172,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065870Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.229{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\es_ve.msgMD5=184D6C4B9F0AA874DEB959F63F7CC01B,SHA256=91191517403C712299919F9C797F952502E33CB6961D1DBEE3A7C9E8D2B170B9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065869Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.213{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\es_uy.msgMD5=2DC550FEC3F477B1159B824479BCE707,SHA256=1291B58810739EA0651493DD7887F5EE3E14BDB806E06DD4BB8AE2520C742EDA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065868Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.213{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\es_sv.msgMD5=AF300EA6E733DC6820768EA16194B472,SHA256=26A38B3745C95673D21BABB987F1D41EE08DDA945C670F5432BA0CE6F893C0E9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065867Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.198{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\es_py.msgMD5=9CD6FAC4121E3D287C87157142E32845,SHA256=70263F7EB22822DFEE8849B7AC4418ED9331275A71E77236B59226396505CDFF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065866Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.198{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\es_pr.msgMD5=CE811BB8D12C7E6D53338759CCFB0A22,SHA256=F790E8E48DC079DCD7DEB58170561006A31294F7E4ACBF9CF2ABFA3DB9E3FA9E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065865Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.196{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\es_pe.msgMD5=5A5997D834DDD3E2E8FF8C6956AD54AC,SHA256=90C130B66958CF63CB3DDD2C633E58444357DBAB44C56831DD794CBD2EB1AED0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065864Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.192{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\es_pa.msgMD5=571F6716293442672521F70854A5AD05,SHA256=EBB661C1C09E7D4F6FBCC4B2DAD0F41442B1FFDD27F003ABDC0375DD316E57D7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065863Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.176{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\es_ni.msgMD5=471C41907CE5DB1F30C647A789870F78,SHA256=6250663DA1378E54BEDCEF206583D212BC0D61D04D070495238D33715BB20CAE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065862Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.160{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\es_mx.msgMD5=678D7A6DC32355246BF3AC485A24AF4D,SHA256=A0F57137D2C0ABDC933E03CFB188F5632176C195CEADB9DC80D469C8DC6CEDC6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065861Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.160{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\es_hn.msgMD5=33CEE7F947A484B076F5FA7871A30FEB,SHA256=07873D4D59BB41000706A844859C73D26B1FF794058AA83CFFCA804981A24038,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065860Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.160{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\es_gt.msgMD5=761D0A468DF2EE75BC2CAB09D5FF38CD,SHA256=19B4D3025156C060A16328370A3FDB9F141298DECFC8F97BE606F6438FECE2EE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065859Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.145{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\es_ec.msgMD5=94B713B1560FE7711EA746F1CEBD37CD,SHA256=52AB5A6C9DD4F130A75C049B3AF8F54B84071FC190374BCCF5FA0E1F3B91EB21,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065858Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.145{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\es_do.msgMD5=76CFD4F568EA799F9A4082865633FF97,SHA256=8DC2F857E91912ED46A94EB6B37DD6170EA7BCDDCD41CB85C0926A74EE12FCC1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065857Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.145{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\es_cr.msgMD5=2EDDA3F61BA4D049E6C871D88322CF72,SHA256=A33DC22330D087B8567670B4915C334FF1741EE03F05D616CC801ECFDA1D9E64,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065856Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.145{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\es_co.msgMD5=6A8F31AE734DCEE4845454408CDB3BC5,SHA256=5FAC53ACFB305C055AFD0BA824742A78CB506046B26DAC21C73F0BB60C2B889A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065855Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.130{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\es_cl.msgMD5=42BCE0EE3A3F9E9782E5DE72C989903A,SHA256=9D1A2A6EBA673C6F6D964DBCDDF228CB64978F282E70E494B60D74E16A1DB9CB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065854Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.130{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\es_bo.msgMD5=EF58B1097A3C6F2133BD7AA8CCC1AD1B,SHA256=B47F55539DB6F64304DEA080D6F9A39165F1B9D4704DCBA4C182DBD3AA31A11B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065853Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.130{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\es_ar.msgMD5=313966A7E4F50BB77996FDE45E342CA9,SHA256=B97DCEA4FEC3E14632B1511D8C4F9E5A157D97B4EBBC7C6EE100C3558CB2947F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065852Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.130{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\es.msgMD5=91DE6EE8E1A251EF73CC74BFB0216CAC,SHA256=E9A6FE8CCE7C808487DA505176984D02F7D644425934CEDB10B521FE1E796202,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065851Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.113{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\eo.msgMD5=D87605E6282713EED41D56D53B7A04FD,SHA256=98D52CAB5CA65789D1DC37949B65BAF0272AB87BCCBB4D4982C3AF380D5406AB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065850Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.113{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\en_zw.msgMD5=A302091F490344B7A79C9463480AD7CF,SHA256=6F4754CE29DFA4F0E7957923249151CE8277395D1AF9F102D61B185F85899E4E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065849Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.113{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\en_za.msgMD5=FCA7B13CA6C9527D396A95BEA94CC92D,SHA256=67C253E2A187AA814809418E5B7A21F3A1F9FB5073458A59D80290F58C6C1EB4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065848Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.113{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\en_sg.msgMD5=F70245D73BE985091459ADF74B089EBC,SHA256=D565679AE9AACBFE3B5273FE29BD46F46FFBB63C837D7925C11356D267F5FF82,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065847Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.098{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\en_ph.msgMD5=E2E3BD806C20D7FB88109B7F3B84C072,SHA256=3A9C22B07906544C04F7A29B800FCE87C09D7FDF5C251236925115CF251A3890,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065846Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.098{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\en_nz.msgMD5=7E81708F107658FFD31C3BFBF704A488,SHA256=EC305B7CB393421E6826D8F4FEA749D3902EBA53BFA488F2B463412F4070B9ED,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065845Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.098{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\en_in.msgMD5=1A54E506E70B2125C6016B373D3DD074,SHA256=ADEA3A1AB8AA84237DDB2F276ABDB96DCB4C51932E920D1A5E336904E1138664,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065844Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.097{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\en_ie.msgMD5=57F0BBE1316D14BC41D0858902A7980A,SHA256=9E0DCEE86A03B7BDD831E0008868A9B874C506315BF01DF3982AD3813FD3BA8E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065843Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.094{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\en_hk.msgMD5=DE2A484508615D7C1377522AFF03E16C,SHA256=563450A38DB6C6A1911BC04F4F55B816910B3E768B1465A69F9B3BD27292DBEE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065842Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.077{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\en_gb.msgMD5=52E55DE8C489265064A01CEEC823DCDD,SHA256=C2CE5B74F9E9C190B21C5DF4106303B7B794481228FB9A57065B9C822A1059C3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065841Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.077{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\en_ca.msgMD5=BFC4A48F5B10D137A4D32B440C47D3C6,SHA256=3CF2D0937FD95264549CF5C768B898F01D4875A3EB4A85D457D758BC11DFEC6E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065840Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.061{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\en_bw.msgMD5=4CBF90CE15ECCB6B695AA78D7D659454,SHA256=EC48F18995D46F82B1CC71EA285174505A50E3BA2017BCCE2D807149B7543FD0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065839Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.061{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\en_be.msgMD5=DDA87ACED97F9F7771788A1A0A1E4433,SHA256=BC87754A253C1036E423FA553DA182DBC56F62A13EDA811D8CD9E8AFA40404A6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065838Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.061{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\en_au.msgMD5=5B31AD8AC0000B01C4BD04BF6FC4784C,SHA256=705C66C14B6DE682EC7408EABDBA0800C626629E64458971BC8A4CBD3D5DB111,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065837Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.061{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\el.msgMD5=7DD14B1F4FF532DCAF6D4C6F0DF82E9A,SHA256=8B23E0E2F0F319BB9A2DFDCCDC565FF79A62FA85094811189B6BC41594232B6B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065836Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.046{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\de_be.msgMD5=C351057D8E5328C0790901D1F4DBEC9F,SHA256=532845CD15EC821C1939D000C648694A64E8CA8F0C14BAD5D79682CF991481CE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065835Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.046{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\de_at.msgMD5=A6227CD4F7434952D093F1F3C64B4378,SHA256=1C02D14140196623297F858E2EEF00B4159E1C6FAFE044EC65A48C9C24D46540,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065834Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.030{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\de.msgMD5=EE3963A5F7E29C05C9617BE3FD897114,SHA256=4C27733502066E8391654D1D372F92BF0484C5A3821E121AE8AA5B99378C99AE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065833Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.030{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\da.msgMD5=27A6A8BE8903AEF9D0BE956906A89583,SHA256=0D422A991BCA13FE9033118691CFEDAB0F372222EBB0BC92BAF8E914EE816B84,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065832Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.030{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\cs.msgMD5=F32EAD82CC26754C5A8E092873A28DB3,SHA256=AFEA12A16A6FA750EA610245133B90F178BA714848F89AEC37429A3E7B06BE1A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065831Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.015{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\ca.msgMD5=72DDD60C907DD235BCE4AB0A5AEE902C,SHA256=3BE295DCC8FCDC767FED0C68E3867359C18E7E57D7DB6C07236B5BC572AD328E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065830Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.015{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\bn_in.msgMD5=B91BB2ABC23B90962D2070B9588F2AB5,SHA256=B3D8A4632290B0F3DA690E47C1FDF06A8B9E171A96E938AFDB0DD52CF806CE54,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065829Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:01.015{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\bn.msgMD5=5D25E7FC65824AC987535FEA14A4045C,SHA256=890EA6521DEB1B3C3913CCD92562F6360E064DAEE2E2B0356A6DD97A46264A1F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065828Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.999{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\bg.msgMD5=E5225D6478C60E2502D18698BB917677,SHA256=CFE4E44A3A751F113847667EC9EA741E762BBDE0D4284822CB337DF0F92C1ACA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000065827Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:00.999{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\tcl\tcl8.6\msgs\be.msgMD5=6334BDDFC1E0EAE4DBB2C90F85818FD8,SHA256=A636A82C7D00CCDC0AF2496043FFA320F17B0D48A1232708810D3BB1453E881E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000031937Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:01.061{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D5E94AC6D72E377F902A5BF81DA35659,SHA256=3A0EB1DA5AEDA7C62A7AE0FE8C3E8D8E5DD7D25E122527395EC075C004320205,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066119Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.233{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\drop_advance.7zMD5=9FDFA979C47980CC0C43991EC712D24C,SHA256=5154485B742929742B3834E88B7BDA2080C1D53FCC21D168506324199F98B44C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066118Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.233{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\discord.pngMD5=06F1E4B72D5C75616255AA9150AB6E78,SHA256=BF86F03C67EBA1426BFC2AAB3C2F8FF5A93340C8D7E4B3DEAB6F8F3F7E208EA5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066117Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.218{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\923eb77b3c9e11d6c56052318c119c1a22d11ab71675e6b95d05eeb73d1accd6.zipMD5=8FF2AD8FBB804ADCBCA5AA80C31ADDCF,SHA256=4D659F103A13F7424C7CF62F42E11817EFBD20248A70B8BC9B5174C1A6724153,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066116Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.218{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\win_add2path.pyMD5=6791A1829259F50EEBE2F7833E3EE429,SHA256=7344CB0ADC1B4EF3E31150D2BF3BC49B685FCA505680FF6E0BACB50CE06C8E04,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066115Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.202{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190515-052640-00000003-ffffffff.binMD5=B6FD976FDCC009E11078C166BB74412C,SHA256=816F3CB03EE79FF3F2978293092DB29B414031DBF1FB89024D55E95C379FAAAB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066114Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.134{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\which.pyMD5=8A9BA67701A3EDB06FCA35155A3751E1,SHA256=9782D12275A4181CB8E57EEFF77E99034E90C07924308D651B76754AD239A3F1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066113Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.118{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\var_access_benchmark.pyMD5=5DB4015F6C2ADE6FC030561EF1612DF6,SHA256=AE871A6B3D635E816CEA3C8502A1828BB4C2B2DA8C92A044CF96D28109BB4857,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066112Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.118{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\update_file.pyMD5=5F50C07DC46263E4992BFE36B1BCCAE1,SHA256=787412C8F14C45BB3BBA1FFB91E03ED8E15E202B3A05E9AE316BEE9E67A72BF2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066111Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.118{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\untabify.pyMD5=F51308884538F46BD8182BB0D9A0D1AA,SHA256=A0E9354E920CD9A5FF208D15756D83D42A1D916202BE22382B289DB93A1E47A3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066110Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.118{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\texi2html.pyMD5=416F37C0DD1120E642A8423268DE3CE8,SHA256=8B5E7F13C42D1375BF8611AA71E92A089E35B2C94E01FF31AB49AA0B3C478E38,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066109Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.118{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\suff.pyMD5=33C223D95ECD5B8A68E857E80CEE2A32,SHA256=59A678E381B61C4C74FAE5424D8D482B43562DA94B7DD1CE16AC769F8C0D6C52,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066108Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.103{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\stable_abi.pyMD5=90D58A472939930CF302612239AF4BAB,SHA256=F65933BA66E01BE4BB2D263BF142F128F421E18B86D7F9F2777DBAC3CEC37849,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066107Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.103{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\smelly.pyMD5=00BCDD4A072240A5A9D25DA8DE4C7517,SHA256=3C0194F376623E6287684865F5EF0288C81CE72A8E690B7DAAD2DC3E828DB46C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066106Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.103{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\serve.pyMD5=FDBA2E244CFABE58F104DE7575DA919F,SHA256=D1992B927EA65A021B8E90F618E10A6EBDA6C9A446D5B045FE7C913B334C3524,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066105Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.103{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\run_tests.pyMD5=B71B067F01AC78C3B453FC1448C7E6CE,SHA256=D3DD05732D6298F41557C7A2605A6314C393045B6FEBB67389E6929B0FBA9D98,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066104Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.101{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\rgrep.pyMD5=152843710520260C35A4F7A4FC3B78A7,SHA256=D7354E56BE5E7B75D1D92678D243977DA31BA107813D8031A085E307BE7DA07D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066103Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.099{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\reindent.pyMD5=A612CFEEB4461592C8AEEA4AB713883A,SHA256=BF6AF5E3116EBB61B49B5DF44F24302A76376667D7E2658A8575886EC9971F87,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066102Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.080{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\reindent-rst.pyMD5=DCDA01175885EBE1257772C1782F3C43,SHA256=B9F624B9893045D12688A6CBE6248FB2E1CE03B2206490D5F4BFB6D12F0C25CE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066101Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.080{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\pysource.pyMD5=223DB68EE8672E24B5BE0C6A86174DA7,SHA256=978BAF0838714581E8F093257C52E5F8DC32CD2BBF0056DA13502EDDAB74AA01,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066100Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.080{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\pydoc3.pyMD5=5EDAC5FDDE928E4C6E7119B8F05DFDBC,SHA256=DE76AC9D4C72E00FF3EED11C583AA7D07394A65948B3CF65DA045D73CE3567E4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066099Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.080{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\ptags.pyMD5=9DD4117A259FE3FE7F6A94FFFC6E1428,SHA256=3931A6E0252A1011E03C30C80F0E009B0F37AC65EDC9A24511DDFFF815C52D26,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066098Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.080{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190426-073728-00000003-ffffffff.binMD5=C2E91E3E4256BB685BEB23905BA29B2F,SHA256=A9F874362945FC925394738D3CD40F6D7299BA76CBBAFDE3AACD72C50F18F50D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066097Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.080{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\pindent.pyMD5=AEDB61A52CA541C157023EE315D6D09F,SHA256=08C83FD5E904226090D1DB5EB94DBCE27CAE171B4403B3031ADA404381A9FEE9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066096Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.080{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\pickle2db.pyMD5=72CD30B1FADA08D830C003E3AD664F3D,SHA256=1CA6D83C45F60AE5ED8D127713C7D08743AA997AD1BF79002053C2154746CDEE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066095Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.068{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\pep384_macrocheck.pyMD5=2C01A80BC1CDBF51D73BF6C497AA67F5,SHA256=B9D25D94DC0D4E97683AE9B74DB9FC1EA8D64E5DBFD3A0D9F57DE37D04C49F8E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066094Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.068{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\pdeps.pyMD5=7A2D2F9B3F4F996011634411380BD2E0,SHA256=8AF893745DD1FDFF4FA70888AC4F032AAFF221D2CE2796358B13809E72E9EED1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066093Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.068{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\pathfix.pyMD5=4A4666E953403731E94E307A729001EA,SHA256=3FBA71933C59C0FD8E99F8543A49EFD9392191F1AE12820D0921DEA7895FCD46,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066092Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.068{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\patchcheck.pyMD5=CD843AB4785EC8EF81EBBEAC053726FA,SHA256=4B0D59771D7F55B33F892F0EFA0B1579926F04B106EDAE8DCC2CFEB8A18973AF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066091Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.052{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\parse_html5_entities.pyMD5=1C209E8FF29EB315507C7395967D339A,SHA256=383A15696DE403CB0C070AAC61C5691ABACA55A5D5E165CD9BC657BB4F73BC3A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066090Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.052{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\parseentities.pyMD5=81911348B02FB0D032092FE0089BF4B6,SHA256=D269BF9C52D74BD320D1AD3D4A4C3FC3EAE6296593FF188A0FBBDEFC209D2C24,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066089Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.052{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\objgraph.pyMD5=A722F00F0A274512070375BD01027382,SHA256=8FC0657D4E5CBB0C4CBDC1C93CF1F26AB7C24172D2C2A116AF9CB2619C3D0D4A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066088Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.052{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\nm2def.pyMD5=5E0FFE1DB1797A3ECDD300654B098ED0,SHA256=35FA0FB105E5D175D436322B62A396E91825BDBE1233603596BC2315FF0DB494,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066087Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.052{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\ndiff.pyMD5=D51000825C7B4D6C8F2181D86880723E,SHA256=50CD2C9C6C154E1C6538617E6C9861A7AA6072FD7064B560350B2D8967AEE2EB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066086Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.052{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\mkreal.pyMD5=FBB8337472A1652EC97AF0FAF6E58D40,SHA256=E2E661D54FF87822B2C59303F6486EC9D675DF8143748519D7E4A2827709A683,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066085Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.033{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\md5sum.pyMD5=7075CB720D1C165B0B5A141C8C821779,SHA256=D0E263EA219A265F6B3B53DDE2553CFAB624C7E2FB2351CDC946846CB42B3885,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066084Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.033{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\make_ctype.pyMD5=1619F3B62405B93D1E0371DA57259A0C,SHA256=93643E9FD550555F38064F348BDB5F9A9563E16916E455A3C8ACFE244EB15BA9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066083Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.033{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\mailerdaemon.pyMD5=DBF4DBE23247E52B6E0484B7AFDA82CF,SHA256=D09AA6F10004460378316C84F4DFA8AC33A0751107923E07CFBA8AC61962EC9D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066082Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.033{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\lll.pyMD5=0EE717388DEB378CB9921CB095421BC0,SHA256=C77E5EF1FF4BFC6E4249B4613DAE7F8949125FB2B3F87116CE377E422C29591E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066081Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.033{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\linktree.pyMD5=636C1B9927F509CB0D4A4EC392318824,SHA256=B25B1AC9F2A516B5866346872E5A4D217A06F325E6E16DDB72887C534A1ABE86,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066080Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.033{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B9029E85161AED6017358BF12FE4AD4,SHA256=468277BE94F216E38F82CED2F27C96A6935F7DF5D14501A0C2C387CCDF07CDFF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066079Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.019{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\lfcr.pyMD5=3320885F615F415CFE71DE3107F02543,SHA256=EF57FF2DFEFB4282A2BA7A979A4505A18DAE002E584CFA2A9C62664CBE3AC4C8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066078Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.019{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\import_diagnostics.pyMD5=8B4BB8EB69EF42227374443FB8EB33E7,SHA256=24A356BDFCB0C905F2427517BABB2A465610A89C1C479B69E1FF79E9B06EFD1F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066077Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.019{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\ifdef.pyMD5=16A579B4895F5B82896B12F3B2E4DAD3,SHA256=0FB5E0CFBFCCADA7F1B08FAE3E2EA79638E49EF74281F53C2B2F6BA16C50501B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066076Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.019{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\highlight.pyMD5=8CF90A6AF1CADAD66FC675C838AFF7EF,SHA256=F88BB9AB982CF8227A87B3462CED4E3CF88F2605561662E16EB28157F9688BF9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066075Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.002{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\gprof2html.pyMD5=9C067F834B1FAECBC4B320649ACBAB0F,SHA256=ADE720F651DB56CE98C3E1C0D9D6BE1C484D15B86CB6C09E4C784B4CC97C96A4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066074Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.002{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\google.pyMD5=EC95269D770C03717F884FDA4CD9BDD5,SHA256=EA93692A7820D06663A9D28E294294C2241BCE7AE9BD3BEFF5E870A4A6B0507F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066073Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.002{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\get-remote-certificate.pyMD5=979C44DD2CE1033D87E30217A447C5E0,SHA256=269C99848A8F4312032A34CEC3BD6E3E9394F52E9A9BFE297FA31A53F4F4BCB8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066072Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.002{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\generate_token.pyMD5=CD2FFC766F9783F8B87F734BED32A6AA,SHA256=F20C50FE42D3604932603133A6DF8A730F291AE99A22E54C34255D6CAFD86CA5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066071Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.002{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\generate_stdlib_module_names.pyMD5=261466D59F7FE784AA49339761490451,SHA256=E438366A2987FD07A5F55FB5A1BC84783158B56D4AED4DB83017E0A627C61AC3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066070Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.000{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Python310\Tools\scripts\generate_opcode_h.pyMD5=B15D06EF262DA573E6FA5D2C99FD55FB,SHA256=FFCE9AF952E1A57CC09DDDB175299F9A5B1CB664B34FDF7C00F9532367377F01,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000031940Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:00.871{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51391-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031939Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:02.389{CE7C8936-1A7C-61E9-1200-000000002202}1000NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=5DA812E80EF1AB926E767E902DEA8C85,SHA256=90CF33646F9C30FAF3C1D279563F56CC784973A3AEEFC8811F2B727214121DFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031938Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:02.077{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FFA039699CE77E6FB4475F5116F05E10,SHA256=16CD83F7FAAA9796F2E66B7F160FE73E1F28983AA54978EF200E04AEA1EDC9F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031941Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:03.092{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8E621AA873D46AD946C88655FA0BB51,SHA256=6DEC97D76CAA4A2F745728EE6C150492B4B43640368CF5CF7F3E18DB2CA34F2B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000066120Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:02.373{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52453-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000031945Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:04.108{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1400-000000002202}1084C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031944Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:04.108{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1400-000000002202}1084C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031943Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:04.108{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1400-000000002202}1084C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000031942Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:04.092{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A755083E3E233A20F6A1439A11CDE297,SHA256=652ECFDA54B7086F918BBAC34640209C02EBCA3D19F06BE234AF142FC6DD4287,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031946Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:05.108{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=092704C3DB393834CD37D0852A1FA402,SHA256=4A567585B0950202E25FEC0C74C8D792A56AAC5763860277E4AFBB0154206D2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031947Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:06.123{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2CE3DB18EEB2E03E763F1DBC0C4C845E,SHA256=D12BA0382693850482DD6547F148D5C1348876275019A952647C1C74A4250A67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031948Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:07.139{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32C9BF33295D7FFF23296BB270349985,SHA256=345B5ED43E9BC4880E4E3B2ED544A9213B2AF335A8C19692EE54AEAED99EE160,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000066121Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:07.419{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52454-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000031950Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:05.980{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51392-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031949Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:08.143{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20E5D7EE9C09125418C9FC660EA74CFD,SHA256=62B908F24E646FA4247F351AAFA74D4FFDC814CBAE906C2C14FD14541681A01B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066156Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.987{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\ie4uinit-UserConfig.logMD5=03462F0F6849A5B68E43A3C7C2B5FCB5,SHA256=569C24888B3C0C0C3C2EAE6B588D73175999F5E6B613B7BCAA41C6932CA26277,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066155Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.987{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.logMD5=D885C1E21F14454B3C114C563C25552B,SHA256=4CEE3DE935DC98335DB6989060434D2DB82E7EE4B6CD6C92D62FD6CF9F0804C7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066154Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.972{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\brndlog.txt2022-01-20 07:06:15.774 23542300x800000000000000066153Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.972{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\brndlog.txtMD5=7B71028297221A9362B905B8C8196BF2,SHA256=CD9C362C22A53B696A86AB4F9EB7C52D509EC45CD0A9A4F931D13208DE3DC6B6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066152Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.972{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\brndlog.bakMD5=9902BAEDC06FA4A8681E696EE6C73C06,SHA256=D0628FA63102EE74053BC6EFDD297AED794848F5DC300DAA7E391F4CF04E8511,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066151Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.972{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\IconCache.dbMD5=59CA59779DFBBB08526929D435AA631C,SHA256=3EE3D3E272CE33D9B15E953DF834FB0E803F40F4385524F560ACD4D188A532C7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066150Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.972{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Ec2Wallpaper_Info.jpgMD5=F5CFFCBB40AD26EBC7C955517470142D,SHA256=A901143992C9C2B3369E05077484E5CA91A44B1DB837DAD386377D3EB846BA47,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066149Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.956{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Ec2Wallpaper.jpgMD5=49150F7BFD879FE03A2F7D148A2514DE,SHA256=1B4913688521EC480A8BFCAE930D028A52E9555380F198A608DC660A64187456,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066148Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.956{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\terraform_59354277.cmd2022-01-20 07:54:59.282 13241300x800000000000000031961Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-SetValue2022-01-20 10:39:09.987{CE7C8936-1A7C-61E9-0B00-000000002202}604C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x800000000000000031960Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-SetValue2022-01-20 10:39:09.987{CE7C8936-1A7C-61E9-0B00-000000002202}604C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x008231c5) 13241300x800000000000000031959Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-SetValue2022-01-20 10:39:09.987{CE7C8936-1A7C-61E9-0B00-000000002202}604C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d80de1-0x93038cf6) 13241300x800000000000000031958Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-SetValue2022-01-20 10:39:09.987{CE7C8936-1A7C-61E9-0B00-000000002202}604C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d80de9-0xf4c7f4f6) 13241300x800000000000000031957Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-SetValue2022-01-20 10:39:09.987{CE7C8936-1A7C-61E9-0B00-000000002202}604C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d80df2-0x568c5cf6) 13241300x800000000000000031956Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-SetValue2022-01-20 10:39:09.987{CE7C8936-1A7C-61E9-0B00-000000002202}604C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x800000000000000031955Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-SetValue2022-01-20 10:39:09.987{CE7C8936-1A7C-61E9-0B00-000000002202}604C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x008231c5) 13241300x800000000000000031954Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-SetValue2022-01-20 10:39:09.987{CE7C8936-1A7C-61E9-0B00-000000002202}604C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d80de1-0x93038cf6) 13241300x800000000000000031953Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-SetValue2022-01-20 10:39:09.987{CE7C8936-1A7C-61E9-0B00-000000002202}604C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d80de9-0xf4c7f4f6) 13241300x800000000000000031952Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-SetValue2022-01-20 10:39:09.987{CE7C8936-1A7C-61E9-0B00-000000002202}604C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d80df2-0x568c5cf6) 23542300x800000000000000031951Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:09.159{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5FBE2A016344FF55682A94490BE50287,SHA256=FC263DFA34B27B3E1C9F15460C1F047B9A7B5ED8CF75F740E6D362C5AF338716,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066147Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.940{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\terraform_59354277.cmdMD5=F3B25701FE362EC84616A93A45CE9998,SHA256=B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066146Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.940{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\stage2-dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78.zipMD5=B7A141C0AC0BD59206D3E46AC2C5686C,SHA256=523514881422431F342C6767705FB86B9373F29A5734614D251F97B591954A7E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066145Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.925{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\stage1-a196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92.zipMD5=678BB3622AC9B4C2FDC6EAF3CE94A370,SHA256=94DB56A8DBF5198D4DE8E739F742E60A273D358B6EA9D88C671800DE9AC2EA2F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066144Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.925{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\sleep.pngMD5=C328ACB0214711BDC0F5C954C621D58B,SHA256=504532C4237921B15AF75C9605F451BBEED9D93F211E97BFCE1EBF2AF2AE6289,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066143Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.925{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\sen.ascMD5=BDDF2C103D8AE2BE96306DA8C4CBDB37,SHA256=B43FE521AE693AE1AEF13D74A36BCDD3D5C1CBC705B21D44436F515A9032BB9B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066142Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.925{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\reverse.pyMD5=2B603A4903557428BFFEFC727AB5B620,SHA256=88C86C5F73267CD420BA93BC0F38D471BAC75DF07D3705B41C09AE6B0DC0E7AB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066141Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.909{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\register.txt2019-01-23 02:57:35.000 23542300x800000000000000066140Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.909{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\register.txtMD5=E7C774F9E8BA15C88841DE7CACF38D09,SHA256=DA2FDC72065DFADCA127F6EB4C0DAF2DF9C6816976A4D2217C161A40EAB97D76,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066139Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.909{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\notes.pngMD5=E665943DC0E2A5B1BA0204BE056F009A,SHA256=0E86FF2FC726FC0E57F905FB8AF03E5926467EA43F78D31A7429C87DD8979BD5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066138Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.909{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\Nmddfrqqrbyjeygggda.vbs2022-01-20 10:11:06.276 23542300x800000000000000066137Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.909{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\Nmddfrqqrbyjeygggda.vbsMD5=6EED4EE0CC57126E9A096AB9905F471C,SHA256=DB5A204A34969F60FE4A653F51D64EEE024DBF018EDEA334E8B3DF780EDA846F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066136Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.909{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\mbr.pngMD5=62A18D209C0C3D51C33C8AB41CC246DE,SHA256=267BD239E574DDA2353DB967D3E053B8C28D61146C345A2EB55D084C141D57AC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066135Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.909{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\loader.ps1.bakMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066134Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.907{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\loader.ps12022-01-20 10:28:38.594 23542300x800000000000000066133Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.907{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\loader.ps1MD5=BADBF64868359C0F02C1E3102424DB15,SHA256=74263CAA8FA05410384AC19CEBC0B7C465E3AFB5B92CD522129B40DCD02B9D53,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066132Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.905{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1AF22B679F66BD1964ADBD3CA712A7A,SHA256=F206057943D8B70C2E0CF9C33FFB92220617C15BFACE77AA5E892C47028B95CF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066131Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.904{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\installutil.jpegMD5=EBE192BED4B2A650FE5964785C294E96,SHA256=7FA8B36B605F41430A7907B3E6373DEDD4C86838F645D9E1B076E407684A4591,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066130Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.887{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\hiew_ru.txt2019-01-23 02:57:35.000 23542300x800000000000000066129Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.887{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\hiew_ru.txtMD5=AD0B7168BFB5B0D1D7FA96ADE9E7C864,SHA256=2A6460E80CABFE1BFD9E0931D75C619E96880492D8F85729DC5DA3A66BCD3CC1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066128Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.887{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\hiew_en.txt2019-01-23 02:57:35.000 23542300x800000000000000066127Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.887{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\hiew_en.txtMD5=87DC71876FEC11960E413DF519AB132E,SHA256=96BEFFC54B71B2CC9BB591706CC8E04E8A783632BB7A3B60033AC2ED55157F02,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066126Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.871{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\hiew32demo.zipMD5=ECCB2A8B0EEFE0F031EB0605EC2BD32D,SHA256=83EBE21621646C416E2138882579EC52D3B9AF4294FD94DFE80995A54BDA924E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066125Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.871{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\hiew32demo.ascMD5=FE8E563232C85A1E2C3B11C89AD993EE,SHA256=6F8EBBABDC35001CF22645A4DEF4CAB3F4C0BBA02EC97D36DBE7B06A176A3720,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066124Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.871{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D9FB75E6CACE2AE74D3A3EDD50108B1,SHA256=FAD641A5993B4E0350817529F6F472A99F47BED4A454DFF9A95411DC459A0841,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066123Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.871{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190515-052747-00000003-ffffffff.binMD5=0E5B06D6A27FCF7BD55808023165A3FD,SHA256=70DA70777F4C73152F6E521F32C26E5963E6642042982DA504729E68FA809ADC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066122Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:09.871{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Temp\hiew.xltMD5=C9E8BA2654642553BB388A8146D1DF5E,SHA256=B671949910BFD59A0D38067BA31FE6477D86BC0911049DFC93C4C80C71F6779D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066195Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.972{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\SettingSync\metastore\edbtmp.logMD5=59071590099D21DD439896592338BF95,SHA256=07854D2FEF297A06BA81685E660C332DE36D5D18D546927D30DAAD6D7FDA1541,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000066194Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.957{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb00001.logMD5=E9E8EB2C6B86F1E877C2F04C1E31E3FD,SHA256=666D5292FD14BB370DEDEEAD8AD7A01111BC4681AD11E9B5D7E0F429696B9690,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066193Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.941{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.logMD5=226338E3C4E47D1DD13E346231B53AAC,SHA256=DAD5D452E8CCE79150D0597C524B99AAB151C5EC50A5D5AF16DDE2E8D46D801B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066192Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.925{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190515-061831-00000003-ffffffff.binMD5=C13F5D83FF48B48C026C17A02E7CCD2C,SHA256=AE9B53B1F6BF7BB4EF40A0C8B022C1F3295C1100AAAC4938A2B0FC8BFE50AF89,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066191Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.910{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190515-060550-00000003-ffffffff.binMD5=D977B19A0DDC491453685957CF6C9121,SHA256=DF45F1F4BA25420FA5C20EAAAA6A2AA20431598A4C25536C36483A5F3E63283F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066190Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.872{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190515-060323-00000003-ffffffff.binMD5=34A9D2CDF6920DCB6B1D477039C0CCBB,SHA256=6E0F9075C404E20BE41C07A8B5245965296517D00EF87A416BB84F5DB4CD303A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066189Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.857{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190515-055334-00000003-ffffffff.binMD5=6B8DF05F002E63E02E8E56CA2844B36D,SHA256=3589FD0D42DBF0DF03A43D63B32FDDAC7F950C8222C1CF84DD2A7BC3B7E746B0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066188Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.857{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\SchCache\win-dc-tcontreras-attack-range-53.attackrange.local.schMD5=3B3531A335298119AD90D9B9BEB810AF,SHA256=77996876B4230A7DFCE13A77C0AA2E3B969AFA2A4562FD8583B6DDE3742EB2AD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066187Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.388{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190515-053315-00000003-ffffffff.binMD5=814DA99BD837E9FF811771F4D3789549,SHA256=743F1F9A4F8E4FFD8608D94AA902B4E450449C95F05A52639B4847FC55B7E586,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066186Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.341{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\History\desktop.iniMD5=941682911C20B2DABECB20476F91C98A,SHA256=3FEF99E07B0455F88A5BB59E83329D0BFCEBE078D907985D0ABF70BE26B9B89A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066185Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.326{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide_alternate.dbMD5=DB7C049E5E4E336D76D5A744C28C54C8,SHA256=E8830E7AC4088CF3DD464CAEC33A0035D966A7DE5AE4EFC3580D59A41916FF7B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066184Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.310{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide.dbMD5=5F243BF7CC0A348B6D31460A91173E71,SHA256=1B1AED169F2ACFAE4CF230701BDA91229CB582FF2CE29A413C5B8FE3B890D289,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066183Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.310{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.dbMD5=379523B9F5D5B954E719B664846DBF8F,SHA256=3C9002CAEDF0C007134A7E632C72588945A4892B6D7AD3977224A6A5A7457BF4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066182Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.310{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_exif.dbMD5=FC94FE7BD3975E75CEFAD79F5908F7B3,SHA256=EE1ED3B49720B22D5FDA63D3C46D62A96CA8838C76AB2D2F580B1E7745521AA5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066181Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.308{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_custom_stream.dbMD5=F732BF1006B6529CFFBA2B9F50C4B07F,SHA256=77739084A27CB320F208AC1927D3D9C3CAC42748DBDF6229684EF18352D95067,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066180Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.288{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_768.dbMD5=D192F7C343602D02E3E020807707006E,SHA256=BB4D233C90BDBEE6EF83E40BFF1149EA884EFA790B3BEF496164DF6F90297C48,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066179Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.288{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_2560.dbMD5=2D84AD5CFDF57BD4E3656BCFD9A864EA,SHA256=D241584A3FD4A91976FAFD5EC427E88F6E60998954DEC39E388AF88316AF3552,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066178Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.288{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C3E007110E67E4BB669D3F779F605FF,SHA256=6639FDD0FFAA27BB43B466579985CF53318DFE35A0C5CCCEFE2A310F6B1A0492,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066177Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.272{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1920.dbMD5=635E15CB045FF4CF0E6A31C827225767,SHA256=67219E5AD98A31E8FA8593323CD2024C1CA54D65985D895E8830AE356C7BDF1D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066176Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.257{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1280.dbMD5=2DD3F3C33E7100EC0D4DBBCA9774B044,SHA256=5A00CC998E0D0285B729964AFD20618CBAECFA7791FECDB843B535491A83AE21,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066175Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.257{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\NotifyIcon\Microsoft.Explorer.Notification.{7CB105BC-92A8-31C3-D89E-45B3703D5E84}.pngMD5=885B0817F832A0AE59AD23CEF72A85E0,SHA256=4514BAE0500660460FDE87BFD313C9F19FD3ADE78E8C8D170E4FB53C320C020E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066174Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.257{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.dbMD5=DB7C049E5E4E336D76D5A744C28C54C8,SHA256=E8830E7AC4088CF3DD464CAEC33A0035D966A7DE5AE4EFC3580D59A41916FF7B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066173Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.257{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.dbMD5=5F243BF7CC0A348B6D31460A91173E71,SHA256=1B1AED169F2ACFAE4CF230701BDA91229CB582FF2CE29A413C5B8FE3B890D289,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066172Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.241{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.dbMD5=379523B9F5D5B954E719B664846DBF8F,SHA256=3C9002CAEDF0C007134A7E632C72588945A4892B6D7AD3977224A6A5A7457BF4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066171Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.241{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.dbMD5=FC94FE7BD3975E75CEFAD79F5908F7B3,SHA256=EE1ED3B49720B22D5FDA63D3C46D62A96CA8838C76AB2D2F580B1E7745521AA5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066170Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.241{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.dbMD5=F732BF1006B6529CFFBA2B9F50C4B07F,SHA256=77739084A27CB320F208AC1927D3D9C3CAC42748DBDF6229684EF18352D95067,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066169Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.226{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.dbMD5=2A8875D2AF46255DB8324AAD9687D0B7,SHA256=54097CCCAE0CFCE5608466BA5A5CA2A3DFEAC536964EEC532540F3B837F5A7C7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066168Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.226{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.dbMD5=D192F7C343602D02E3E020807707006E,SHA256=BB4D233C90BDBEE6EF83E40BFF1149EA884EFA790B3BEF496164DF6F90297C48,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066167Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.210{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.dbMD5=2D84AD5CFDF57BD4E3656BCFD9A864EA,SHA256=D241584A3FD4A91976FAFD5EC427E88F6E60998954DEC39E388AF88316AF3552,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066166Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.206{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.dbMD5=635E15CB045FF4CF0E6A31C827225767,SHA256=67219E5AD98A31E8FA8593323CD2024C1CA54D65985D895E8830AE356C7BDF1D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066165Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.187{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.dbMD5=2DD3F3C33E7100EC0D4DBBCA9774B044,SHA256=5A00CC998E0D0285B729964AFD20618CBAECFA7791FECDB843B535491A83AE21,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066164Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.187{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000005.dbMD5=88A58035AF9612D7569A626B225390CD,SHA256=BBD78081A3A912A79FEAFBEE927BD71CF03EAE779B8539DC71CC03AD7B28DAF1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066163Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.187{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000004.dbMD5=F6EB7486D8E522C14F09AABB4D14989D,SHA256=B64185DF6119B1E2EE635CF00BEB8773ED02A915ECB9215A716AE70FC495469B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066162Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.072{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000001d.dbMD5=B18D0F2A2CD76ABC3F3094698F0E9F69,SHA256=72519282617AC8857893A8DCA2D3A8EF813C744F9C8224E01F7624E406115E93,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066161Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.056{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Caches\{0BDE7B0F-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.dbMD5=F3DC4461F59519C68ABD86B979EA9762,SHA256=5896967D61C1C716C98511DCFC267A12749D330E5DEB35ECCB4690DFA756C964,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066160Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.056{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Caches\cversions.3.dbMD5=F6DC75A8C2AC4E3867A89EB105537DFB,SHA256=288C58791E45792A433BFC4D53D37B7FC61D704C33C8D7458A883985A98CCDDF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066159Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.040{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Caches\cversions.1.dbMD5=F7F3CF1A795BDD51C759B68A5E3AB113,SHA256=AAA5132A52363B0AC83C50564B5D325968C7A4E810C60EBB63D05C224858B81B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066158Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.040{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.iniMD5=E0FD7E6B4853592AC9AC73DF9D83783F,SHA256=FEEA416E5E5C8AA81416B81FB25132D1C18B010B02663A253338DBDFB066E122,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066157Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:10.025{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.iniMD5=8F91870452433A5555C9D453F714698C,SHA256=1D9DCD07E5FA1748DA3E7E4D57ECA2E88A4C42E4F2CEAD9192E94325C32C2E4F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000031962Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:10.174{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A0794455415911C8672781E7675D90E1,SHA256=A0AC5D90C369BEA8148A7D6DC2B14E36D42E515758A8BE90699373E65EA87BDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031963Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:11.190{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7BBF30A1F100CBAB037FBD3A95560C02,SHA256=B5A13C0B17A0DD5BF1B6DC1347D4E1262E3E25196948092E35DA39BE9ED752C8,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000066328Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.889{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\2\Nmddfrqqrbyjeygggda.vbs2022-01-20 10:38:28.699 23542300x800000000000000066327Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.889{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\2\Nmddfrqqrbyjeygggda.vbsMD5=6EED4EE0CC57126E9A096AB9905F471C,SHA256=DB5A204A34969F60FE4A653F51D64EEE024DBF018EDEA334E8B3DF780EDA846F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066326Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.873{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\2\chocolatey\Python 3.10.2 (64-bit)_20220120092718_010_path_AllUsers.logMD5=8205F5733A84362F2D10D9BC43C25DF5,SHA256=4069C8A990C46108420574543C66C7494DB35A55D9B483D984E2667F73BFF4D2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066325Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.873{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\2\chocolatey\Python 3.10.2 (64-bit)_20220120092718_009_pip_AllUsers.logMD5=A880645885FB9574C66CC1A89FEEB576,SHA256=33E15066FC2C971A0E4D9A9086A522B0F8AEC753C3303C0D7DDA39EE12796D51,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066324Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.873{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\2\chocolatey\Python 3.10.2 (64-bit)_20220120092718_008_launcher_AllUsers.logMD5=6A6E514EB538F0B4D48EEA79B7EA5F0D,SHA256=574337D259494A49A2F3AB52CBCFE741197A2410CA1BD74A1EFDEA5AF88E460A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066323Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.873{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\2\chocolatey\Python 3.10.2 (64-bit)_20220120092718_007_tcltk_AllUsers.logMD5=0BCEE4679496D10D1ECC93E030A9A5F0,SHA256=127D3B09C2A9930FA8BDFE778F4DDD2CFEABCA8AF3C7CDEF37F377577A251433,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066322Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.842{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\2\chocolatey\Python 3.10.2 (64-bit)_20220120092718_006_tools_AllUsers.logMD5=56CA7CE3C633AC9AD2292452CCADBB8A,SHA256=4F5E149120123E2FEDB296DFD47B46BAD2DD910AB6FCFEB972EC1899C193B24F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066321Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\2\chocolatey\Python 3.10.2 (64-bit)_20220120092718_005_doc_AllUsers.logMD5=42D6551EED52FAB4C3609E1920EF1D0D,SHA256=93087B12535737730FD90F34E293559F6B8BD9925AF065DD198D8A2D0E9EB6CA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066320Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\2\chocolatey\Python 3.10.2 (64-bit)_20220120092718_004_test_AllUsers.logMD5=9729D7195C60EF4FA63A3DFDD2637058,SHA256=44A5D087F68D24DEF5AD78D1F1DEDC46931779EA198C68CF712CE531A6B15A3B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066319Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.810{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190612-052851-00000003-ffffffff.binMD5=EC571EC036C07EDF8C78C554FD88EF0E,SHA256=EC75656CC06AF3590EDFDF3CF6BBB9772D4F15A97B47DAAF06C25880F90DA653,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066318Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.790{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\2\chocolatey\Python 3.10.2 (64-bit)_20220120092718_003_lib_AllUsers.logMD5=E45DFC6E701F2BF718A2185945030BE0,SHA256=AF99CC8D897BEE96640F7A1227364252F27C1178A7383F2A658B160FC4EE4F0E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066317Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.772{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\2\chocolatey\Python 3.10.2 (64-bit)_20220120092718_002_exe_AllUsers.logMD5=6A1A54A88D780F5E2521EB2D8F4474C9,SHA256=06AA192584B4B17A0EF4B30807B9C8203496E84E2DC409B4216B31A7A739AC56,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066316Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.772{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\2\chocolatey\Python 3.10.2 (64-bit)_20220120092718_001_dev_AllUsers.logMD5=5AC885ECD19CBB7E94B035744E1C2C81,SHA256=531CC0B7312AC84642E4976B2E97281FFE8DF6BBE52B3EA324893E23CEF4547F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066315Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.757{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\2\chocolatey\Python 3.10.2 (64-bit)_20220120092718_000_core_AllUsers.logMD5=DD35AEB72D979B39A7ADE45013DD6A1D,SHA256=E569ED89744C580316C1320946A2BE947022145141C092B054170E797A0A8AEE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066314Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.757{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\2\chocolatey\Python 3.10.2 (64-bit)_20220120092718.logMD5=0BDE8656F338580B3DF4B0DE7FDABC25,SHA256=5839631D07F27E09B3BCCB655E855DCA0BB44BF4D27B2095229E033535001BB6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066313Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.741{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\2\chocolatey\dd_vcredist_x86_20220120092659_001_vcRuntimeAdditional_x86.logMD5=6C1340B2C8BEE6478066CDCC73B5DAA6,SHA256=3A4948C6220995587BB1420B1AC8F074C48000EC8FEE30788E170FA4BD3AFED7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066312Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.741{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\2\chocolatey\dd_vcredist_x86_20220120092659_000_vcRuntimeMinimum_x86.logMD5=13D14D5D7BE93402DDB8A45C6D606F0C,SHA256=3BFBED540925A8750F78CEB982C68949D102B91831C171EE3C4E1E00B8D3BA16,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066311Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.741{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\2\chocolatey\dd_vcredist_x86_20220120092659.logMD5=876C4BD23DBC3F56FA02CFBD0FFECA44,SHA256=B488F8D405C3624D9A8ED8B52906BD400F53DE777540DC8CE494474F55F31D7B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066310Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.725{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\2\chocolatey\dd_vcredist_amd64_20220120092714.logMD5=D2084B82488F41CAC3AE4B432313BD2E,SHA256=6FF843D13D07C3548DA3E46F7A1507966D0D401888D123778592DF67F5E7BD1F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066309Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.725{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\2\chocolatey\dd_vcredist_amd64_20220120092708_001_vcRuntimeAdditional_x64.logMD5=A151445B14BAECDC76CC262426018B06,SHA256=7D42CE7F3B3108109C8D61B6FB51B8A0D36A976D58BC06ED7B3F9CACEE769401,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066308Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.725{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\2\chocolatey\dd_vcredist_amd64_20220120092708_000_vcRuntimeMinimum_x64.logMD5=0EF312177B1076B5AFC52B0EEDA1E070,SHA256=567DF2A81675F5B7A96323F2063FA3849C3B6FE48294A9348944AAADF3F54A3F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066307Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.710{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\2\chocolatey\dd_vcredist_amd64_20220120092708.logMD5=198E717F207B54D87662CA24CE76F012,SHA256=2E76AD877469D5A33DB8F0AA84398124200973E1CC2B144A29F4ED6BA0210665,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066306Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.672{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache132871403937060878.txt2022-01-20 08:19:53.873 23542300x800000000000000066305Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.672{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache132871403937060878.txtMD5=A149A13ADC9937B6ABA6D7AEB93F1981,SHA256=BFBD519C2E42669FD37D7699B42032DABF47B3C15840C34228AA10C33ECC15CC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066304Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.672{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache132871403923462086.txt2022-01-20 08:19:52.936 23542300x800000000000000066303Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.672{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache132871403923462086.txtMD5=A149A13ADC9937B6ABA6D7AEB93F1981,SHA256=BFBD519C2E42669FD37D7699B42032DABF47B3C15840C34228AA10C33ECC15CC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066302Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.672{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{41993376-ea99-43be-b48b-13a4d5208e6a}\settingssynonyms.txt2016-04-15 08:09:56.000 23542300x800000000000000066301Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.672{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{41993376-ea99-43be-b48b-13a4d5208e6a}\settingssynonyms.txtMD5=9239D33BCC9C55C4D97DCAE64A7E2F5B,SHA256=D147C9B76ACC226324DEF206D680C3368109018BE254FD1399C8E2ED2C3D77E8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066300Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.672{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{41993376-ea99-43be-b48b-13a4d5208e6a}\settingsglobals.txt2016-04-15 08:09:04.000 23542300x800000000000000066299Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.672{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{41993376-ea99-43be-b48b-13a4d5208e6a}\settingsglobals.txtMD5=D2D6B108ED635B192276F2E13160BB9F,SHA256=598A2674BE811C1256B0E18311CE5CBA2A542D0965FF4A0AC96173CE78A4C575,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066298Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.657{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{41993376-ea99-43be-b48b-13a4d5208e6a}\settingsconversions.txt2016-04-13 08:55:02.000 23542300x800000000000000066297Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.657{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{41993376-ea99-43be-b48b-13a4d5208e6a}\settingsconversions.txtMD5=F21F68AB0FD9BF5B4255EDDDE72BE816,SHA256=9034FBD5F370A37A2E43CAE5D482B84D3ED9B6C62C6DDBC4BEE25B0526AD25EE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066296Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.657{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{41993376-ea99-43be-b48b-13a4d5208e6a}\Appssynonyms.txt2016-04-15 08:09:24.000 23542300x800000000000000066295Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.657{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{41993376-ea99-43be-b48b-13a4d5208e6a}\Appssynonyms.txtMD5=4A4658A648F21416925BB525D5992E6A,SHA256=8E2A2C7B133DCE77D3A45B3D64AF1E5F2D25228B42F3BB813A9FBE90B346E97F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066294Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.641{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{41993376-ea99-43be-b48b-13a4d5208e6a}\appsglobals.txt2016-04-15 08:09:02.000 23542300x800000000000000066293Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.641{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{41993376-ea99-43be-b48b-13a4d5208e6a}\appsglobals.txtMD5=5925E930562DA940101DE785C1CBC5B3,SHA256=B6C3C8B85CECB5743E5A62C706152F83606B5690F0926B5CC16D29CBFE3ED39B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066292Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.641{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{41993376-ea99-43be-b48b-13a4d5208e6a}\appsconversions.txt2016-04-13 08:55:02.000 23542300x800000000000000066291Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.641{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{41993376-ea99-43be-b48b-13a4d5208e6a}\appsconversions.txtMD5=F21F68AB0FD9BF5B4255EDDDE72BE816,SHA256=9034FBD5F370A37A2E43CAE5D482B84D3ED9B6C62C6DDBC4BEE25B0526AD25EE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066290Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.641{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF580182A9BA15AC87D5B751F6F201B3,SHA256=99FEE5776B1537E940221AF56F6441E34E3222D05925CE7B61854DA2BC007A74,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066289Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.626{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f3544599-0664-4565-a9b5-a8727b3e50b9}\0.2.filtertrie.intermediate.txt2022-01-20 08:19:53.983 23542300x800000000000000066288Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.626{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f3544599-0664-4565-a9b5-a8727b3e50b9}\0.2.filtertrie.intermediate.txtMD5=C204E9FAAF8565AD333828BEFF2D786E,SHA256=D65B6A3BF11A27A1CED1F7E98082246E40CF01289FD47FE4A5ED46C221F2F73F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066287Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.626{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f3544599-0664-4565-a9b5-a8727b3e50b9}\0.1.filtertrie.intermediate.txt2022-01-20 08:19:53.983 23542300x800000000000000066286Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.626{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f3544599-0664-4565-a9b5-a8727b3e50b9}\0.1.filtertrie.intermediate.txtMD5=34BD1DFB9F72CF4F86E6DF6DA0A9E49A,SHA256=8E1E6A3D56796A245D0C7B0849548932FEE803BBDB03F6E289495830E017F14C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066285Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.626{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f3544599-0664-4565-a9b5-a8727b3e50b9}\0.0.filtertrie.intermediate.txt2022-01-20 08:19:53.983 23542300x800000000000000066284Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.626{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f3544599-0664-4565-a9b5-a8727b3e50b9}\0.0.filtertrie.intermediate.txtMD5=122B07D8DACDFD2D756CC54E39C34DFA,SHA256=2445FC0FCED0FF1D819517967FDF940D93F65A07CD772BC1AE72AAC7CF312404,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066283Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.626{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{5cb50cf0-57a7-498f-bacd-33bea22fbe61}\0.2.filtertrie.intermediate.txt2022-01-20 08:19:53.186 23542300x800000000000000066282Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.610{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{5cb50cf0-57a7-498f-bacd-33bea22fbe61}\0.2.filtertrie.intermediate.txtMD5=C204E9FAAF8565AD333828BEFF2D786E,SHA256=D65B6A3BF11A27A1CED1F7E98082246E40CF01289FD47FE4A5ED46C221F2F73F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066281Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.610{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{5cb50cf0-57a7-498f-bacd-33bea22fbe61}\0.1.filtertrie.intermediate.txt2022-01-20 08:19:53.186 23542300x800000000000000066280Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.610{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{5cb50cf0-57a7-498f-bacd-33bea22fbe61}\0.1.filtertrie.intermediate.txtMD5=34BD1DFB9F72CF4F86E6DF6DA0A9E49A,SHA256=8E1E6A3D56796A245D0C7B0849548932FEE803BBDB03F6E289495830E017F14C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066279Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.610{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{5cb50cf0-57a7-498f-bacd-33bea22fbe61}\0.0.filtertrie.intermediate.txt2022-01-20 08:19:53.170 23542300x800000000000000066278Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.610{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{5cb50cf0-57a7-498f-bacd-33bea22fbe61}\0.0.filtertrie.intermediate.txtMD5=122B07D8DACDFD2D756CC54E39C34DFA,SHA256=2445FC0FCED0FF1D819517967FDF940D93F65A07CD772BC1AE72AAC7CF312404,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066277Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.610{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Temp\StructuredQuery.logMD5=8ABB08032AB2FB020E8A0C839681E7C7,SHA256=312490D07D2AB77E94838D6082F1BDA74D79C64B2EAA406A52E0C405AD1114E7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066276Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.607{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\2\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_COOBE_CortanaIcon[1].pngMD5=A98EF91236D0A680740A3C0F10937087,SHA256=660FDBEDE1BFFF4F5F322F2DD862445A2BE9101828A32013843E5F6E0320D804,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066275Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.588{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\2\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_COOBE_COOBE[1].htmlMD5=CDD4A14258DC43D22C37F1E721AEC245,SHA256=0D9E19723D9ED66DD13CB8657808963130BAD94249F03228CCC68BB32FC360C5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066274Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.588{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_9[1].txt2022-01-20 08:19:51.967 23542300x800000000000000066273Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.588{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_9[1].txtMD5=F98851A644D901C32D1152CF001C2A30,SHA256=8A450F4631B7F451F470B7E7EF723A872C962749001C75AB1E9A01FC2765766A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066272Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.588{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_8[1].txt2022-01-20 08:19:51.967 23542300x800000000000000066271Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.588{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_8[1].txtMD5=5B7A3FBF6CE7627737B7AE8F7F73AF2B,SHA256=E5C8A584A8EF5082455DF1B7D986CDF9160F0A5AFA0EC6FD360EAAB9A1A8C5C1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066270Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.572{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_7[1].txt2022-01-20 08:19:51.951 23542300x800000000000000066269Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.572{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_7[1].txtMD5=FF638505C57813F0F9115CB2F853BC07,SHA256=18695997D547308B565AA0D9AC8FDF8981966A47AF431DCC943BCC882AB6ECB7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066268Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.572{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_6[1].txt2022-01-20 08:19:51.951 23542300x800000000000000066267Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.572{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_6[1].txtMD5=E68A5D04BF606560BDC326154A025956,SHA256=C32FBB255C914DA8336038933E799C5FEC8D50A0661B78DAB9E312131E7B7637,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066266Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.572{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_5[1].txt2022-01-20 08:19:51.936 23542300x800000000000000066265Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.572{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_5[1].txtMD5=10D7D30E23DBC108EC78C03F9E741566,SHA256=99355DBE0DDE1F5390AF8BA6FEB736E85B00C13E8D08B560DFE2D7EC5465E8C3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066264Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.572{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_4[1].txt2022-01-20 08:19:51.936 23542300x800000000000000066263Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.572{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_4[1].txtMD5=D20D4B52F55421E4F0EE293FA394F274,SHA256=6594DB803F6BEAC699E3B4FE1BFFF9F1A6C8B7D1CB43A9A92A7D6979EE62B9ED,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066262Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.572{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_3[1].txt2022-01-20 08:19:51.936 23542300x800000000000000066261Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.572{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_3[1].txtMD5=766B33AB225A94D22C45803D32D1D2C4,SHA256=8BF750226E7E4720AFCD86820D0752946ABB11DB79EF62AFFA61EEC941AB5C20,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066260Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.557{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_2[1].txt2022-01-20 08:19:51.936 23542300x800000000000000066259Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.557{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_2[1].txtMD5=6B559E6B268CC53FC0293A706E970550,SHA256=9179C223831AE54A2A21E24B1BDBD1D06C00098FA2A664F476756CEFA56C71E9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066258Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.557{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_22[1].txt2022-01-20 08:19:52.061 23542300x800000000000000066257Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.557{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_22[1].txtMD5=87C5803AC86277335317BEEC5B252EF0,SHA256=8F7211EC0F4E0532DB653FECB4F605EB4C3C6C9879B138185DB4AAF7245646BB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066256Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.557{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_21[1].txt2022-01-20 08:19:52.061 23542300x800000000000000066255Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.557{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_21[1].txtMD5=1DE957E6ECB8E53F1849E98E56D5D8F8,SHA256=D60A1010C3D82CAABA7C755C3A6423D7A268BCDC9EA4F27B10E8E14FD84ACD24,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066254Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.557{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_20[1].txt2022-01-20 08:19:52.045 23542300x800000000000000066253Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.557{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_20[1].txtMD5=A6A758B9A843A9AE35166154D051C654,SHA256=59BEC20EBDB4ABAD19803E90044333A5781C755A3DDC0663A4A95E88AA0F45DC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066252Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.541{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_19[1].txt2022-01-20 08:19:52.045 23542300x800000000000000066251Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.541{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_19[1].txtMD5=4EA6D9CCAE439451E3EDC69589C21F52,SHA256=115EE9EFD86B0AB505977609DBC1409CAD55275ED187667B37C1F7453406AA7D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066250Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.541{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_18[1].txt2022-01-20 08:19:52.045 23542300x800000000000000066249Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.541{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_18[1].txtMD5=7F25769992DF13C241A1F14C72781B7F,SHA256=C3F1170A49C7EE2CF721D222FA1F766543D0F69BBCB35BFA2C64453025365DA1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066248Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.541{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_17[1].txt2022-01-20 08:19:51.998 23542300x800000000000000066247Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.541{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_17[1].txtMD5=D2ECB824C1EBD5CAD726A8FA730F83BD,SHA256=9BA9C472659B68EC59A470063958FCF4C1B9F95670B884F95FF690DA601CADA6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066246Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.541{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_16[1].txt2022-01-20 08:19:51.998 23542300x800000000000000066245Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.541{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_16[1].txtMD5=91784C62BBC0181E5D1A1939D62C7576,SHA256=7C5953F43236E76AD1EABF5FB4E75FDC98F73A7686BFF5C023843D16A53C2CA7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066244Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.525{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_15[1].txt2022-01-20 08:19:51.998 23542300x800000000000000066243Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.525{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_15[1].txtMD5=E15FA9A83F9216A78A5E4AE2C2C08305,SHA256=65E0957B6D224D885497EE696AA97F94FE98D8BFBBD4F927508ABD645A4182BA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066242Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.525{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_14[1].txt2022-01-20 08:19:51.998 23542300x800000000000000066241Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.525{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_14[1].txtMD5=83CDB65FC5E3B9880848CA153945CD99,SHA256=E2E2AC74937053440DD9592C7CC1619F3290A042838C9922D69E1B5BFF985B89,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066240Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.525{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_13[1].txt2022-01-20 08:19:51.983 23542300x800000000000000066239Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.525{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_13[1].txtMD5=94E8C0A2D77D4C6A4CC2AA5D6D71B3FC,SHA256=F0E0AA4CBFFAC78A340ADD726D7D94A090CE6D8E6DEFBC9673531B4E5053B05D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066238Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.525{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_12[1].txt2022-01-20 08:19:51.983 23542300x800000000000000066237Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.525{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_12[1].txtMD5=3F65ED27EE681BC5D4F69A5C271DB6A1,SHA256=63828079B72050681B6811C4AA76A79CF8FB5F51E04B1596DBD761007BFC829E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066236Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.525{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_11[1].txt2022-01-20 08:19:51.967 23542300x800000000000000066235Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.525{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_11[1].txtMD5=006B1BF929F2A82B7AD00727A9F1623C,SHA256=A9F72540A0C0F03453F87AC641EB31BF401D6BE7A92F4615E9C49C7725BC3427,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066234Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.510{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_10[1].txt2022-01-20 08:19:51.967 23542300x800000000000000066233Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.510{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_10[1].txtMD5=203D482240E2A13DE24F8F82A9037348,SHA256=5B64FA6B42BE7F59D4D48C4C85ED73B9311003133E8F02F04AE6FA198CD81ED2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066232Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.425{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=31837B5F514353ADF2D59453A61DFB2A,SHA256=91F907B10A6D5A44C5F2BD54E2FE3A80821E9B393346E7059BF9058026567317,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066231Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.341{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\settings.iniMD5=081A9719D4FE8412D50113CC4BFB2B5E,SHA256=949860F6C3FD1C03ECBB873D07E9F5DE77E3F2D11BC6D7DDFEBC5FA35901D9E8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066230Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.341{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.iniMD5=F39A58EF97B3CDED2B0763F7A1024108,SHA256=864ED409A02C9405013F1443A6A2A5549B615E8815B8F4F0FBF6B9A27D349947,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066229Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.341{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.iniMD5=42D1770E232A5D25EA2C08E4EABF7E41,SHA256=CCED29BCEDE7E70AED3CA67BFD91BB704D1D5565E01DD48C37F3EF2045C198E3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066228Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.325{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.iniMD5=22F192FB4C42DF0A72A2FA00F41CE01A,SHA256=5047110D0DF7B37CBC100C4E6B534643E4DE9DB35BD9E2D6AAA0B7C743C7FCD4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066227Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.325{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\V0100034.logMD5=C44E823E63B249652422F73554916BD9,SHA256=6DB608360B4FDAE19176CCC6E0827B88355D5821B76385579BA647D372EA8795,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066226Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.310{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\V0100033.logMD5=854BA11030D5EED39CC9E69F3CC70D28,SHA256=CDD89D6CA31D4794182A562FF4AA0FB5E28890E1D19FAD6977EAB0F0CA1ABB6E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066225Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.306{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\V0100032.logMD5=5BA69C38AF503D60F2360663546150B4,SHA256=B99641614A006D627FD95AD020BBC664471AEB3580D9000F8855401327D00007,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066224Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.288{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\V0100031.logMD5=5E2A29B15A459ED6F2F6EA8E630237F0,SHA256=251ED159B4515F9088B843A4B80ABA6A25F7002021FF257B69F95AF8D36E8132,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066223Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.288{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\V0100030.logMD5=E7069C7D88739E73C377B3DE4D69D70E,SHA256=9437C0B0454A5F8FC30EA25F39816F435805DDDD0F36E76DA7642E1F9FF09109,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066222Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.272{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190612-052748-00000003-ffffffff.binMD5=9012FD33D6619B041864960B6BFC1D99,SHA256=0F419C177FC774501E0E6B8DBFB68B2EF157A7FA22930B5F881229A0CD59737C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066221Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.272{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\V010002F.logMD5=327F1BC4E3BA5E2F1B427B75B05AE441,SHA256=430C5C347B4AEE326D91EFD1BA84CB7027C67C96ABB9EC5282F2C17990A48469,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066220Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.272{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190515-074314-00000003-ffffffff.binMD5=628D0D2F55B5EE7CEB6FB6CB292C25C4,SHA256=A3769BB60861000B99E3549198E99F50CB78B33D153E67E6B9A376716CEDC4C9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066219Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.257{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\V010002E.logMD5=B7A5074A7551D2BB5D1A446C469D77A7,SHA256=0433AC0927B93D25357EE8AB2C77ADE07271EEC4E544690398513E4E51550B96,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066218Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.257{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\V010002D.logMD5=E26C2E9EA86F31E4CEEE783EAD244E8F,SHA256=7760D82777DC442974335545935F7F382A0A5829774ED977DBA80135780D9F26,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066217Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.241{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\V010002C.logMD5=1A02F62EEF6BBA24D99A347A76F72BB9,SHA256=937CEAFAB417C37171F5BEC108D95D285E9411A63B58ED302EA2F93D8EA2A515,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066216Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.225{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\V010002B.logMD5=273AE98CEE5DE8BA3EAFF6DB0655D19D,SHA256=6A03D37FFA70C1CFF27898AA8EE19B2FEF8B989C5349E7EF611C6BB74C0FA4FE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066215Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.225{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\V010002A.logMD5=DE487BF22199FAE50AE0416051C54F3C,SHA256=DD661CE95164091536770E90F9BB4EC26C7AB4D620E42287286362D2B29F0600,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066214Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.210{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\V0100029.logMD5=133F82A889371603DFF5C36E949E88A9,SHA256=ED6FFF4EC09578D307AA2E200D5C923E84BA3EF164C0D39E86FB3E1EF3AF3D68,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066213Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.210{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\V0100028.logMD5=E9248C3313D6C69E501EB56ED81D8ECA,SHA256=778D834CF63A1CCCD0394A380591575A52BF90F71CF268A27A86D5CC70CE68E1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066212Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.188{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\V0100027.logMD5=FC2661F22A570192DB41148E71F01D50,SHA256=ED1651E6DBDA65EC2CF05E9F5B50587AFD26B97944D9C388DFF3A8EBD583F3A5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066211Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.172{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\V0100026.logMD5=28150EFE8DD557730564E849BF10F2A5,SHA256=A0DE2319EA3582D41CB9FD59447034D9EBD3F96085F020452B68B479604AFDB6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066210Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.157{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\V0100025.logMD5=48F0C2553F83E810AF40E061313E7EE7,SHA256=37B52DC7E90711161BC56D997B73A34E067208FF1F5888E9EA0D6097851FC4C1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066209Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.157{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\V0100024.logMD5=D9CC144465CC49445D8178CF986DC3B5,SHA256=9E55243A0C7CFB48D40757F38F4C420571FF6F3F578C9AA0085128EC0901F4DA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066208Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.141{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\V0100023.logMD5=43D0FBB55F77B989F5A55DAD083959BC,SHA256=FDA4A79F5B3C2A557045F5F687640DA0597A09A1CC19797DB77ED3FE3B5030D8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066207Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.125{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\V0100022.logMD5=2EFD9D45227B83380A98615F390D50D5,SHA256=C7F2FFF9705ABA4009C45034E502B34A9773BE8FF020B613B3DA800A7ABA762D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066206Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.125{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\V0100021.logMD5=D65B0F7BFF33EF55144FFB69A5CABCA7,SHA256=C12CAE83E935F3325A7413B1B7F8CD4E1AC7C9AC2D0F3C9FBABF8A7EE763704E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000066205Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.110{6F5BEE90-18AA-61E9-1600-000000002102}13241960C:\Windows\System32\svchost.exe{6F5BEE90-3BCF-61E9-8D09-000000002102}5012C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000066204Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.110{6F5BEE90-18AA-61E9-1600-000000002102}13241364C:\Windows\System32\svchost.exe{6F5BEE90-3BCF-61E9-8D09-000000002102}5012C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000066203Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.110{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\V0100020.logMD5=D2D5D6F387D2CD7B348C6DDF3A9918F1,SHA256=C0FD77BAE759FF7ED64A624996099FC62C5D08E1FA7CA33127F5712F73E0AE47,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066202Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.104{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edbMD5=117366841ED1DD6FDBF0799A58B5C733,SHA256=3E2C6F88348BE3371F27A1FA3D47D6D8C8CFFA54C8C2F53D24D4EC7B0FE8BCE6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000066201Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.088{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-3BCF-61E9-8D09-000000002102}5012C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000066200Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.088{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190515-074058-00000003-ffffffff.binMD5=D2D01C288ECA48F8BFC387127C19AE39,SHA256=741FD32B2776B21DD9D0C99CE5B4500F8349991AAC073DE0308F6C67C7D75B98,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000066199Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.072{6F5BEE90-1B0F-61E9-E500-000000002102}41764072C:\Windows\system32\csrss.exe{6F5BEE90-3BCF-61E9-8D09-000000002102}5012C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000066198Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.067{6F5BEE90-18A7-61E9-0500-000000002102}392408C:\Windows\system32\csrss.exe{6F5BEE90-3BCF-61E9-8D09-000000002102}5012C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000066197Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.067{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-3BCF-61E9-8D09-000000002102}5012C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+366d9|c:\windows\system32\rpcss.dll+3bec2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000066196Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:11.041{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190515-065518-00000003-ffffffff.binMD5=9FC443036900F2E049A367936E72C0C7,SHA256=F04CA846441146FCE0A03AEAD6B921BEB2F1188B303EA787840A607E9E5BE41F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000031964Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:12.205{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D0156EBB12E8396B5A87A1112650CBA4,SHA256=073E68319D745F3C239BDC136EC21D3591A5C79F88297B9A2785EE8585383486,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066613Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.966{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200610-071704-00000003-ffffffff.binMD5=9331CD077C1E796FBE079E0D767536A3,SHA256=475EF73C58CE841C03BC79D51D5055F93A96E3086BCCAF9C361A16B309640304,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066612Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.962{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200610-064733-00000003-ffffffff.binMD5=D93009B091FAE34AA0628670EDBEB278,SHA256=283F7D27FC3068E98BA12EAF4C37B6E3E0EA9426E0FDA2E9D7E7C9CB85C1A83E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066611Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.958{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200610-063110-00000003-ffffffff.binMD5=D64F057F0DC3CDDAD52E56919A8D25A3,SHA256=57A7180105D6B35C1E6C3F663D39E754D85CEA99FE10935A5BE3B12704678741,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066610Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.941{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200610-063106-00000003-ffffffff.binMD5=FE2DB555D562B81BE3504430C69DC270,SHA256=A81E1B6B49BE817BFCC868D054EA7C43F003F1B29FFA0BA2B19798023DC07C05,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066609Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.939{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200610-061038-00000003-ffffffff.binMD5=C77836ECBC64C915DA8E8C1042F1ABEC,SHA256=861F19F83CDEDD9DCECCF9D6ABE33BDFE5549CE5936D9A61536756AE58DA0E48,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066608Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200610-060720-00000003-ffffffff.binMD5=4CFCF714635AE24C0B0DBE2677D77416,SHA256=ED9F20FD796848977A88533DFEDD4F89DB5CBC252CDADB4A4B91459C5E9254FB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066607Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.928{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200610-055709-00000003-ffffffff.binMD5=E7DF2AA21D39AA592972B03E8D66FC82,SHA256=B6BC443FB677D0E7043BEB25FCB0AD2F2D1B434852772711439451DD8F5F6443,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066606Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.924{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200610-053031-00000003-ffffffff.binMD5=9C6E7067B5E506DAD6BEE1ABB0DF347E,SHA256=DDB014DF3D3916C9962FD8A372A10930537F4CE86521B6F3A73F1BE9E6891E59,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066605Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.913{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200610-052915-00000003-ffffffff.binMD5=3D37450AA47ACAA49CC9AB93854CA9C2,SHA256=E9704B7E0F03A8994202090030ED74F1EACC21541B593EA2D38D961A91594BD4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066604Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.908{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200513-185353-00000003-ffffffff.binMD5=DDCDC719E331BE414251EA428C92D3FC,SHA256=287E97575868377A30A1F0C9E143E313013B869D38F87EA005E4241E52A9834F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066603Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.903{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200513-185108-00000003-ffffffff.binMD5=6BAB21B1CB9508BE5464F6B204FD3C5C,SHA256=8E85E406CBDA65A8EAFBD8933519B839F353486C337FF067EF718FDC0233CB92,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066602Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.897{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200513-182035-00000003-ffffffff.binMD5=61DB5D67D0D78B1CB9167E851B28E42F,SHA256=FEA66FD6FA8208F7300D25FD2D7275E509330736F2DC35B6C59709FD0C371576,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066601Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.887{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200513-180317-00000003-ffffffff.binMD5=F38A26F64EB8CD4A3463F91D2924795C,SHA256=DCBFB63FE556BAB328F24F4BAE79B08D8245012E1A3793DFD940C2788708690C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066600Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.875{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200513-180314-00000003-ffffffff.binMD5=9B0BCC124DBC0281EC026A3F5F2ED5AE,SHA256=4ACA99F9CB5D5E318B11A3F67DC4827D98FCBC9FCC3D094BF024C2D99EF679C4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066599Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.872{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200513-174232-00000003-ffffffff.binMD5=0E5DBA124BA414E4D30957B4991DE5FD,SHA256=63349EF2484449432792B538DD9FA0947470B2EF670359EED8B6F3AD381280FF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066598Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.868{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200513-173909-00000003-ffffffff.binMD5=8CA4CD02842F05FB059123C005A61264,SHA256=4016EFD5A89AEB6DADD9F6486E7B055E67FFFD448A784740F58D86741A66E37F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066597Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.864{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200513-172855-00000003-ffffffff.binMD5=5136A7D1EE008EE1042F7CC5DCFA0150,SHA256=88D8DB9D25CA6E2F999E73EA2F753CFF0D61A4D172443D18AF26607F1DB04FD9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066596Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.857{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200513-170051-00000003-ffffffff.binMD5=D04BFD324339F37AAC820EA2C3FC0BFE,SHA256=EFCBD9E510B1E2D3FE9D724D6239B70EA6312ACF3280AB30BB7B58F1698EDE46,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066595Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.847{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200513-165926-00000003-ffffffff.binMD5=A53A8210F3970FAEBB1B55B5CEA6BDE4,SHA256=CE51D576319C34930DE31B91C114ED590FD02B78889746752647BBB8E5B2B711,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066594Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.844{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200415-071709-00000003-ffffffff.binMD5=68E691CBDE2684C1D8EA930CEA413386,SHA256=150B206EA36D806091BE130F92CB4DB508DAD037D165FEFDEA7D784DB1316BFA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066593Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.839{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200415-071427-00000003-ffffffff.binMD5=40130F54471289EA6E406F5AC6A5A8CA,SHA256=F63C5CF1AB7469FD197FED3B4C050E22F0768A4A7C63D58017D6309E9373FA45,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066592Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.835{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200415-064510-00000003-ffffffff.binMD5=E47605DE35E1A29234CAB16446C420E8,SHA256=58361F6C0F8CC719C0A4309275670171B41FF9681BA2DBEC444B7BA8EB8D7B36,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066591Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.830{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200415-062852-00000003-ffffffff.binMD5=4D84FCAF77F8005125DD9C08A3F6B727,SHA256=6FB9997651114ECDC94FDEB2B8F29897407EDA07DBAA7DB140094AD711E7646C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066590Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.825{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200415-062848-00000003-ffffffff.binMD5=67CBEEAB48AF248E06DFB7EA64D87B21,SHA256=F18F4480248CA2F3AF2683BDCDB40966B649A7C812C974EDEFDD9E48561C6191,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066589Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.822{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200415-061045-00000003-ffffffff.binMD5=A4E229F489145647C89232C70863FB08,SHA256=C95193A3025D73DA23612049ADE8BEB1524BAC13670AB3169A45C8776C226AA4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066588Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.813{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200415-060731-00000003-ffffffff.binMD5=454D0F3639AF8D83DBEF2C0209EEA99D,SHA256=DB7D96AAC57B5AE40B2A98F0FD2D5964A3E90FCCFAAFBF2480C4DE62A2304F96,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066587Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.810{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200415-055723-00000003-ffffffff.binMD5=E38A3C8005DA4A1C50492269FA3358F6,SHA256=3607360EF8B765CEF89D5ED0FB2F41C809151B5259DBF10736B6A80B4A759872,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066586Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.804{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200415-053503-00000003-ffffffff.binMD5=350AA070CB4285BE99B020ACE8EF7956,SHA256=2FCAA018A7DD5770156BE9DD96713D203900CD6800E0E23EA7E79EB9B62EC9E5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066585Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.798{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200415-053001-00000003-ffffffff.binMD5=B9883179059130ACB93958EA39D54B7E,SHA256=63BE133C303ABF5EECE57494180AE952D007D567CBD061B6E24269703168209B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066584Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.793{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200415-052855-00000003-ffffffff.binMD5=DC671BDDC5E1E5A44BC4F81C6A01380B,SHA256=3C8A1E49C55208A018D188200839C395ED6F4B6BA69D05E239109C5F199B730B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066583Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.791{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200311-073404-00000003-ffffffff.binMD5=329898A5CB05486EC4E10DA71CD39F8A,SHA256=5F1E716766D3BA08F2ABA632F847A60CD1B3747DB8545E72A4BB7B6217E81A78,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066582Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.788{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200311-073131-00000003-ffffffff.binMD5=7F38CBA44D9D745D789E552B95396B06,SHA256=0B086BAC536BFB76B3C74F2F2E3D46598687B6F2783C0274C3B73F1265D04A0C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066581Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.784{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200311-070113-00000003-ffffffff.binMD5=20BB5BACF765A670025A400EA178DDD3,SHA256=E43FC806D15FBC102C931A23396CA68A94BFA888C3A3DF7DBFEA671111C22EBF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066580Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.780{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200311-064247-00000003-ffffffff.binMD5=9492DAEBF833A4EA7278E1A1157D03C0,SHA256=C970C79533898710BEAB14BB18D182067587C790BEB7392ED5F3032F819010EB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066579Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.774{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200311-064244-00000003-ffffffff.binMD5=E5B3E71C587888E3212EA8D3F23008D0,SHA256=91B2EFE8DD9CE300C1772F9E851E8FF0136F2AF854C71836A79175D1DB901858,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066578Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.771{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200311-062340-00000003-ffffffff.binMD5=9A096D6A069F7B8F628BD72F4558D180,SHA256=01A29FBCC2C9C6A88C3AF68FF055EAC85439ADF1C8D32BB19496B570F1BF6723,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066577Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.744{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200311-062022-00000003-ffffffff.binMD5=87D7B3155C029DB3AD4E4A998C1C08B3,SHA256=DA491A711C6C49274DE73EC0918098F973ED1B70EA5AEFCDBA4E385C41503204,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066576Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.741{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200311-061014-00000003-ffffffff.binMD5=6C7BD10B19DC83AF4E634D07407DC331,SHA256=98002A96E78349EB683F6B220052E6ADDC9DDEDDB09977025AE1BCC87FA67028,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066575Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.736{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200311-054437-00000003-ffffffff.binMD5=C67E468D598F80B73956A74D6D27E08B,SHA256=A4D7BA443295DCAA6990861DD713EA0016E9454FD0834D8B0ADCEC9BD7FDE62F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066574Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.712{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200311-054114-00000003-ffffffff.binMD5=572856082539AB16D2C9EB91727A15B9,SHA256=D6E94970C1525BBD3DCC57A698CB6D9A6AC8097C919A6A3C44365A57DD18BBEB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066573Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.708{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200311-053511-00000003-ffffffff.binMD5=96983E90A09F16952053EB0CE34CBFFC,SHA256=E6A83985503B22CE58E7096BE3303B4D7D11A18096BFB84E3A54A7C40DEBC0D1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066572Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.705{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200311-053305-00000003-ffffffff.binMD5=5BC811F99742AAFEC54A4980F4451BA2,SHA256=E822B422891ED55F959BEE64310D7252F6CD498C9E1B79B88E99D412DCE88DA6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066571Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.689{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200205-072041-00000003-ffffffff.binMD5=04150822C2CC8DE5E44408AD79ADB6E7,SHA256=CF6842CE4569F8ACA1A863F67A60036464785BD04F0E2C49E3E0DEF10899120A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066570Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.689{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200205-071812-00000003-ffffffff.binMD5=4686FC81511ECCEC898DB92BFC0517D7,SHA256=A6B8C7AE2B907157BD6C640CF3835D91B492112887E75586F82663AF28CA4DE4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066569Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.674{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200205-064856-00000003-ffffffff.binMD5=FF2831EB55D84BC7AB77001A5ED39C72,SHA256=3DCE5185A6013147BAE597529E487EFDEF94D9AAA5D44D66DB8A6ABF7B3A437F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066568Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.658{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200205-061312-00000003-ffffffff.binMD5=FB97A75CB0112A3EB4F29106511B6C95,SHA256=6F1178AEDD08A9A376C689B808B4D7418BB08F5B1D8CA8ED51D01B1A5C6FF29B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066567Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.611{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200205-060944-00000003-ffffffff.binMD5=8D90ECF72A3CE9AE53B22DA855DF53AF,SHA256=5E7E0508348D25D899EC14CC6D9C6A3FF3479E5DEAB561441F84EF964710FEBC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066566Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.610{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9FA16F4E29B0B46BD5EBD554D7055902,SHA256=5C379A23BC0CCF03174A2670E75CC5885DEFF8D108791DB4BB877B87FAF3067F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066565Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.609{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200205-055932-00000003-ffffffff.binMD5=3477E1560E39AA8A36ECB5A1968D9944,SHA256=FA4210E55070D2F5CA017BC026AB3BAD0AD506C5D7D4B59F7806D5FB8A5DE98C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066564Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.589{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200205-053008-00000003-ffffffff.binMD5=A54264DE545913F30EE00C03D40F2EB0,SHA256=69FAFDE29ADAD36080054846859A808A37187293FEF4B73C6BFBBDD1F70B1D38,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066563Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.558{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\Downloads\desktop.iniMD5=3A37312509712D4E12D27240137FF377,SHA256=B029393EA7B7CF644FB1C9F984F57C1980077562EE2E15D0FFD049C4C48098D3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066562Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.542{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200205-052841-00000003-ffffffff.binMD5=9A06E3D17C74656B8A9BD88A566BB7AF,SHA256=B04686024C57CBAD2546438AC283A5A873862EC50C6F125E3F3E036BAB053750,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066561Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.542{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200115-071839-00000003-ffffffff.binMD5=4AB9705FFC4852A7D92B63F9F55B94E9,SHA256=99B2C3A8796B0EDEF6712E4F447E9234F2456C96A34B1F704667199DDA17C0C1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066560Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDownloads2022-01-20 10:39:12.542{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\Downloads\bin\LicenseInfo\OtherLicenses.txt2022-01-20 08:54:04.268 23542300x800000000000000066559Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.542{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\Downloads\bin\LicenseInfo\OtherLicenses.txtMD5=E01DE8F65EA7581F8F4B2A55154B9C5D,SHA256=9307F5569A84496ACC8C532EE8ADAA0AC3804B42176E84741743ADEBADDEAE7D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066558Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDownloads2022-01-20 10:39:12.527{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\Downloads\bin\LicenseInfo\LICENSE.txt2022-01-20 08:54:04.268 23542300x800000000000000066557Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.527{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\Downloads\bin\LicenseInfo\LICENSE.txtMD5=6E62481BCA4DA045150C5E751387BFDB,SHA256=AABD9E3E68E8236C4B2A1504DF411D258C06463EF214B00681E62E60BB2C4559,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066556Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.527{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200115-071609-00000003-ffffffff.binMD5=9935147D38A62B2C015396036DD45BCB,SHA256=53A4728AED038774519B4903E4BF9EE319DE4C04FFD1214780E12CD511311ABC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066555Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDownloads2022-01-20 10:39:12.527{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\Downloads\bin\LicenseInfo\GPLv3.txt2022-01-20 08:54:04.262 23542300x800000000000000066554Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.527{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\Downloads\bin\LicenseInfo\GPLv3.txtMD5=3C34AFDC3ADF82D2448F12715A255122,SHA256=0B383D5A63DA644F628D99C33976EA6487ED89AAA59F0B3257992DEAC1171E6B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066553Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.527{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200115-064956-00000003-ffffffff.binMD5=A76F0499DF4D83856630A255707EDC16,SHA256=D627108565E663A99A16DC3D71CDD171D46B183080BA513F7EB06ADA5D150EEB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066552Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDownloads2022-01-20 10:39:12.527{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\Downloads\bin\LicenseInfo\CREDITS.txt2022-01-20 08:54:04.262 23542300x800000000000000066551Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.527{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\Downloads\bin\LicenseInfo\CREDITS.txtMD5=0E3C4AF9A19DE3F180DA7AF426D4EDB3,SHA256=1B8C084C8F900CA6597F36FDB0F53753A8A58F72FA7ADFEBE5F60E863901960C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066550Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDownloads2022-01-20 10:39:12.527{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\Downloads\bin\LicenseInfo\ApacheV2.txt2022-01-20 08:54:04.262 23542300x800000000000000066549Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.527{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\Downloads\bin\LicenseInfo\ApacheV2.txtMD5=D273D63619C9AEAF15CDAF76422C4F87,SHA256=3DDF9BE5C28FE27DAD143A5DC76EEA25222AD1DD68934A047064E56ED2FA40C5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066548Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.511{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200115-061636-00000003-ffffffff.binMD5=D545F16CE4C4AD34423106FB4A3706EB,SHA256=A09B18A2FE04155E10973FAC325E2354FA1282976EEC29C5797AC2BA84AB50AC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066547Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.509{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\Documents\desktop.iniMD5=ECF88F261853FE08D58E2E903220DA14,SHA256=CAFEC240D998E4B6E92AD1329CD417E8E9CBD73157488889FD93A542DE4A4844,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066546Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.508{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\Desktop\desktop.iniMD5=9E36CC3537EE9EE1E3B10FA4E761045B,SHA256=4B9D687AC625690FD026ED4B236DAD1CAC90EF69E7AD256CC42766A065B50026,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066545Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.506{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\Contacts\desktop.iniMD5=449F2E76E519890A212814D96CE67D64,SHA256=48A6703A09F1197EE85208D5821032B77D20B3368C6B4DE890C44FB482149CF7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066544Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.489{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Notepad++\plugins\config\converter.iniMD5=F70F579156C93B097E656CABA577A5C9,SHA256=B926498A19CA95DC28964B7336E5847107DD3C0F52C85195C135D9DD6CA402D4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066543Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.489{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\profiles.iniMD5=CDBB390D48345497E8D21AA809042D2E,SHA256=8781288BAB380EBFB309F4E4C20116EEECA10BF2D0187DC31CF0845232C043F1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066542Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.489{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200115-061403-00000003-ffffffff.binMD5=902C640E36A9ECD7B67C806760CC50C4,SHA256=A2DF3AC0582D8DE7ED2FC6895BFDA343C1463133382F159828A49F1FC1D529C8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066541Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.489{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3zus1al1.default-release\SiteSecurityServiceState.txt2022-01-20 08:31:37.339 23542300x800000000000000066540Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.489{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3zus1al1.default-release\SiteSecurityServiceState.txtMD5=2782A6B2AB57EBDC93924C279AE33424,SHA256=6A38ACB11EEC9F18DB9929736695B8A423728AA42FE606B6689CD207387C8FD1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066539Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.489{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200115-055954-00000003-ffffffff.binMD5=12DFF3E219EE0684E14AEB3494DD9D85,SHA256=3C3F1C248E9BA0DB7E0105071ACA82DC13FA9CB9E15B9EA2538B4C64329AB4BA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066538Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.489{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3zus1al1.default-release\prefs.jsMD5=281CACE7F5FD172747C410CB7AACA893,SHA256=3D762642B756DFAE32A42FB7E8D96AD728C8EBBA2020C1282804E96837725A58,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066537Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.489{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3zus1al1.default-release\pkcs11.txt2022-01-20 08:26:37.280 23542300x800000000000000066536Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.489{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3zus1al1.default-release\pkcs11.txtMD5=DD4F747F997B1F4744058DF0EF3D2BD0,SHA256=17C6165C508C25A29E185AD7BE14077EF40519B939B3A15A1972409B4408C3DB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066535Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.489{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200115-053227-00000003-ffffffff.binMD5=0235B3D2DD93586C496603F7D2D50783,SHA256=9CDF79DB44BFFA931999245FD45966A9E37DAECF27D256F18F7EE89FA66876D7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066534Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.473{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3zus1al1.default-release\gmp-widevinecdm\4.10.2391.0\LICENSE.txt2022-01-20 08:28:02.006 23542300x800000000000000066533Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.473{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3zus1al1.default-release\gmp-widevinecdm\4.10.2391.0\LICENSE.txtMD5=49DDB419D96DCEB9069018535FB2E2FC,SHA256=2AF127B4E00F7303DE8271996C0C681063E4DC7ABDC7B2A8C3FE5932B9352539,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066532Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.473{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200115-053116-00000003-ffffffff.binMD5=FB4C5C2532539C05BA5FD1221D9EF156,SHA256=AEF8147DFE502D9C7D77B095C504B69CB7F28C21DA45D4FA8DC6D113FF1A8CBD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066531Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.473{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191214-183133-00000003-ffffffff.binMD5=21185AE3F32EFE315BB17CD93A0675F3,SHA256=80A6463F8D25A5E0C8B2D8B50E7D9E4E7718ED68D817F400B40751A53844C03B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066530Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.473{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3zus1al1.default-release\compatibility.iniMD5=5DA8B7F0C82F25E0F024537E887C6244,SHA256=25847110CC4554CA8466892ED3745021FFA70CBF455CE391C8B24D792D93428E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066529Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.473{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191214-180436-00000003-ffffffff.binMD5=0D6918C1E85FF76C9C3029E62540D3F2,SHA256=CA0B0857B004B7D69D30B8FA8CFB337071DF64D6A4F74A8A4A71A7B26F4974AD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066528Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.473{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3zus1al1.default-release\AlternateServices.txt2022-01-20 08:31:37.602 23542300x800000000000000066527Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.473{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3zus1al1.default-release\AlternateServices.txtMD5=008CA9C0790CE98EFD489DD138EB3D58,SHA256=3C69FE70D01DA8D071A936CBF406FB9663F1914B85D1AD4CE33D162C2C541C4A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066526Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.473{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191214-180241-00000003-ffffffff.binMD5=E23F82B3B0DFEA346B1C6458176C73F3,SHA256=942A92CDFB61834554DE641BDB2BCCD7776368B7EE3DA512495DDA445472D4A0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066525Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.473{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191214-180237-00000003-ffffffff.binMD5=ACDC0BF101BCC1A327D96BBCA38B4B16,SHA256=24DAD37A546C6B1B14DC5A5AD35D796E6166405C5B910BB8423852DAB7D61768,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066524Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.473{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\installs.iniMD5=87ACB222F26B1D76104B623B4869906A,SHA256=3D1658FA4562C4A36E36076E7F7EECF9125F61FE4E28B4C6397B1982A4CAC5C0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066523Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.473{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191214-180111-00000003-ffffffff.binMD5=0456970434975D56D313E15FB9D6E5AD,SHA256=2D8052F7CCF7F87FFC7A60063293D0B2712EC72A69371EC7A870EBB0F4D3C572,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066522Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.457{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1920_1080_POS4.jpgMD5=598B32687D5A94B1DF91E0326026564A,SHA256=5FC93BF5FA95E089F21ED5808F640394359F998CE8AD41CB94EEC797B3AAACE9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066521Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.457{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191214-172358-00000003-ffffffff.binMD5=EDD65A0F325F4FE73D2FCB500C08F92E,SHA256=AA9050197A07731D3C096E97B3DA65600B94FD4D7192C2362D07B7B03F158249,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066520Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.457{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.iniMD5=3AA1D8D650944F797F80D23D67A2F335,SHA256=051EAC875E4DCC20F0C7DCE3ED02A9FDD347F554550774EF7EC827248B4CE1E1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066519Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.457{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.iniMD5=9E99BA5EFB1439677D639C9DF7A49DEE,SHA256=E82D3C52740AC98C944882F75C2F217733D8E8296D7E12F21D535DDBBD9AFF5A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066518Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localT10232022-01-20 10:39:12.457{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunWallpaperSetup.cmd2022-01-20 08:20:09.278 23542300x800000000000000066517Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.457{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunWallpaperSetup.cmdMD5=FA9D7A03029739B5B2001E922E850A64,SHA256=73BA33FE75051877AFED93B3644B9B824E82E68E2A11EA1694A445EB4A5EBFD7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066516Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.457{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.iniMD5=7F1698BAB066B764A314A589D338DAAE,SHA256=CDB11958506A5BA5478E22ED472FA3AE422FE9916D674F290207E1FC29AE5A76,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066515Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.457{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.iniMD5=CAC4D0F604168B35338F40B0FE08C453,SHA256=8D1EDA3F60FDB808BB783045C7295EF4ECA5192136160F6C46A919E9E53E92E6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066514Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.457{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.iniMD5=17D5D0735DEAA1FB4B41A7C406763C0A,SHA256=768B6FDE6149D9EBBED1E339A72E8CC8C535E5C61D7C82752F7DFF50923B7AED,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066513Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.457{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.iniMD5=548B310FBC7A26D0B9DA3A9F2D604A0C,SHA256=BE49AFF1E82FDDFC2AB9DFFFCB7E7BE100800E3653FD1D12B6F8FA6A0957FCAC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066512Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.442{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.iniMD5=3A2D5E6CEEB1BFC64E8B7FE7C1697BB6,SHA256=0B4987D67F591D62F09BCEEF32299562ACF224E9ECC59A6EBAC45B6CF23D895F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066511Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.442{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.iniMD5=D69BA89AE591A62E758F84E1A06DDA6C,SHA256=BE3B457C123FD5B98BEF1C6224CEFDC3EA84E0DEADF3B92740929A8A19476602,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066510Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.442{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniMD5=A2D31A04BC38EEAC22FCA3E30508BA47,SHA256=8E00A24AE458EFFE00A55344F7F34189B4594613284745FF7D406856A196C531,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066509Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.442{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.iniMD5=E5DD8495A100A9AA69637A23F1AEAE2E,SHA256=E6B8D4B42513796767B593A7C0C1CD2CC959082BA63BAEEF4D0F4F4D45F99ADE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066508Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.442{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\desktop.iniMD5=F107D0270E21A2FE91099FDC15918D44,SHA256=EB315C9D165B4916E3B00E4D148B53A6C03A2F0694A6A8821D98E76F935CA6A8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066507Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.442{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt2022-01-20 10:38:23.230 23542300x800000000000000066506Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.442{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txtMD5=A4E3F4AE2BDA890C6CA31F1CEF5C95F1,SHA256=B139771E23DE30561E4E12D3F95CA668C7AF18F2C7414C6E7518F95938EF4364,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066505Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.442{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Libraries\desktop.iniMD5=99D72ADF4E683FA1E6F1A435FF5BE9B3,SHA256=873BCD7FC25E21142BDFCD6C8F2BEA3E294A055E3F132D8A2B3407ABA45074E1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066504Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.426{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.iniMD5=08E1B7B2FD872CDCC42AF67707DC2A98,SHA256=4E252DBEE2058E1CF6F78FC67568759A8AD213BCAFE33192E55DD5712D7E4ABD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066503Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.426{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191214-172122-00000003-ffffffff.binMD5=8C28C38DA33EE297182A5DBFD6E956A4,SHA256=7C83BB490F089CB0422493A55035E808424AE5131078D915B39CC93405665B84,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066502Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.426{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.iniMD5=3E1903415FC4D2E8A5B70E6506A4610C,SHA256=7D464D098EF370E883F7289D09DFD4E346BDCB10BD19AD16BF818516D196E866,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066501Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.426{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191214-171118-00000003-ffffffff.binMD5=B89DEF9956DAE975D7A5D46CC8867045,SHA256=26CC1F5782D9FB87C481C8E112BBCBE7E7BFB0C1E57F701E7F0E2B0AB74A7FEA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066500Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.426{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniMD5=DEE294828EE7536D2F8C97BD714C8AF8,SHA256=BE29918EBC9503393EB28C8BF2026D8E240F08A087B1B6597F55E1D49A4B652F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066499Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.426{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Roaming\Greenshot\Greenshot.iniMD5=5B00E4BB09902975610E3B269277BD42,SHA256=435473254FBE2BAC9718AB592B986BD171158EE6789F48B995745299AC1D7FAF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066498Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.426{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191214-164654-00000003-ffffffff.binMD5=A025C6A0149819A48E204FA0052574DC,SHA256=9402744ECED8D56DDD693D3A83AE43B4DA68F61C7E90A851DBAEAD0F2D25825A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066497Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.410{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191214-164545-00000003-ffffffff.binMD5=17F0C385936C15E845E5131F35D3E711,SHA256=FFE5EACA4974C5C90EF2EEBC498CFCC19BD70D2CBA3E4A5FB72FD644C87B54C8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066496Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.410{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\TileDataLayer\Database\EDB00006.logMD5=817DDBA0075A46CA49AA785CBB9FA537,SHA256=E43583DA4F31AA42A610DE391AA3F3866BC15213D71A3932D98A5D796ACE3653,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066495Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.410{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191113-074055-00000003-ffffffff.binMD5=F8EEA0854793C64B9BE7E5029D0F655B,SHA256=7EFD58C0D273F04FAF1C89097B1B30FE760CA9D47B41010FDE9420C3251A8FB8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066494Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.410{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191113-071043-00000003-ffffffff.binMD5=A3C5B466350366778DE0EB631347A31B,SHA256=B966E8D6F1027488D74CCD06E4F04F5636FD7776ECC9BDA3A9B8E08F83098C07,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066493Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.410{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191113-070859-00000003-ffffffff.binMD5=0F8FA21A9CD4DC9B687ABB48F48FC5FD,SHA256=2A02AC12E5105FB634C13B5410690B9E6C46CF9A326FD67D4BAB08836C8E8BDC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066492Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.410{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191113-070856-00000003-ffffffff.binMD5=BB87231024E4CBBA1F021E2B01FBDACC,SHA256=67C6574854789DBC6D5339BC3FF79BB43865424665EB11455D9B4C8D715043E5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066491Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.410{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191113-070724-00000003-ffffffff.binMD5=06D3870A95FFE3762F6849A089871B08,SHA256=7D6CD378A68E5938B0E1F1BFFC490905EF6522A920D3703BB4D9274BD8B9232F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066490Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.410{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191113-061132-00000003-ffffffff.binMD5=64078BFCB554A0E43611B1885D3F736C,SHA256=9BD39E3E3D88D61ECF5C698ABC5CFFED31F5CD56705BBD17991C276C9D0A78A4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066489Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.409{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51F03A31BA48F7FDAD1ECC2CAABE2966,SHA256=B3A14500D7D3F38959304EA4288F9253E31DE3D551A54A1D9E371CF587164BE3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066488Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.389{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191113-060857-00000003-ffffffff.binMD5=2DCB53EB66D5B1DFD8A2265D2DFDC641,SHA256=17B3B21ED7D919392EF119BAE1C440BA4C3FA03C8ACB8DC8199E3867D7D1D284,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066487Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.389{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\TileDataLayer\Database\EDB00005.logMD5=6DE21D7565716823F4ED6D0471437E17,SHA256=5F3174C7BF75B630AF75EE22EBA477E6E0B1AB3817A75B489D27CB2A06668308,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066486Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.358{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\wmsetup.logMD5=84FD99D2C3AE18F2939DB06F104230F7,SHA256=769399BBF309262F06CF2CA7B502D84C94E86740167F42061CBCECE0565272E9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066485Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.342{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191113-055857-00000003-ffffffff.binMD5=A29C753DCE0434A93576E67BC4FA7A24,SHA256=C84764D06665267F41611D3AE82CC1BBB6E42037F5BD09857F382511C635A6BF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066484Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.342{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191113-053543-00000003-ffffffff.binMD5=9029BD9A6AA3B2F6698D10B675E06E1C,SHA256=E5E76650DB0EF196F0E11D9AC971C731D10C3B6E2EB1D09BB108BD8BDD0E3622,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066483Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.342{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\tmp4wrle6qzcacert.pemMD5=3DCD08B803FBB28231E18B5D1EEF4258,SHA256=DE2FA17C4D8AE68DC204A1B6B58B7A7A12569367CFEB8A3A4E1F377C73E83E9E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066482Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.342{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191113-052932-00000003-ffffffff.binMD5=2DD1BD6BFB480B40C5A8ECA6CC8F6425,SHA256=0096B3C48E67D7F3B9A582AA08ACBFB15BF329E78A1C9BA00E575BB67790508D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066481Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.342{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\splunk.logMD5=A4EF6247C6A27DA5114AF466F19CA9D2,SHA256=C4B757BD1ACBF027E9F776C2A91A749086A244E70E2759EC7A7C7FB684526D3B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066480Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.342{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191113-052824-00000003-ffffffff.binMD5=05E32160AFA07F0F3591B452F6D72F13,SHA256=675C3CC673438AB3B4C981CDC5F84423295C775747CEF231D5BA522540C6BDEC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066479Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.326{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191009-073512-00000003-ffffffff.binMD5=1F5AD339CF4CE5C05D869DFE720931EF,SHA256=9C406713328E2EEC36D488BDB09FFCBFDD15D8FFE38B710F48AF1A68B7D924E9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066478Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.326{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191009-070549-00000003-ffffffff.binMD5=7402AE3E81E554DCB9BF3C8F68BEC9DD,SHA256=4CE719D1DB7B20C2D581882FD578714A568F9B42A04F9A0ABE39CA329C647CCF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066477Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.326{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191009-070406-00000003-ffffffff.binMD5=BAF35E53A57649D0F665413090CE9DEA,SHA256=93CF96B7C42F44E0BFFCF339938ABBBD2A0D4F3E00C1F79EE1B3B8CF5DD73A43,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066476Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.326{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\installbuilder_installer.logMD5=A8884CEC2DB072ED670A7C9A62E22813,SHA256=E11404AC874412DFE724801620D95D0EC173DDD1D4475CE2EBCF9A72E8E6DDB7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066475Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.311{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\Setup Log 2022-01-20 #001.txt2022-01-20 07:58:38.091 23542300x800000000000000066474Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.311{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\Setup Log 2022-01-20 #001.txtMD5=E2FC19ACAF4CF1D424CC31948ABBD319,SHA256=A4790842A0F30BAC58A42A5AD56004D21AB961BD6B10C6F93ABE74437994FBBD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066473Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.311{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191009-070403-00000003-ffffffff.binMD5=42EC2144BC42E3FCCE0963427637BBA0,SHA256=2D7F9A12E840D1B88557270CF680787FE79F28B4CF89A5724CEC306FFE552751,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066472Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.308{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8BB1577D503B239C52E1F50FBCE415E,SHA256=2E0274E8E624CC2EC24E8B1C04ACCE07E9D485CDD998918E9B12A5CC9FC7FB55,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066471Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.291{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191009-070226-00000003-ffffffff.binMD5=15BA11A04BCEFF88A13E3E1800B5A9E8,SHA256=FA15542D7C7596B82319AC52260EE714843393DF1C7D4434FC947A14D32BED20,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066470Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.273{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191009-060455-00000003-ffffffff.binMD5=3A5C88840356D615D44D419D0CFCD249,SHA256=E96D6A5194A410A8545D7BD8EC8BE17EFF4FC7A0863EE674B1C2D1329629D349,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066469Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.273{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\VERIFICATION.txt2022-01-20 07:57:29.896 23542300x800000000000000066468Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.273{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\VERIFICATION.txtMD5=80A2FDF092571CC30652B7658C0A1624,SHA256=6436E7A9921161664F64584EA700E26342F2247E6AA5493200F0E7817B9BDEA9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066467Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.273{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\init.ps12022-01-20 07:57:29.833 23542300x800000000000000066466Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.273{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\init.ps1MD5=2F25BB6508FA49E3E6CC957AEE1B41A2,SHA256=86DD1635B6790F38AB3444B953E91EFD190709DEB5B245420C519965B7AD87A3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066465Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.273{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191009-060224-00000003-ffffffff.binMD5=D27678BAF2042D393B31354234D08E9F,SHA256=C34C44F60A27501285CF4E02E0DED5C1F4A56469F9EBC143BFFE5AEF08A95908,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066464Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.273{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191009-055213-00000003-ffffffff.binMD5=89CF66EC3709C73EFBBE70516A0C9A73,SHA256=D5E064BB5F1F1AF7F9AB5E07A6DB560B0E642707EC7490F97835ECD17F4635A2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066463Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.273{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191009-052742-00000003-ffffffff.binMD5=0E3AF00730BDC5D161CC97837BC2806E,SHA256=0521AD05D8ECD1611388B8674E375B774D4B1478C709EDB86884F4D3DDFFA745,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066462Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.273{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall.ps12022-01-20 07:57:29.709 23542300x800000000000000066461Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.273{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall.ps1MD5=0037A5E35EE5C5B0B79D639923D8AFA1,SHA256=1CDA360809F147FD77A56F815FFECB7955D6B1AE7CE8C70EF60826986D29A229,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066460Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.257{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20191009-052626-00000003-ffffffff.binMD5=A3B35DCD9D8565B1E1CD798CC82E2D8D,SHA256=46C4439726EFB2379F5C5353BBF4EF252568D02F18DF2ACB69B146B586D54001,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066459Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.257{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\tools\shimgen.license.txt2022-01-20 07:57:35.287 23542300x800000000000000066458Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.257{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\tools\shimgen.license.txtMD5=58FA6B4B88C177B273F25D9324FDF301,SHA256=A2BB559CDA0826A8DB2B893D3B5D7DE6CF13D91210FB920E33B682851D44C037,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066457Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.257{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190911-100223-00000003-ffffffff.binMD5=1DF3D6A4435CBF77C1B2A74B063D0124,SHA256=1318A6056C8E85153AE41B5990A2A12CA3E8A90EE2557240285028E059D90E98,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066456Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.257{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190911-090755-00000003-ffffffff.binMD5=39C1A0C3D38A1C6C1E9F6F1E443A5C14,SHA256=465A428133575D07F7B8740A90FCB152218B7D040634CF997517C079E93B410B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066455Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.257{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\tools\checksum.license.txt2022-01-20 07:57:35.193 23542300x800000000000000066454Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.257{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\tools\checksum.license.txtMD5=A10B78183254DA1214DD51A5ACE74BC0,SHA256=29472B6BE2F4E7134F09CC2FADF088CB87089853B383CA4AF29C19CC8DFC1A62,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066453Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.257{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190911-083828-00000003-ffffffff.binMD5=80E7A69B36F211C240E35299C2C87794,SHA256=3887628B942CB6BF87DC6C5E47466715C18BFC60C6AD0D92B9CEFE275C33DFFB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066452Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.257{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\tools\checksum.exe.configMD5=E9AD5DD7B32C44F8A241DE0E883D7733,SHA256=9B250C32CBEC90D2A61CB90055AC825D7A5F9A5923209CFD0625FCA09A908D0A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066451Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.257{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC923665C0FD71AB637466900C24A666,SHA256=7640B48404862E857B0D42E8A3EDDC49613613226073386F01544FA4AA020094,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066450Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.257{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DEFDA7E026BE2B1F6E589AB0A19D81D1,SHA256=BB8FC6D11A6E663494D65A65F9A3C5EE1325F761E493E93C5B64EA5493E6BFAE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066449Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.257{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1DA58FA210B8420030FB6F95862DDE9A,SHA256=083B6830C26E45487ECDE209D11038C937C027270E85FC0B199518A574C8F8B5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066448Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.257{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\tools\7zip.license.txt2022-01-20 07:57:35.052 23542300x800000000000000066447Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.257{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190911-083559-00000003-ffffffff.binMD5=564BA5213C5A9E4AEAD28468CD6520B5,SHA256=EA8467E37607BD54FB001EF47DEDCE363BA3B82A62EBB86D5A6F5D8D4C4BD8DA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066446Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.257{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\tools\7zip.license.txtMD5=899A48828B85C4B0402EE7CF1F65B62B,SHA256=20343526E04CE61EED2675282462E7080D305246F7807386621149C2025765D9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066445Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.242{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190911-082554-00000003-ffffffff.binMD5=C223D63EC568163E28AF8498B9814B08,SHA256=66DFD04E0055CA3897480147F60483AE1B807821A31BEEF87376132FDFE22740,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066444Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.242{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\redirects\RefreshEnv.cmd2022-01-20 07:57:34.474 23542300x800000000000000066443Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.242{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\redirects\RefreshEnv.cmdMD5=B4326546C3A252494DCD512976F8B89A,SHA256=9B251737A6B6ACE9FDE45B64FD653B04575C6416F15112FBE1697A47B14990E6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066442Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.242{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190911-053254-00000003-ffffffff.binMD5=F537DE794743889451A60ADD45F9872E,SHA256=53F1195CBC911CA058D0E191A6FCF1B80A7E43D01A4C56D4743453CD779D8D72,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066441Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.242{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\LICENSE.txt2022-01-20 07:57:30.583 23542300x800000000000000066440Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.242{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\LICENSE.txtMD5=B4ECFC2FF4822CE40435ADA0A02D4EC5,SHA256=A42AC97C0186E34BDC5F5A7D87D00A424754592F0EC80B522A872D630C1E870A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066439Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.226{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Write-FunctionCallLogMessage.ps12022-01-20 07:57:33.177 23542300x800000000000000066438Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.226{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Write-FunctionCallLogMessage.ps1MD5=C06B322F038E0C84851088AC58F2E025,SHA256=2C9693C640D27596F0DF1C17E8FA535F056A1921F89FAD84822F783353742119,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066437Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.226{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Write-FileUpdateLog.ps12022-01-20 07:57:33.146 23542300x800000000000000066436Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.226{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Write-FileUpdateLog.ps1MD5=7D2BC2BC2BB48F0EAFF33D1FEFC53246,SHA256=007386C85F01FD0EBACAB8C1FF561F6B19D13271B192B08C13957ACB62FCBD53,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066435Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.226{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Write-ChocolateySuccess.ps12022-01-20 07:57:33.115 23542300x800000000000000066434Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.226{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Write-ChocolateySuccess.ps1MD5=396DF82B94FED8677F9A8FC95FE00460,SHA256=FC4B276B92E7E38FCB429CA2F5037B21B16C336A60CA9B0147A4977B40EAC4C7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066433Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.226{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Write-ChocolateyFailure.ps12022-01-20 07:57:33.027 23542300x800000000000000066432Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.226{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Write-ChocolateyFailure.ps1MD5=842EA9BC34D7973F3D8B7854654F3CDB,SHA256=16AF7393AC941237358174CDDD96D00E28B694E1C2AEACCAA9125F80877E91B5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066431Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.226{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Update-SessionEnvironment.ps12022-01-20 07:57:32.990 23542300x800000000000000066430Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.226{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Update-SessionEnvironment.ps1MD5=CCE4820A494541D9677D68AA3DB087E5,SHA256=205BB514A11F6E7089BF01BE5B363C81B89D5DC996AC481A3A83C2739E0B5120,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066429Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.210{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\UnInstall-ChocolateyZipPackage.ps12022-01-20 07:57:32.928 23542300x800000000000000066428Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.210{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\UnInstall-ChocolateyZipPackage.ps1MD5=934230A9C38CED23EAD2CAC3C1C015AA,SHA256=39B89C19C4E61C0BAFB2AB86A99DC8CCC64BCE335F09FD63CC51695505E8A326,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066427Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.210{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Uninstall-ChocolateyPackage.ps12022-01-20 07:57:32.852 23542300x800000000000000066426Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.210{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Uninstall-ChocolateyPackage.ps1MD5=542686F00E1278F76FACC6FBB049495A,SHA256=98EC99E8DA28BDD52185AF6A4CF224579E17A885C6776F577CABF68FE94F73CE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066425Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.210{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Uninstall-ChocolateyEnvironmentVariable.ps12022-01-20 07:57:32.755 23542300x800000000000000066424Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.210{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Uninstall-ChocolateyEnvironmentVariable.ps1MD5=7D26FBB01FF0BAC9E659E4A5EAD6BB5E,SHA256=45406E537CEB77CE61B4F5D4989ED3DABFDC76376299FA63EBD6C5948D88B935,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066423Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.210{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Uninstall-BinFile.ps12022-01-20 07:57:32.677 23542300x800000000000000066422Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.210{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Uninstall-BinFile.ps1MD5=B81FC37BAAD2CB4CDDA7F7CAA015A514,SHA256=A87B5270540D1D079E3751F07372FE1A6A62D7BDA15FD5F2EC32E93277158DEA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066421Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.210{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Test-ProcessAdminRights.ps12022-01-20 07:57:32.568 23542300x800000000000000066420Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.210{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Test-ProcessAdminRights.ps1MD5=DF88F4C032AEB6AE0CB85D0A8EF8EA4D,SHA256=BD8C5C8FB64FE0746C65512012243F2EDCF039655F53B241765561C058D3EC7F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066419Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.207{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Start-ChocolateyProcessAsAdmin.ps12022-01-20 07:57:32.443 23542300x800000000000000066418Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.206{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Start-ChocolateyProcessAsAdmin.ps1MD5=BA3E4A27766035EA6D21F9B4865800FF,SHA256=898DE27755B037315348F16DC55BC5B89C82D0716B069919B91E34C072EA8856,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066417Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.206{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190911-053152-00000003-ffffffff.binMD5=1045C55626938A602BF448C043B53CF0,SHA256=8168E9221A61F82682D2606B8EE102FE79821D855E951455D2085A556C2B9FF8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066416Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.204{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190906-081209-00000003-ffffffff.binMD5=7230B4FF84237BF96269C96E78DC28DC,SHA256=004AC6C8BB593148B329E6F90A048376B3C9775979D53C75FECCA75F2B8407D1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066415Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.189{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Set-PowerShellExitCode.ps12022-01-20 07:57:32.272 23542300x800000000000000066414Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.189{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Set-PowerShellExitCode.ps1MD5=25530737F3992DB93E085FB98843DFB3,SHA256=01D85951493B9A5FE9C76F936C9632F5A4BB35887E9CA4B77E14EB7DEB55E0B2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066413Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.189{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190906-065202-00000003-ffffffff.binMD5=C880432A4A1A61AE8CBB493D18AC9AC3,SHA256=212874C7AC0C8F5E271AB4A3137F6CF13531A75DE4ADB8DD529DE175C0B64382,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066412Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.189{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Set-EnvironmentVariable.ps12022-01-20 07:57:32.130 23542300x800000000000000066411Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.189{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Set-EnvironmentVariable.ps1MD5=01C4BE6A0BB6BD95CD5FF520DAB48788,SHA256=7C240CC80DDBBEEB4B5B269154AADD5869811089FAE03702DB2E8BE93893C3CF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066410Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.189{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190906-060330-00000003-ffffffff.binMD5=AA4FEDE2BDF8EEF457A6D78C3EF0F40E,SHA256=B6E549BCDBEBD64200EF1566B82D1EB5BF3048A9D1E89E2B93C297AD6796496E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066409Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.189{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-Vsix.ps12022-01-20 07:57:32.083 23542300x800000000000000066408Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.189{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-Vsix.ps1MD5=BF61C3C967452618E39D585F77B48306,SHA256=95326819F9C33658403DFA1705CAD3C589EAB27F92F1D53D14B35B147578E8A0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066407Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.189{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-ChocolateyZipPackage.ps12022-01-20 07:57:32.052 23542300x800000000000000066406Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.173{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-ChocolateyZipPackage.ps1MD5=3C7F2133497A2FB740F52A533DA4C1D8,SHA256=349C3223B95731F16F3178836B24DA532C95A104C2C5FC0A67FA4C6FF7F19BFA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066405Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.173{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-ChocolateyVsixPackage.ps12022-01-20 07:57:32.037 23542300x800000000000000066404Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.173{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-ChocolateyVsixPackage.ps1MD5=394648A4653149F0D832AFF346360C91,SHA256=10BC42DCA5180F5F946610A34D3F28B6E86EAFB819151170B9DAE8E1AE99241A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066403Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.173{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-ChocolateyShortcut.ps12022-01-20 07:57:31.958 23542300x800000000000000066402Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.173{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-ChocolateyShortcut.ps1MD5=3578FB22B5B729ADE1F829FAABA1DBA2,SHA256=6E73CD38F30F10846A6291EE046CA23CCCCD0CD393FBFF3C8563D8B80E24CC66,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066401Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.173{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-ChocolateyPowershellCommand.ps12022-01-20 07:57:31.943 23542300x800000000000000066400Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.173{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-ChocolateyPowershellCommand.ps1MD5=3FF63D56791BF602D491E4D64DD345E0,SHA256=12BBD956B13589B8FAE6AE47AB1642CA5CFBADD5E6DA71BCB09AD2C79B0A7004,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066399Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.157{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-ChocolateyPinnedTaskBarItem.ps12022-01-20 07:57:31.880 23542300x800000000000000066398Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.157{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-ChocolateyPinnedTaskBarItem.ps1MD5=416A32CB052F58D2BECB09A9AE5BAA2A,SHA256=1BD4567ED88BA21A09EED1D64F7952D50B3522BF9B5E2F3A1978861ADC9E4AE2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066397Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.157{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-ChocolateyPath.ps12022-01-20 07:57:31.818 23542300x800000000000000066396Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.157{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-ChocolateyPath.ps1MD5=09FFE4BF0D109FFE3F80570AAC9901D5,SHA256=E0D699D357D3D4ADA512D89C6659F283F0C515FFC1FE40E7F4B0C78ADB1726EC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066395Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.157{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190906-060112-00000003-ffffffff.binMD5=CBCC9A43F3281259333070D70E1B5E89,SHA256=DABBD49F194A478E60386F7CFA4B7F98C6FAEE4780989E648244AC4006F058C3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066394Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.157{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-ChocolateyPackage.ps12022-01-20 07:57:31.771 23542300x800000000000000066393Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.157{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-ChocolateyPackage.ps1MD5=4D7E1E1A57B1342FB3D039202024FAF3,SHA256=25B44C8928CB988CB29E551A3184B0ED892359029079F1CF7AB8A39A11C6A354,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066392Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.157{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-ChocolateyInstallPackage.ps12022-01-20 07:57:31.677 23542300x800000000000000066391Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.157{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-ChocolateyInstallPackage.ps1MD5=311BA8A805B19E260094662C98C22396,SHA256=016B7378112B7FC53A45A989C06ACEC8CD73A0F4ACFB02F7EE68D90F5E32A495,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066390Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.157{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190906-055150-00000003-ffffffff.binMD5=B4F588CB7D2227CBE797E64CFCE292CA,SHA256=76E8F38B2218E00597FA5695FB3375D8201CBDE114C525ADF58CF4EC8AF7047C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066389Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.142{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-ChocolateyFileAssociation.ps12022-01-20 07:57:31.615 23542300x800000000000000066388Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.142{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-ChocolateyFileAssociation.ps1MD5=A49E49BE1AAFB202679D37BB0FD9CAED,SHA256=26CB96BA6747BFB776ED4D05A553299DE11745DB0EC09086E78E36DE341209D8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066387Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.142{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190906-053246-00000003-ffffffff.binMD5=377BD87F135BA927A835A512787E3F1F,SHA256=D6CEA42557A05306136A0BF5B6EDA838A23CD4C41FBDC5866BDC63F8AAFE3447,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066386Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.142{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-ChocolateyExplorerMenuItem.ps12022-01-20 07:57:31.521 23542300x800000000000000066385Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.142{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-ChocolateyExplorerMenuItem.ps1MD5=50618AD8C208FD4A408E75BE4C368E35,SHA256=41380C9441FD6D63448DEC24ACAB15D52664F712B831AA188BF2FF64FA9B6AEF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066384Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.142{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-ChocolateyEnvironmentVariable.ps12022-01-20 07:57:31.492 23542300x800000000000000066383Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.142{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-ChocolateyEnvironmentVariable.ps1MD5=5CF8FADFCA698C4292CC4CE6649A1C87,SHA256=99D9A66976BF4A10021215FAD6E8E5837102B9B6410DFDEAD3637F67B6B4B4CB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066382Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.126{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190906-052848-00000003-ffffffff.binMD5=A35F7ADF97C1B703B9434ECA6579EDA3,SHA256=492E92CC60820568FE386F17A88CC34D56B60D834C05BA05483E6EC3672B4AAA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066381Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.126{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-ChocolateyDesktopLink.ps12022-01-20 07:57:31.474 23542300x800000000000000066380Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.126{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-ChocolateyDesktopLink.ps1MD5=C912017E2BEBBDE65BDA624677B93DB5,SHA256=32C28ADFBAAE1638F2A0422B5263555798BA5C632ACBAD2FFBBE9AE0297FC2EF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066379Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.126{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190906-052800-00000003-ffffffff.binMD5=9F398C8CA433ACAECAF251F13F21053E,SHA256=C1570B6E892E00BEA33D7EE4803BB9EA4F741F20211F3248F2E2ACF1C4E87643,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066378Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.126{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-BinFile.ps12022-01-20 07:57:31.443 23542300x800000000000000066377Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.126{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Install-BinFile.ps1MD5=D1AA15E96F52B3E81046DE2A605013F8,SHA256=7AE1E73141FFC327F9F59051424D065100C2218744DF100FE250C576360EF4BA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066376Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.126{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190612-072731-00000003-ffffffff.binMD5=59314BB0DC871FE467DD13E95BCF0205,SHA256=66AC76D9E2A5C1A594BF22996D9861A5BC32819AEF1BECFFD4BAF15CD5447C2E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066375Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.126{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-WebHeaders.ps12022-01-20 07:57:31.397 23542300x800000000000000066374Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.126{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-WebHeaders.ps1MD5=DEDDBA6A115558CF341724633DEED2A5,SHA256=602E71D3FEF117DD4C9E3BABF3E27AA56726D4CA04E9157E4E48405D45C18F38,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066373Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.110{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190612-072408-00000003-ffffffff.binMD5=DA3EF8B007B8A0B2BDB638EEEFEF9D6F,SHA256=ED4DFA4643A813E508358871D29854026D7D983E473A4E636595E6A242B52884,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066372Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.110{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-WebFileName.ps12022-01-20 07:57:31.349 23542300x800000000000000066371Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.110{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-WebFileName.ps1MD5=534154189CD09FF5198E28AA4D43D24A,SHA256=452FA7029D7817DCC488478B41F353C60ECC699C0EB17136DEA47EB63B91BC80,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066370Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.110{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-WebFile.ps12022-01-20 07:57:31.318 23542300x800000000000000066369Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.110{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190612-065846-00000003-ffffffff.binMD5=CBC574D15E3FE85A6B72B5A0C1A0D55F,SHA256=85727FA013806D83FA374E93AD7135B67B7286991C02C95E730AA20E1AC5F2A1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066368Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.110{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-WebFile.ps1MD5=D0A33924A6C227053A3593CAB0BD2A9B,SHA256=044BC082595EC019D797E982C83239B2768F90CE7D90BFFD301D67479AFAC474,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066367Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.110{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-VirusCheckValid.ps12022-01-20 07:57:31.271 23542300x800000000000000066366Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.110{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-VirusCheckValid.ps1MD5=0A2F86A75251B2BAA2C7CF4DD58B1C32,SHA256=BADDCBF865A8F6B75B4B3EF218579AC5D7069BD29DFDF643C81752C4DFC5A62E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066365Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.110{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190612-065651-00000003-ffffffff.binMD5=2E8C456247CE247B5308BCACC18CEF41,SHA256=CBBC2CBC8474B8CB905615CA6D8A2AE0AB6219461522F14A932CA58FE2025502,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066364Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.110{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-UninstallRegistryKey.ps12022-01-20 07:57:31.240 23542300x800000000000000066363Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.110{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-UninstallRegistryKey.ps1MD5=13C3AF149CA092B7CDA4E5CC7A1CF2E1,SHA256=A5E7DE42D3EC3ABB6B033C55511F4776CED913119679D9F80C787EE98FDE3895,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066362Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.110{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190612-065647-00000003-ffffffff.binMD5=F5C8E103F45C80486B2F0C4CF8790CD7,SHA256=BE09090893194858549F1427B3B2949B9AB0C651E004D024BF0D627D3F634646,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066361Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.109{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190612-065527-00000003-ffffffff.binMD5=86CE1E16904831563D4D652A505EFBA1,SHA256=C1F5FA16D188F881C3D7BA5872F4CDD92C2446D4644AC267B54A54847A60340C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066360Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.109{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-UACEnabled.ps12022-01-20 07:57:31.208 23542300x800000000000000066359Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.108{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-UACEnabled.ps1MD5=189FDA072780A91E3CB414776B9D8670,SHA256=BA392FE3C933B0CB49056CD590CA26D7FC5E2A6142E98E90744F5E35ED395BB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066358Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.088{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190612-060407-00000003-ffffffff.binMD5=DA03F5564C96E7BD6C4E93FFCF2DF36C,SHA256=41B270AD899AAF5DAC2AAC4B9B438489608AF6C9133506481E8744F8E1D1305A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066357Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.088{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-ToolsLocation.ps12022-01-20 07:57:31.177 23542300x800000000000000066356Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.088{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-ToolsLocation.ps1MD5=616D9796792AA2EBA3B5D7564B950960,SHA256=A3A11A76354C987DD64CEBBAE6FE82109787BB911C21FB53D6DD52FC7B4F2548,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066355Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.088{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-PackageParameters.ps12022-01-20 07:57:31.130 23542300x800000000000000066354Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.088{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-PackageParameters.ps1MD5=A2581ED300A6C274D9677CBE28924AF9,SHA256=7525B50BE87F33E5B4B4AD80815B8499F8F739A3DA65E0368D4983EAC8141F27,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066353Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.088{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-OSArchitectureWidth.ps12022-01-20 07:57:31.084 23542300x800000000000000066352Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.088{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-OSArchitectureWidth.ps1MD5=DAA3937489D746D652F25AE0C109AB61,SHA256=D2B24A83AB5622323DBD11877FAC2121A4A2C6C127776F2291D8BFD7B466D657,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066351Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.088{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-FtpFile.ps12022-01-20 07:57:31.068 23542300x800000000000000066350Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.088{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-FtpFile.ps1MD5=6EFDF76D649608583A335F34C757BFE1,SHA256=B717C062632079A356D11361B9C7C74780176C365E60882943DA97205DB7AEC2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066349Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.073{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-EnvironmentVariableNames.ps12022-01-20 07:57:31.037 23542300x800000000000000066348Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.073{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-EnvironmentVariableNames.ps1MD5=320258D02C301888426451E01EC81733,SHA256=2FC7075256503D8F299CE28CB39CCC1E3F260E8B49BE27D72ED28DD4C89E30FB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066347Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.073{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190612-060139-00000003-ffffffff.binMD5=719D0A190C3625333CB0B9F73A855ED6,SHA256=B6C3236B47FAF352AF3A7CC992CC5E590E8A00BE654713F94474894BF695CEA1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066346Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.073{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-EnvironmentVariable.ps12022-01-20 07:57:31.005 23542300x800000000000000066345Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.073{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-EnvironmentVariable.ps1MD5=4105D6B2C1F76F5666EF99BC59D2081D,SHA256=86C000A5900926D3799F7F5F32534A75555B81269D29FE6BF58E59FBAA193572,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066344Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.073{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-ChocolateyWebFile.ps12022-01-20 07:57:30.990 23542300x800000000000000066343Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.073{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-ChocolateyWebFile.ps1MD5=FB6E847C9C67256DBC7CFA10F816F78C,SHA256=BC12EF4C021FC6B9AF3C89F9E58185ADF3FA16BD3CAA95C49E425E1505917BB1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066342Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.057{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-ChocolateyUnzip.ps12022-01-20 07:57:30.958 23542300x800000000000000066341Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.057{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-ChocolateyUnzip.ps1MD5=1F6D0085FF8F98E6ABFEEFA690058200,SHA256=F5C7414F097EE2CF09C1A7C67A99AA4C001DACAC1172710E5F20C772C33986CA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066340Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.057{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-CheckSumValid.ps12022-01-20 07:57:30.912 23542300x800000000000000066339Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.057{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Get-CheckSumValid.ps1MD5=1C4B1E1AC038CEA237150FBB2EB003C4,SHA256=C1056774E29B0B75D696298129005D54B275B580710B7AE0A2E2E0EF63012B18,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066338Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.057{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Format-FileSize.ps12022-01-20 07:57:30.865 23542300x800000000000000066337Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.057{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\functions\Format-FileSize.ps1MD5=A0A9D3BE99356AE4B73EB2E52B32102A,SHA256=778D6FAF6560135C171098F552DC971BBC0131139A009C319EA919B1128AC234,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066336Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.042{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\ChocolateyTabExpansion.ps12022-01-20 07:57:30.802 23542300x800000000000000066335Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.042{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\ChocolateyTabExpansion.ps1MD5=F563BBCE2A9B2A76DD5AC14B6979EBB1,SHA256=06DC601B5B7A2F7ABE735C1DAA93229B00F84C75112315F1BC78E15F154DB2C7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066334Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.042{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\chocolateyScriptRunner.ps12022-01-20 07:57:30.755 23542300x800000000000000066333Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.042{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\helpers\chocolateyScriptRunner.ps1MD5=D799AC0A52B5DEA97181BB1E5D529731,SHA256=9DE532F5A5788A87ACB5ECC6CF5407C48DB71435BE824639D99BAB56965E4D14,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066332Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.026{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\CREDITS.txt2022-01-20 07:57:30.396 23542300x800000000000000066331Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.026{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\tools\chocolateyInstall\CREDITS.txtMD5=1A5DEC162C3368C44BA15200E085F6A2,SHA256=E19447F8A69E23B25816FBC008BBAB8F59A1DF8C3D2EB030F5A7DA3AEDE7D9AF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066330Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.010{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\chocolatey\chocoInstall\chocolatey.zipMD5=29A10436100F352F902188B2A1109B2C,SHA256=4E649057C66EC7539A699CC9CE5A546D1ACD0572A3535716F05A42CBC349B632,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066329Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:12.005{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20190612-055144-00000003-ffffffff.binMD5=D1B0F1ACFF5D1C14BFA7116B8E070E48,SHA256=EF2D40AA643BCE3521466B8945C9529D2FE6B24C6B91B446E71D4C7307B1001F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000031966Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:11.844{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51393-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031965Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:13.221{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D34C2CC19072B8E0A8778478468E317,SHA256=2831E2577D90BF9AB415553F055B10843715422A5BBCDACDE5D1073D55D1C78F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066707Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.939{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210414-025900-00000003-ffffffff.binMD5=8F365BB41371947C12BB4CD2C3799C0B,SHA256=164B215878BBDBAA80356BDD07496A337F2565E3B4532E40DF8E90B286F61482,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066706Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.885{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210414-025516-00000003-ffffffff.binMD5=C0FD2E101E6CEBAE8B32CE40E32BB2C2,SHA256=E3249391F01E66986889740A79A37E6DA322BF53EE49A45DB0960292C86866CA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066705Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.881{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210414-025347-00000003-ffffffff.binMD5=D296F6DED2D287CCAB1054D45E221815,SHA256=AB015183AC13F8F2654A7E29B63ACF99E0CF893DF8E66C3BD898FB58D43D8526,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066704Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.872{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210310-201821-00000003-ffffffff.binMD5=BD67C5E34F8E778CB75F234DC9A7ABD9,SHA256=419C427F13E32A1D08B53C978E87B7F457BF5FFABE7DE3E5A3D42D6DECDC8E68,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066703Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.819{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210310-201632-00000003-ffffffff.binMD5=228B6458B7196C68760A78FF8F76913D,SHA256=5C70E358E85888B62CEC1E33A26827C18CEC7766426AD142804570DC4FA33B5C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066702Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.813{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210310-193846-00000003-ffffffff.binMD5=DAFF6C9262B765A57DED596E6911105D,SHA256=03EBFB3115A189BF17BA46D320AD75369B81BCFA236A300D3E2B467D0C5C1659,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066701Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.804{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA52E0B0BA54E8C2F63CA73DC873206B,SHA256=11F447AF8066DE1C2354C1873A27AE8D013337FB23EDB262D8CAEB1A9FBFBB75,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066700Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.787{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210310-193641-00000003-ffffffff.binMD5=6EB2F6E51D98C0EDEB7DE13C91D2697A,SHA256=BB0E05A28CFDD2DE82614CBE433C188B2D3FCC7FD1BBD3D0B578E334850A032C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066699Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.784{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210310-193637-00000003-ffffffff.binMD5=4564C5750A64BDF69271EFFBB863B4B4,SHA256=600ECDB67FD812004DF33792F5538F508664C10E0B7DA058E3ACD4BCCDE09580,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066698Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.781{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210310-193421-00000003-ffffffff.binMD5=8D4521450373CBDA1953C3D83CC1BF4B,SHA256=51B9CD54ABBAFA8032F8827D57425E45C8C51DDCA41F3B32843F72A12D387A24,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066697Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.775{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210310-184855-00000003-ffffffff.binMD5=1F6882792E6D179E925916FBC7415B76,SHA256=75124A41EF810E9A376518F62AD49974E4CDF1A9960F9170C116082C233E6143,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066696Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.771{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210310-184213-00000003-ffffffff.binMD5=7E520BF286B2BD283B0FC609686893CC,SHA256=F877350F650D46AD13656CC7A8B10813DD465A03CE17A2A1F49EF07CD6F6DA62,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066695Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.769{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210310-183819-00000003-ffffffff.binMD5=86F456F22074D96276A655C5F898FB0B,SHA256=0773E57454F41DA859B6DC9773DEB7445AD714955D3A68FFA2E3A184F0DB9B49,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066694Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.763{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210310-182735-00000003-ffffffff.binMD5=CC73E216879EDEAF4CAD4BCD4E8EF0EA,SHA256=B69895DA3C32ECE8C4AE2B8BDDE70D95D95D09A22395EA6BD2255DCBFA852EF7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066693Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.760{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210310-175931-00000003-ffffffff.binMD5=99A03B7126BB60802D538BE0F14058C2,SHA256=8E95B0E7DC0835AE4F7E06FFCB80E53F5A8A1C85D17F2D3F5FDB97240A2EFE67,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066692Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.756{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210310-175411-00000003-ffffffff.binMD5=BEECB6346323DA6325F37C541CAC5046,SHA256=EA9C6DC2706E8ABB5036DDED786C76985ADD5540E23017FD193274DCB97D6324,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066691Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.754{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210310-175236-00000003-ffffffff.binMD5=5B5D57F739A55A16911E2F9A1731AEA6,SHA256=C6ED526B382107EC74A99F6635F0C144AC76E8B31F2ABA3A56FA1D64BF835824,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066690Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.751{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210113-222157-00000003-ffffffff.binMD5=288E58BF6DCEE0FA062A0001D6752F56,SHA256=0F5500CA96BDF00E9DB2445D04B7FF4765F63F2702B23D84B9CBEE52A1401D66,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066689Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.748{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210113-221940-00000003-ffffffff.binMD5=7246823433B8007B39AD7BC7A0E22C0A,SHA256=5D4833B6C49F0895DA72A61772C38A4002C92D33CBD525AB17EAF4746A977213,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066688Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.745{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210113-214306-00000003-ffffffff.binMD5=0237819F7E49FDCF979886921C71BD4B,SHA256=18FC8E938F12273CDE307F733907154C9B6D695E831932FB542F4D33592B7882,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066687Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.695{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210113-205948-00000003-ffffffff.binMD5=EDD9CC54FB32E9633DB27B3D2EBF25A9,SHA256=71363B07BC16A28B57D730B6BA39C2E130C24518F75BA2AC23400215AA38E67F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066686Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.566{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210113-205621-00000003-ffffffff.binMD5=99946089FE843AC2E7D5AD1800ECC3EE,SHA256=04675F18B97C2D5800907C633D4D4BF8D38F7211F827835A6E37843585DACD5A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066685Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.562{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210113-204558-00000003-ffffffff.binMD5=0FD47F88B872D31732BA1E14F9753C27,SHA256=621D1FF460EB6F8ACA88DD8447622C59111314EEEC679ABB0D06D20D4486B0E0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066684Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.554{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210113-202011-00000003-ffffffff.binMD5=5E202227CAC71F2F5D28B6085196376F,SHA256=0BA0C1F8F48B59046019BF633D71EDF3745F536A56D42C118E42FEDD8D0B3204,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066683Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.547{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210113-201449-00000003-ffffffff.binMD5=B29FA0A0E01DA0E25EC630A2B72664DC,SHA256=D59E6A6A8D6FE32F613A32444DC61A3E4BD0016CCD87AC059955357BE4681951,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066682Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.525{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210113-201324-00000003-ffffffff.binMD5=FEFD2EA418BF3F84D50A09EF877A9923,SHA256=A571B6C59C53399A63B0A5925DFFCFF7C07CE90B1D13074F1F60A80DB3B5F0C5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066681Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.525{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201209-071552-00000003-ffffffff.binMD5=8A532C7530D8CBCD98C92B66E719ABE8,SHA256=35289C6A6FC6F867AAC64BDCEC6657A510FD9328BEA09E7752826FA8A82CC8EE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066680Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.507{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201209-071330-00000003-ffffffff.binMD5=69CAD266C1063FD99E4AD70B3852F199,SHA256=BDC86F9AC1C7B070934A432AE56A92D4ACC79704128DC6EB7D3962ADAFCFF385,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066679Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.507{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201209-064254-00000003-ffffffff.binMD5=93C172E5775FA93C3D912E1603F69C1A,SHA256=71478C6E120AC415BA04011D542C767EC884F1424188F0E2A6F84464FE9FD0C9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066678Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.507{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201209-062638-00000003-ffffffff.binMD5=DF9AF6D0DDEC51ACD4013D18E58A7A9B,SHA256=08438A0A8B768D1E0D7FB6B568C3EBCBEC34FB86FE1D8448D413ADBF7F74989A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066677Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.491{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201209-062634-00000003-ffffffff.binMD5=A6D380E4EA612B29A063777950ADE9C3,SHA256=8E3F8EE5228EDF30FC22BEE1D79538AD2805962D84A0981B877C811ECBB6F381,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066676Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.491{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201209-060549-00000003-ffffffff.binMD5=AF90CBF33F9D16DEC0164040ED712677,SHA256=0DC3C0EE859118F5F8ABE96AE7D36EF59D9857606053D25664F516D2911E4807,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066675Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.491{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201209-060218-00000003-ffffffff.binMD5=304F50475D888930354C278B57C65FD9,SHA256=61813B1354EE9CBAA51855FDB2543148827BE42EAC2532DC2EE49F7573749919,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066674Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.491{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201209-055153-00000003-ffffffff.binMD5=DE564A0BB551C85D86F4AE28417BF908,SHA256=F73EE57168474BBD8E564117A3F7CAA57F2FD5B5FB83EDE9512FA43B125D4E68,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066673Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.491{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201209-052547-00000003-ffffffff.binMD5=981E1AE2703D4F51E3797FD77805858E,SHA256=73EA9B86C89384C3605AA5CCA9B20737E240FCDD65203D0610AA1FAD8A9BC38E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066672Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.476{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201209-052154-00000003-ffffffff.binMD5=436DF1B6A781DC52AD0CAB4C5AC6F682,SHA256=DA885E308721A6A4B445338A6E608B31FA0A09B2A0220B07154239EF3675FF75,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066671Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.476{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201209-052030-00000003-ffffffff.binMD5=98AB82D4175AAAEF358DEE5986C643AF,SHA256=C5C0FCE235A8208FF89E2DBEF33E59A304979F41189B14C83DC26C5CEA93CB46,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066670Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.476{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201111-053800-00000003-ffffffff.binMD5=FD0ED24E38158B67DCF5ADB4EA08EC90,SHA256=4319A4C594D366C4F8E44F96CCEA8E128E45988C7B6CAF0E298034CDBD6E170C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066669Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.476{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201111-053551-00000003-ffffffff.binMD5=ACCC7F04BBB8066AA6634AF077FC9E7D,SHA256=5E0E6E1EE293EC8645CEFDE238DDA26F1665A4955F1551B1B76109D2F2B5B580,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066668Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.460{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201111-050239-00000003-ffffffff.binMD5=444073185DF3CF7B6556FF6B7ABB4B55,SHA256=D2E20C11DA3D27592765AEE6A225F244C262FDCDAABE429E6CD7060B515F17C3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066667Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.460{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201111-044454-00000003-ffffffff.binMD5=B709E92DE0C2E82FA3A8A698A12DE3EC,SHA256=C23D606AD8EE3E58F723495BFAA19E5D5518FB5F627DFF7B651A921141FABFE6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066666Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.460{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201111-044451-00000003-ffffffff.binMD5=06DA7D48EE5329352DB3FC55CAEBB290,SHA256=6654B66A652F8DE638842137A195AF44BA0F8736BC850C421BD09FE39FF28FE5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066665Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.460{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201111-042433-00000003-ffffffff.binMD5=03ACD6B8CD56B2711958C11FF8BBBBFF,SHA256=10C6CB3611F52FCB785C0724B6880E006D48CC6D2BFB98FDFA8610797032C140,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066664Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.444{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201111-042113-00000003-ffffffff.binMD5=B71B389B003D3868282EA57F2A5550B7,SHA256=24BA6D2E28D1870B2B26EC980AC7A6AA0D9AD78E3D557203C9E569FACF2F79F9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066663Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.444{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201111-041100-00000003-ffffffff.binMD5=5ED3991F4197CC171E15E3926601505B,SHA256=143C179C836BF4C060ADCE98834B0B60213BEF6F55C54AD6B24BFF65B78A91AB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066662Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.444{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201111-034505-00000003-ffffffff.binMD5=EC68BD22D85CA4170C297C6A3213516A,SHA256=4F0960AEF8AAD3E96D86C75BE559C211DC60D244414D5A2D971232B9151AF03A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066661Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.431{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201111-033939-00000003-ffffffff.binMD5=3A61A3FBA7285B74875C5170F073ABF1,SHA256=4428E8A185C1FAF5F1F5F0CEC527C4D08BDE9E05ED1CB07F1A97108AC2E22583,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066660Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.423{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201111-033830-00000003-ffffffff.binMD5=8639719E629ACDCCB4A0C50CE095025A,SHA256=E06DF4103EB28E57652C31BB8431AE38353BAFADD4874707244483DB3E93A064,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066659Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.420{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201014-043515-00000003-ffffffff.binMD5=7191C4C914F9E19A9920B1B6C87EF472,SHA256=62B86C02B8D505AB0620D8B42B0F802A003E08AF4095D8089AF3056C57CF3E89,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066658Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.414{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201014-043259-00000003-ffffffff.binMD5=1D059CBBFFCFAD16369E72D6E7CD8784,SHA256=38F45A14727184847C0B430980829E9025A05FDF97A1852DCA235024D332B29B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066657Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.410{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201014-040315-00000003-ffffffff.binMD5=5E92F6B6E16FEDF40A4024AA901801D7,SHA256=22C16687B95DB769AD04A11431C607FA0D8BB486058833EDCDD289FE244B74A9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066656Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.404{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201014-034712-00000003-ffffffff.binMD5=DC126A964504E64E70D0069B8F595D03,SHA256=25926A8FBA9353A93E2CAD4B96DDE5DFC9C18134D484CEB5358D27842936E649,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066655Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.398{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201014-034708-00000003-ffffffff.binMD5=00C152132E0FB444D8D4170F0109525B,SHA256=49F46476B0ACE69FEDC15F00A685F79AED0D473930AA1531AC53A6E815289EC5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066654Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.392{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201014-032750-00000003-ffffffff.binMD5=039B45723B8A9703E7603BB36F7CAA78,SHA256=8004939B2B58C072B70F7AEB5BBD987FDF106BD1AC97C568A907BBAB4DC1ABF7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066653Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.385{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201014-032430-00000003-ffffffff.binMD5=276CDC9804CDE76C6C89A8938366F13F,SHA256=76B80E9B8DDF9A74C333F6012B81C89F9B5420F7874EF67B978E9A7C62FED618,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066652Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.382{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201014-031417-00000003-ffffffff.binMD5=113D8983ADC80E81BB70662B442A0882,SHA256=B411AD66226DCC506CE76C0FD4E89151D7BD929C4462F2399B24FE4D395A3D15,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066651Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.377{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201014-024905-00000003-ffffffff.binMD5=F8A99526ABB808EFFFFF2C782F7BBADA,SHA256=54D429FE27F3ACA6D0107DD6D124CC9A1F38A0B332BB9714053D96D39C8E05D6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066650Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDownloads2022-01-20 10:39:13.354{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\Downloads\dnSpy-net-win32.zip2022-01-20 08:53:44.245 23542300x800000000000000066649Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.343{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201014-024504-00000003-ffffffff.binMD5=35587064571648637B936BE5129219F2,SHA256=416955BA4B469D0700B8A0CD7F45E801D1619CD08D51B159F937C2A85D3F4FF1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066648Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.342{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\Downloads\dnSpy-net-win32.zipMD5=F6FE2BD46F091E4C7494F8DF876D6C9D,SHA256=3CB7340B5B0B250A5B8D6CBF45BEE4355BE09C9A4D4FE2B2FAC9ABD5C7B95EFD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066647Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.337{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20201014-024353-00000003-ffffffff.binMD5=80BA8A3A5026E6CCA2BABE9DAAB9448C,SHA256=C435C667BD6264A4601E6D1D12C158671EFB46D0A823D57051A6DF13C8E51BE5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066646Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.334{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200909-052606-00000003-ffffffff.binMD5=A64D7F8127DC50927238A3062341369B,SHA256=FEE367FCC8D8291F6231B0A542F93BF4C11FD539CD8DC58247DAD5EF255F3FA1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066645Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.287{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200909-052352-00000003-ffffffff.binMD5=D3102226B44D5929FFD11A1484EA0171,SHA256=BF9C6088E275C9F9EEA98963E42C669FD9D82146D56DB5250BE27E9EFA81D783,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066644Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.283{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200909-045225-00000003-ffffffff.binMD5=F1F31E1CBC2C72D97167AD35F4433150,SHA256=CD93A1CD8BE52902B66F0BFCF5A5EBFF26388D29A5F9F055AA54D805F24B8193,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066643Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.275{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200909-043408-00000003-ffffffff.binMD5=C25C44948588F2331895770DFC9923BA,SHA256=C52A880696CC364406FE092AB1AAC2F18585AA7E7719229213C765DFA80B020B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066642Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.272{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200909-043405-00000003-ffffffff.binMD5=ECA280A0465A0B29CA78294383E8F5A7,SHA256=88B3FD26AD24EE7776595ED0DE6272151542DDBC57D9127F79E84159DFCC05EB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066641Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.270{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200909-041926-00000003-ffffffff.binMD5=81C9DD40DCAD175BC94F17066E9F8621,SHA256=3638093B0392686D3473AB0E306633938DC7A6AC1B975DA2214B209D5710B476,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066640Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.264{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200909-041606-00000003-ffffffff.binMD5=BA00011D0BFBE8FC3D37F8181E73986D,SHA256=4EA822EF954D6A7F13A75F263783B301C0873E5490687C03E8A5F310532AD16B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066639Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.261{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200909-040557-00000003-ffffffff.binMD5=1832399ECCEB4D77EC433D6DB664B546,SHA256=94A3E1BB34B62587E71803E503D85ED6D26053DC3143DA57B127E85EF2CA8154,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066638Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.236{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6AB19A9EEE9D2CF57929A2F0AD773D76,SHA256=DC36441E7F5084B410FB13222D9BEF7559038FE52DC17D5EA79D14D940E3FCF8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066637Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.203{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200909-033859-00000003-ffffffff.binMD5=B0F8E64A0FCEB284CE1336DFA3C3A854,SHA256=6F10D08E5FCDF024393616FFED0B961514DC37CB527643F50E2808D3D67E8F6E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066636Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.198{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200909-033453-00000003-ffffffff.binMD5=4AD54EA7BD4D25B9B12173F9E482B386,SHA256=A407E90DD9BB35489BB3CB9ABC8D1C027E59A732FDCECE217B99BD2BF20F638A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066635Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.193{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200909-033343-00000003-ffffffff.binMD5=3B533010D4DCF8554E2C6B02C7126307,SHA256=36E5C102AB908D124392AD6986C36E0F0282712119E14CB3961C027B8A15771B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066634Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.151{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200812-043508-00000003-ffffffff.binMD5=457607B66D9455D0312EFF1D6F9B909A,SHA256=FCBECEBD6EBE80622E81ED3068A7AFEAB06E65F91336EF2DCDA9DCF6EFD72CA0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066633Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.143{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200812-043306-00000003-ffffffff.binMD5=26F73BE4BEE7B9E6D7D0CE587C0239B3,SHA256=A97869C7222AD99D8C31217C83BFBB15DF6E6458742018845F90982B7A85FDD4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066632Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.137{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200812-040028-00000003-ffffffff.binMD5=3F4B878D599DD984187742284BC768A3,SHA256=D7B44B71A9A8D8C7CFDEA2589B58CF266A3B21809F0C5EC52A40627120DE3D66,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066631Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.116{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200812-034327-00000003-ffffffff.binMD5=2ABB79B3330050E4B03DF31932398225,SHA256=B9C92D4A2344FA742F4E8E079548E42B75AF00F80E90EF9F69C00F858A86B45D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066630Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.108{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200812-034323-00000003-ffffffff.binMD5=C4CC921F0E353EC27871B60D72E94439,SHA256=6B6B6E0E4EFFFDC6D2A700F1779C507A4BAE87CA25F18E6130CE26281A0AF5A9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066629Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.106{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200812-032126-00000003-ffffffff.binMD5=24A91E45916ED995A7B7E5B9F77B6FE3,SHA256=58E855E50B83794B9B0A8508F0BF3BE0F70EEF995F9327EE756019E653EA570B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066628Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.102{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200812-031749-00000003-ffffffff.binMD5=EA675626EE6513AC218244217BAB07A4,SHA256=2F3149E250AD59B3F78296977AA5960A789D37B50711604DC18E9A081729C4A9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066627Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.096{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200812-030723-00000003-ffffffff.binMD5=0CBBA03D16DCE5843AD8FB009347CEF9,SHA256=58942A6249D9CB4EA0B3FF7E7A44F9B184B87188E12F3366FC10E7B7A500662B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066626Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.090{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200812-023720-00000003-ffffffff.binMD5=2E27991CAB3B8B4572D67463B463B0F8,SHA256=798D39EC2A795D2C7C6AA8A7EDB1E3E6A5883292051E7E220E37CC98D1AF835E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066625Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.081{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200812-023600-00000003-ffffffff.binMD5=1BAC4522D19343042E70022017486A51,SHA256=646FE141B4E2F185C65452671318B76639D52CDD2E557FACE934C474FF6356AD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066624Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.080{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200715-072711-00000003-ffffffff.binMD5=81875EF2160115078870CB5E8E3BF978,SHA256=4ECB9C6104DBE40D4C1EF5A8FB38DBC8D35C79F323BF68B74E2F0F5E53E2236E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066623Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.073{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200715-072457-00000003-ffffffff.binMD5=F2091902362CAFA32DBE5E29DD9EC0CD,SHA256=5B03834881518A8D06B7951D01B0982CB0B4353C6B80A5CA122D0F66549EE424,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066622Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.070{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200715-065318-00000003-ffffffff.binMD5=44E416D3425FC92D26DDCBB30C1CFCD9,SHA256=7EB3E1E02CA9697A5FCB43E5201F3F0C65C28F4B87D3F2620F602B8B956A120C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066621Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.066{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200715-063651-00000003-ffffffff.binMD5=13D7F30A10B98D41D85508AFD6DA5D3D,SHA256=1CC640E79A857B3FC8FE6064BD9EF4EDF36428D5731077954898D0093526C17A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066620Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.057{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200715-063647-00000003-ffffffff.binMD5=20D5E6CBF0945ABE9C870B9C5D47A221,SHA256=BA6641DFA227BCC8D07952A2E0426E7A0DAF8F5C2435F546C411B192DAEA1D48,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066619Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.051{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200715-061613-00000003-ffffffff.binMD5=82AC75406446FEE998D7288CEE4E00FA,SHA256=66F4839DBF9F116FA10A3350887A427A1F1E294DCF952746E8FB545AAB0B798C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066618Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.040{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200715-061248-00000003-ffffffff.binMD5=92FF7B7192E9F226B5B4FECF4F331CCA,SHA256=EEB51D9389278FAC4A45EEDC63657DC91A4DE36FE2D76586ADADF3C1D9B7DF00,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066617Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.033{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200715-060235-00000003-ffffffff.binMD5=63763472783EC60814D7CA362BA607AF,SHA256=BE8F6470AEBB1DFAA5144E86B3078DAC6B72C147132A2ED5C322B91795D6F99E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066616Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.025{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200715-053601-00000003-ffffffff.binMD5=64D202E89E6655A5BEC98D04662F51BC,SHA256=8E841E1D292BD8DB98664C657F3B56D2416DBA375BB2BBA224FDB7DF148C33EE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066615Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.012{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200715-053446-00000003-ffffffff.binMD5=FB36BE72F0A2517F36F14D5D4AB286B1,SHA256=BE7185E0208110CAD22C153B6511D0CA66C1F018B338AAA093245225E025B288,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066614Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.007{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20200610-071956-00000003-ffffffff.binMD5=ABB4D8E7D25F51DD4D328591385F549A,SHA256=1B3C9BDA00B7C46F85B73FB498D339CE74B98AD37DECE4A80BEFF99656B9879F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000031967Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:14.268{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=09A3235940C7BC53B37E783506C64DE3,SHA256=A40ECA2451B37880D6398C12560DF4ACECC062FC733BE30F8B5DCE618445C813,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066835Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.964{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210811-041920-00000003-ffffffff.binMD5=FB964DF3BA7EAC86818FC1075778B262,SHA256=718B73D908D7610843D77B65DFDF48DE77F5C4B580CD64AE79316F73353DEB19,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000066834Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:13.353{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52455-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 11241100x800000000000000066833Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:14.911{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db2022-01-20 07:05:18.690 23542300x800000000000000066832Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.911{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.dbMD5=2DD3F3C33E7100EC0D4DBBCA9774B044,SHA256=5A00CC998E0D0285B729964AFD20618CBAECFA7791FECDB843B535491A83AE21,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066831Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:14.895{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000005.db2022-01-20 07:05:18.706 23542300x800000000000000066830Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.895{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000005.dbMD5=88A58035AF9612D7569A626B225390CD,SHA256=BBD78081A3A912A79FEAFBEE927BD71CF03EAE779B8539DC71CC03AD7B28DAF1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066829Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:14.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000004.db2022-01-20 07:05:18.706 23542300x800000000000000066828Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000004.dbMD5=F6EB7486D8E522C14F09AABB4D14989D,SHA256=B64185DF6119B1E2EE635CF00BEB8773ED02A915ECB9215A716AE70FC495469B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066827Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:14.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000012.db2022-01-20 07:05:18.722 23542300x800000000000000066826Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000012.dbMD5=A7F8296CDC5152AB7651B283020EEE4F,SHA256=8A553E97AE3298F7478DF69DF7F5AB092CA144143ED387C935A84306F41DBCFF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066825Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:14.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Caches\{0BDE7B0F-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db2022-01-20 07:05:18.722 23542300x800000000000000066824Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Caches\{0BDE7B0F-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.dbMD5=F3DC4461F59519C68ABD86B979EA9762,SHA256=5896967D61C1C716C98511DCFC267A12749D330E5DEB35ECCB4690DFA756C964,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066823Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:14.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Caches\cversions.3.db2022-01-20 07:05:18.737 23542300x800000000000000066822Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Caches\cversions.3.dbMD5=20B91CA918AB9EAEE12C481C20C52603,SHA256=382C1DC6CE835F6D6102DA19F29A70EF81F74660307FDE7F7F81C5C5D66C9BCE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066821Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:14.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Caches\cversions.1.db2022-01-20 07:05:18.737 23542300x800000000000000066820Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Caches\cversions.1.dbMD5=F7F3CF1A795BDD51C759B68A5E3AB113,SHA256=AAA5132A52363B0AC83C50564B5D325968C7A4E810C60EBB63D05C224858B81B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066819Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.iniMD5=E0FD7E6B4853592AC9AC73DF9D83783F,SHA256=FEEA416E5E5C8AA81416B81FB25132D1C18B010B02663A253338DBDFB066E122,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066818Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.iniMD5=8F91870452433A5555C9D453F714698C,SHA256=1D9DCD07E5FA1748DA3E7E4D57ECA2E88A4C42E4F2CEAD9192E94325C32C2E4F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066817Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:14.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\ActionCenterCache\windows-systemtoast-securityandmaintenance_1_0.png2022-01-20 07:05:18.753 23542300x800000000000000066816Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\ActionCenterCache\windows-systemtoast-securityandmaintenance_1_0.pngMD5=099BA37F81C044F6B2609537FDB7D872,SHA256=8C98C856E4D43F705FF9A5C9A55F92E1885765654912B4C75385C3EA2FDEF4A7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066815Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.795{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210811-041544-00000003-ffffffff.binMD5=0C247E4A1D57F7DAD658DC1E4BEEE44E,SHA256=382DC08882D5941158E1663F2E0C56855DBF9B11AA293C7B3FD92473CF8C010E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066814Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.795{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210811-040508-00000003-ffffffff.binMD5=34B1615604C163A115388882F73B42ED,SHA256=8009FC48781049C41E01E9AE80C33DE3E5BAC6CCF2B149AA1B80EC21FA81AB1B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066813Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.795{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210811-033821-00000003-ffffffff.binMD5=36ABDF7799D1013E83D240935CDAB846,SHA256=7950B0900A5F373D60DE6FD9A2BF3FF73BB43DECF84237F76E59E9ADF73DCB34,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066812Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.748{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210811-033315-00000003-ffffffff.binMD5=3B203E10329C104589D7D51D68DCECEB,SHA256=0919FFCD075A88EE5A414F9F3CE6D28443DA790048DFFAF4D532ED176870A7F4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066811Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.745{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210811-033149-00000003-ffffffff.binMD5=445756BADB6941128B895DF05BFD7383,SHA256=5A6F4CD4D6636742107BC1392DFE502565EF048E2820E85CCF0338FDCF6777EB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066810Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.742{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210714-050939-00000003-ffffffff.binMD5=B58B8005F63BAF11B3ADA6C7122943F9,SHA256=CC805F9FC4E81367BA55080B890A2BC51B4B699E103521B9F899FCF9534CD414,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066809Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.726{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210714-050707-00000003-ffffffff.binMD5=7A0ABE639568561BB61BDF5DE0958F65,SHA256=5338F7FCA69A402D0C4938F93E5F35F07DA64F0D18CA85C6F5A662F53F79DE0F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066808Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.726{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210714-050431-00000003-ffffffff.binMD5=543B45C0EA868F182DF4DC7A06F7337C,SHA256=1B17B4F6131109964FE3480FC0CB886A4091495602AD348C999CBCFB747BB83B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066807Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.726{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210714-042908-00000003-ffffffff.binMD5=DF4C7FEA510590318A066C7E4087C76D,SHA256=22ADF3D157369EA139459DD7F50196745D8B66EA76F2EBCCFEB32AE096E6E27B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066806Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.711{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210714-041102-00000003-ffffffff.binMD5=E9A450FF8D40E0A569E77941C054CFFB,SHA256=D9F921D91BC029F88E01CABCCD3BC542E3561C49367760A06791F5A5B753AA55,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066805Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.711{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210714-041058-00000003-ffffffff.binMD5=9763AD994E4F32514052D2D31861D893,SHA256=B57FBD313165588B059FA2E1BC35786BFA298BB1EF85C7B70E67A71A0D2BED50,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066804Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.711{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210714-034556-00000003-ffffffff.binMD5=345F71A0F9083B3858F55CBA28DD40D8,SHA256=AB0B3926271E5590C505043C86BBAA8A2E64867A3F877FF7685294060A663AC6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 13241300x800000000000000066803Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:14.695{6F5BEE90-18AA-61E9-1100-000000002102}480C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3283ae7c-c76d-4914-b7f9-5b411380cd3d}\DhcpConnForceBroadcastFlagDWORD (0x00000000) 13241300x800000000000000066802Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:14.695{6F5BEE90-18AA-61E9-1100-000000002102}480C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3283ae7c-c76d-4914-b7f9-5b411380cd3d}\IsServerNapAwareDWORD (0x00000000) 13241300x800000000000000066801Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:14.695{6F5BEE90-18AA-61E9-1100-000000002102}480C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3283ae7c-c76d-4914-b7f9-5b411380cd3d}\AddressTypeDWORD (0x00000000) 13241300x800000000000000066800Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:14.695{6F5BEE90-18AA-61E9-1100-000000002102}480C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3283ae7c-c76d-4914-b7f9-5b411380cd3d}\LeaseTerminatesTimeDWORD (0x61e949e2) 13241300x800000000000000066799Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:14.695{6F5BEE90-18AA-61E9-1100-000000002102}480C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3283ae7c-c76d-4914-b7f9-5b411380cd3d}\T2DWORD (0x61e94820) 13241300x800000000000000066798Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:14.695{6F5BEE90-18AA-61E9-1100-000000002102}480C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3283ae7c-c76d-4914-b7f9-5b411380cd3d}\T1DWORD (0x61e942da) 13241300x800000000000000066797Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:14.695{6F5BEE90-18AA-61E9-1100-000000002102}480C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3283ae7c-c76d-4914-b7f9-5b411380cd3d}\LeaseObtainedTimeDWORD (0x61e93bd2) 13241300x800000000000000066796Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:14.695{6F5BEE90-18AA-61E9-1100-000000002102}480C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3283ae7c-c76d-4914-b7f9-5b411380cd3d}\LeaseDWORD (0x00000e10) 13241300x800000000000000066795Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:14.695{6F5BEE90-18AA-61E9-1100-000000002102}480C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3283ae7c-c76d-4914-b7f9-5b411380cd3d}\DhcpServer10.0.1.1 13241300x800000000000000066794Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:14.695{6F5BEE90-18AA-61E9-1100-000000002102}480C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3283ae7c-c76d-4914-b7f9-5b411380cd3d}\DhcpSubnetMask255.255.255.0 13241300x800000000000000066793Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:14.695{6F5BEE90-18AA-61E9-1100-000000002102}480C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3283ae7c-c76d-4914-b7f9-5b411380cd3d}\DhcpIPAddress10.0.1.14 13241300x800000000000000066792Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:14.695{6F5BEE90-18AA-61E9-1100-000000002102}480C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3283ae7c-c76d-4914-b7f9-5b411380cd3d}\DhcpInterfaceOptionsBinary Data 23542300x800000000000000066791Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.680{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D89B30884BF4D3C253215BE4B22E6967,SHA256=3B9158B259C31159767D61142BB7A9041F5F9C07C150576352FA14FB8B7D1966,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066790Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:14.611{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Internet Explorer\ie4uinit-UserConfig.log2022-01-20 07:05:19.206 23542300x800000000000000066789Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.611{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Internet Explorer\ie4uinit-UserConfig.logMD5=B52DDEDA31C205A8DBAAEA2A4D667ED0,SHA256=12BCC2C82172F48D2EE2A325A40D6550C1BF78A66183614B9781F9D52DC7692F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066788Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:14.611{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log2022-01-20 07:05:19.222 23542300x800000000000000066787Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.611{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.logMD5=FA16C9C1F91C61EE2489D91F184F7E95,SHA256=7193BBAC9CDF073F4007CC849CCC04D6D95BD159DEDD596E2742CF1EBE3299EE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066786Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:14.611{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Internet Explorer\brndlog.txt2022-01-20 07:05:19.222 23542300x800000000000000066785Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.611{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Internet Explorer\brndlog.txtMD5=9902BAEDC06FA4A8681E696EE6C73C06,SHA256=D0628FA63102EE74053BC6EFDD297AED794848F5DC300DAA7E391F4CF04E8511,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066784Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:14.611{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Internet Explorer\brndlog.bak2022-01-20 07:05:19.237 23542300x800000000000000066783Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.611{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Internet Explorer\brndlog.bakMD5=840DF767CAC9367CBBFD774EF011EAF3,SHA256=B2BAC5F3DE47D5C7ACDC0F8AFC4FFD4740260880C0A0CF4E4383495AB1AA98DF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066782Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.611{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\IconCache.dbMD5=59CA59779DFBBB08526929D435AA631C,SHA256=3EE3D3E272CE33D9B15E953DF834FB0E803F40F4385524F560ACD4D188A532C7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066781Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:14.611{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Ec2Wallpaper.jpg2022-01-20 07:05:19.253 23542300x800000000000000066780Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.611{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Ec2Wallpaper.jpgMD5=49150F7BFD879FE03A2F7D148A2514DE,SHA256=1B4913688521EC480A8BFCAE930D028A52E9555380F198A608DC660A64187456,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066779Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:14.595{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\ConnectedDevicesPlatform\CDPTraces.log2022-01-20 07:05:19.253 23542300x800000000000000066778Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.595{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\ConnectedDevicesPlatform\CDPTraces.logMD5=8BF24BEB11C5999B6BA9D2B515D2A86E,SHA256=43608CD25AC1F86DD4169392AEDC5AD67626F355DF289BD36E044D576D43DEB5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066777Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.548{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210714-034223-00000003-ffffffff.binMD5=A8B066F649D084E4419C534C5701691E,SHA256=A1C510D8A71FE7CD712124A33B8FB57371559B9AB7BB204065DE031F6D5439A9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066776Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.548{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210714-033155-00000003-ffffffff.binMD5=FECB74C6DB4144B3DD3A24DCE1FF565E,SHA256=7E7F09B28B27D83CA32F3F762BE5526B6849A43AF32A4569F9D8268E5575DEC1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066775Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.548{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210714-030348-00000003-ffffffff.binMD5=0FECC5ADD7E64231BD777A13B22E6D59,SHA256=BEE5BC087074CB585657828D95B32DC2A47161DB8868A0198B25EDBAB04B6796,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066774Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:14.544{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\ConnectedDevicesPlatform\ActivitiesCache.db2022-01-20 07:05:19.269 23542300x800000000000000066773Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.544{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\ConnectedDevicesPlatform\ActivitiesCache.dbMD5=A0D7DB5C67086D6C44A07C167299BAA9,SHA256=B574FD10A2427A8CADD00C0465ED50ECFDAD005F53F3EE391C1DE1E1FF548522,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066772Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.543{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210714-025831-00000003-ffffffff.binMD5=72B6DFBB404C7E7E6EBD6701AE27BAE2,SHA256=A6754D3B0FE44900EF11997397940A8750643D0E2EC08DFBB9C435529B7B3EB4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066771Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.527{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210714-025705-00000003-ffffffff.binMD5=878D5D7E57F8F782DEFC0EB5FF5EEB57,SHA256=322768C0A87B33E54558716461BFF0613DCD6923DAC4854A9499F496AAC6B41E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066770Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.527{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210708-023722-00000003-ffffffff.binMD5=A54D35BA577072DACC8F046ED8975537,SHA256=7A09EC4DA7C63CE3DFE96B008020B3365186833D5206708B317042B3545FC2C2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066769Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.527{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210708-023540-00000003-ffffffff.binMD5=C79ACD3D33000D8744F788AA247221D3,SHA256=E63E1EB69482E6D89CF44B5A8F3449BBE726CF67AB81FA46377AE6F787557B35,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066768Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.511{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210708-023336-00000003-ffffffff.binMD5=127CAF272330FF3505052D8F8A63A290,SHA256=A6283DC530A859F9CB87BDD61864F693B7C432BBE4F53AFF870EDF88739C7B3C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066767Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.511{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210708-023151-00000003-ffffffff.binMD5=1876E46C265C1B3EC5384707E6731A06,SHA256=FDAF2D0723477987240E163423C650A251E5509DFED23724B6FF0E90E3ABBFC1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066766Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.511{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210708-023147-00000003-ffffffff.binMD5=5F1D6A04DCAA6370E57247287131A983,SHA256=3074E60971AE61A872A1EA166B7FF3E6A013324FB00575C6E3FB4C8C400D2DFA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066765Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.511{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210708-023008-00000003-ffffffff.binMD5=4A65026920FF2403CB17ECBE8782CF62,SHA256=B3A473D561795E1E48402DEE17577CA4749508EC384289D53FB377F2539DFCFC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066764Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.511{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210708-022722-00000003-ffffffff.binMD5=EE04245AD6D223EDB5611258B94B6369,SHA256=003EA00E03824471E7017251A405C3EBA86AD4BC4377B70FCA8A58F9E1E6514B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066763Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.511{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210708-015455-00000003-ffffffff.binMD5=5C78BC3CFFC5209B1CE1914FA0FBCB78,SHA256=96D6A5D8BB63127ADDB4E4AED2971E54F28E2CDD2B514793E96CB4B655E089EB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066762Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.495{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210708-011415-00000003-ffffffff.binMD5=FD32F163B0C6B4726ED6B8ED9C5B11D4,SHA256=053269D4FC88D5B3B625A3143BAC37FBB0C781ECDBAEF65B7F25C680785B3E49,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066761Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.495{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210708-011026-00000003-ffffffff.binMD5=6F8BE2A08513DA06C160200FAE2F1066,SHA256=D113158C186ED695710D58B89942F7BF00F8445060F87C0977887E2A874D898E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066760Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.448{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210708-005953-00000003-ffffffff.binMD5=B96526C187AD0110944835CF639B51A7,SHA256=36DE9ABB3C33F79967A7C542E7C1E4953E072E3FD32AAF57CEC98B5244E85920,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066759Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.448{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210708-003236-00000003-ffffffff.binMD5=B1171E60B0BB9091B0CBA0DD9382C4EB,SHA256=FC3146172F4FA8BE8A15650415760E342E44F01E419FA72BAFE7DB28E30BE7FC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066758Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.440{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210708-002926-00000003-ffffffff.binMD5=47C6E9FA1B1E22251126419D948DCFC8,SHA256=059ECA59DF526131AC97DC943BC377B6D3E081F8D67703C0D57780C5290D8543,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066757Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.402{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210708-002725-00000003-ffffffff.binMD5=56D47EA778E2B9389755EB12DA104061,SHA256=B651EAEBFE9A476C077AF038077E12B3F1646EF83C915DD3A10B39981DAD041C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066756Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.391{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210609-053655-00000003-ffffffff.binMD5=01ABE765230B60F9F62BECB72C5CDEDE,SHA256=D12FFE3EA7AD86C41F8A2EC93DF6C3F92B216BD15B1000C86B572FC1E5939C5F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000066755Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.389{6F5BEE90-18AA-61E9-1600-000000002102}13243356C:\Windows\System32\svchost.exe{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000066754Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.388{6F5BEE90-18AA-61E9-1600-000000002102}13243356C:\Windows\System32\svchost.exe{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000066753Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.384{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210609-053427-00000003-ffffffff.binMD5=68C20F54E9A333DD2236F681204F2CAE,SHA256=3A24C4EA5EC011E0E92B25DDEAB977D4C4259BAFC49D759EB9CB2BA5692FD215,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066752Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.379{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210609-053243-00000003-ffffffff.binMD5=7C382CBFCDA48124ECD918451E3CA1E1,SHA256=2281D774F905E508F64BAB7BEA131526C96F0CD12DB84D05A375E733E784FFD1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066751Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.369{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210609-053239-00000003-ffffffff.binMD5=567B162D0F0FD753F1A8C74F81FF49D0,SHA256=557C3970082A84647BE8C05CEFFD66C6DF687B8D6B4CA9C0B7A9E44E373A5D16,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066750Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.366{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210609-053055-00000003-ffffffff.binMD5=75FAAEA88CBE3DD63EE72E8D0F90DBF6,SHA256=6ACC97FD0F2512CFF5D3963357453AC224C947023EBDCCDC9F802B810CE2B39B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066749Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.357{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210609-052827-00000003-ffffffff.binMD5=25B5B31ED150D219125E3B7854F3F30C,SHA256=446E47E1FEE614F77AC5E95CE7EF2530824C6F1FD4B874F5CB8D03BB8CF278F9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066748Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.354{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\Videos\desktop.iniMD5=50A956778107A4272AAE83C86ECE77CB,SHA256=B287B639F6EDD612F414CAF000C12BA0555ADB3A2643230CBDD5AF4053284978,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066747Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.351{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210609-045403-00000003-ffffffff.binMD5=794C84A794F1906DC33C03AF5FFAFCE0,SHA256=94631F9819DA2B300E348F2B8D4C33A8CAFAD7B017D32A187E403CCF7D35CCC9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066746Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.349{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\Searches\desktop.iniMD5=089D48A11BFF0DF720F1079F5DC58A83,SHA256=A9E8AD0792B546A4A8CE49EDA82B327AD9581141312EFEC3AC6F2D3AD5A05F17,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066745Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.347{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\Saved Games\desktop.iniMD5=B441CF59B5A64F74AC3BED45BE9FADFC,SHA256=E6FDF8ED07B19B2A3B8EFF05DE7BC71152C85B377B9226F126DC54B58B930311,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066744Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.342{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210609-041504-00000003-ffffffff.binMD5=630E01B5B3E865E63352F5C6DB70F121,SHA256=F78B832F28D4BC707B8B8391F4E9D123E1C5AE5A7DA5ABED1726489B225F288E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066743Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.341{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\Pictures\desktop.iniMD5=29EAE335B77F438E05594D86A6CA22FF,SHA256=88856962CEF670C087EDA4E07D8F78465BEEABB6143B96BD90F884A80AF925B4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066742Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.339{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\ntuser.iniMD5=6FC234AD3752E1267B34FB12BCD6718B,SHA256=5AD8F52071D25165E7E68064AB194EC27A074A3846149ED0689AF23E7F7F2D00,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066741Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.337{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\Music\desktop.iniMD5=06E8F7E6DDD666DBD323F7D9210F91AE,SHA256=8301E344371B0753D547B429C5FE513908B1C9813144F08549563AC7F4D7DA68,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066740Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.334{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\Links\desktop.iniMD5=3B960DA228CC489B622697659C885D64,SHA256=A4234E2CF44C57609FD7CB0F9F0A33EE136B542FBA5121AC02D85B38FB2EA02D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066739Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.333{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210609-041122-00000003-ffffffff.binMD5=AAE17256CAC299AD45E650ACD34CB0D8,SHA256=84C363A4A9F97CE1C7E4AB94CEBF2593F75EE129AEDDA8F8048A62C9D7DE53BE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066738Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.329{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\Favorites\Links\desktop.iniMD5=3C106F431417240DA12FD827323B7724,SHA256=E469ED17B4B54595B335DC51817A52B81FCF13AAD7B7B994626F84EC097C5D57,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066737Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.328{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210609-040048-00000003-ffffffff.binMD5=D8FF9ED15157DA497B30FE4C379795D2,SHA256=CE3588C390205E588ED1474D46E3AFDE4EC8D3BDF51310C1F9E681E1F6DF32BB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066736Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.324{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\Favorites\desktop.iniMD5=881DFAC93652EDB0A8228029BA92D0F5,SHA256=A45E345556901CD98B9BF8700B2A263F1DA2B2E53DBDF69B9E6CFAB6E0BD3464,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066735Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.323{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210609-033445-00000003-ffffffff.binMD5=89BC90B0913FBCE383E70E696713992E,SHA256=D91B659ED0181366754D51B18F26C1B369DBB190C08E25EAB65F4DD9E1030E9F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066734Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDownloads2022-01-20 10:39:14.321{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\Downloads\dnSpy-net-win64.zip2022-01-20 08:53:47.666 23542300x800000000000000066733Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.311{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210609-033106-00000003-ffffffff.binMD5=8F68A773F21C1455D28EA1556FD3C913,SHA256=7836B80389704FFC3ADB6DF535D7544DEB7DF543CB0F1B59DB11352E2A29955B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066732Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.309{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\Downloads\dnSpy-net-win64.zipMD5=4800FD15179864EDEF2FB70788A042A2,SHA256=78D855AEF02D87195DDDE4F4A89F16F03708E66EC8282CF8EB9ECC89DD469F6C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066731Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.300{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210609-032955-00000003-ffffffff.binMD5=40F8C52D174720A525E30F7915ECF57D,SHA256=C4CAE6AE0BDDB3FEB8E6013698ABA6940B9FE89A4E4CAFCB61F3D13DEA15A9A9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066730Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.297{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210512-053202-00000003-ffffffff.binMD5=A69598AC1F38F5FF66247D331A36700D,SHA256=12344B545CC9516BB862EF8043FF30AD84D3A6C96FF9154A6C4003867742EFEE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066729Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.287{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210512-052940-00000003-ffffffff.binMD5=4EB733E0C9F37B9EBA73E07A5672C62B,SHA256=1544BC85341AC6AF10137C1FBA3C90E39DC9CFC7D0A95559DC648B2CC4C25A85,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066728Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.285{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210512-052702-00000003-ffffffff.binMD5=CF6F65A6FE1A50A405145B2491B4980E,SHA256=F79E89348D2BBC9136E30B3D29C185299785A0057F991B141A49F31E4A7C15D8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066727Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.281{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210512-045210-00000003-ffffffff.binMD5=7A637083357E6808CA44DEE4A07268E9,SHA256=C375D321C449903D3A12E2C8EB00BA867D4E5150A8FECD0D559F0EA99D3CDB47,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066726Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.273{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210512-041233-00000003-ffffffff.binMD5=3513D4829AB77371068AEF770F459134,SHA256=29F300681E9C327534525AC04FF3DB8E93D43C89E6F3E071CA07242844868819,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066725Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.249{6F5BEE90-18B8-61E9-2900-000000002102}2920NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0571bb7ceded66ec2\channels\health\respondent-20220120080932-145MD5=44EE2058E1CF53803DE801177DF9FF30,SHA256=D4B695239EFC7A7D204A7F26661A6155EA831FDC6A54CE0076B22CA3E58183AF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066724Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.229{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210512-040846-00000003-ffffffff.binMD5=9E01CAAC8EFB3ADE387CEB6BBE38B733,SHA256=F5572F5C3112D953D8E4F637AB6373DDC63D1605CCF3CA793574D981D98E8237,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066723Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.224{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210512-035809-00000003-ffffffff.binMD5=3AE8ECD8DDB5A0243F27336376C82F83,SHA256=737E8504C1190A98199BA9BCB39064363FBA842DD20EBF5FC7B2504E04F16EE1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066722Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.186{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210512-033152-00000003-ffffffff.binMD5=528B51E7DBF4C77EB225D837E2F3923C,SHA256=F6B0BA79F9C33DEB9CB077391D43CF10CD07FF2536CB14F07E1EB09217A6850C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066721Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.169{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210512-032856-00000003-ffffffff.binMD5=6EFA2B1A2928593EB1A8ACC6A3135AEE,SHA256=A08EC28CD096704EA151858A5E423BAA5DD641E6C2A5C1C3FB3AFD371DABD5A0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066720Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.164{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210512-032738-00000003-ffffffff.binMD5=CBAE6319AF2A5F4C284F912611047B44,SHA256=D5B49A599CDC27C4083E9347168CFC510C7116713385DB95CFE1000EFD918CC1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066719Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.161{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210414-050712-00000003-ffffffff.binMD5=451B0E9101B7697F39A71DF9EECD9CEB,SHA256=7CB8F5212E42F297D27D19A21F5A751630F5707625BE44CB527FBC9D1B84783A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066718Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.152{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210414-050443-00000003-ffffffff.binMD5=0AF3A1E979A83BA45CC5973B37136A3B,SHA256=B2F38D32E71982C6AEE6D078A1FA056F66A569DE1248B37735B7C01F13F81BD0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066717Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.139{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210414-050259-00000003-ffffffff.binMD5=30B9C17DEAD89473C403ED8389E99D59,SHA256=9A9E23B3EEAFE4399E7FD0DB87E2CF6736BC3F4A653B2E159D690B3C1B014B6F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066716Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.127{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210414-050255-00000003-ffffffff.binMD5=057C08A1074DBEE5C026210643B197A7,SHA256=C2B97BF838B596FCA23648004728B916EE586BF087954F71ABF0AB13F0E10F21,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066715Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.125{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210414-050111-00000003-ffffffff.binMD5=B342A592C0ECC8B2B58DA458332EEC09,SHA256=2F6FD0A8E852CBDFBAECC6F33288843AA62FDF77308971D7F0BF3D0275B8B2ED,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066714Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.122{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210414-045842-00000003-ffffffff.binMD5=F7C300AA1F1354DDDE313E9C9D80F0F4,SHA256=F06E8C8F8899CB4F54F56455A40902567A1EA815A9B00C7ABE39BC9784EFC768,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066713Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.118{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210414-042340-00000003-ffffffff.binMD5=4AA1F5A70C20F8F04F9DB6597B6EDFD8,SHA256=A58D941DDA51B99AB9D6F7A6524CC30E976F609C40AABB3184624C910B65958A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066712Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.116{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=24FFCC5AD47EEF845F72BCD5FB35B892,SHA256=C802B6081D4D77202B6594AB781965E4BCA8BE6BF6443D94B0E3E98E13F2887E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066711Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.077{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210414-034319-00000003-ffffffff.binMD5=B534EA8E9EA69599EEF9BC64A72799B9,SHA256=DC41ACBC4BED9F94B5D8CC8108A8B2DF2E154E4CA1E23E3F4191930FD118046F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066710Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.034{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210414-033944-00000003-ffffffff.binMD5=972EC079C2791D345D3410D0C855BCE1,SHA256=8CAFB5692F937A561F47F642A07E210F26CE83B3DA2B332759CA522B5881CF48,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066709Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.029{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210414-032919-00000003-ffffffff.binMD5=BDFA5FE349935DF800947E441EAB2DE7,SHA256=77A458826377E3189853A81C2E866FDF63A46663C03A10FDFFA29B49D16DDD77,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066708Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.001{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210414-030300-00000003-ffffffff.binMD5=30A8D7319CB986257591C113031DD4B8,SHA256=3BD05568FDFBE1DA0AD9D8698CE82FA7E423ECD8B2EDD084DDF13F93F67F08CE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000031968Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:15.330{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F56D1BB0975EBB405C8990BEC4F7735D,SHA256=BC655B5D3DD8E6A19E1C4E6A03CD71DCBBEDD6868F45BBA8F7ADD53E10961637,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000066948Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.963{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Notifications\wpndatabase.db2022-01-20 07:05:18.534 23542300x800000000000000066947Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.963{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Notifications\wpndatabase.dbMD5=36758FF3D73BAD31E03D17AA58F414D9,SHA256=0FF6B98FE58C8165727415227D2D465891926E3BBFAD893C534681A6D841D4C7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000066946Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:14.988{6F5BEE90-18AA-61E9-1100-000000002102}480C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local68bootpcfalse10.0.1.1ip-10-0-1-1.eu-central-1.compute.internal67bootps 23542300x800000000000000066945Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.947{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211215-030648-00000003-ffffffff.binMD5=A531EA64663D16096FDE2A576BF3E0D0,SHA256=4FDD61381E1C01A275127DBEF2C1941F123F355A09EE0B6B293807F27ABAA5A1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066944Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.947{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211215-030540-00000003-ffffffff.binMD5=6B2BAC2BF55D3C780326B19C4C407672,SHA256=DB2271EE6495A33F4C4B5BBE1DDDAB10718053060C2286504F588BF08F5695D5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066943Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.945{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211110-052709-00000003-ffffffff.binMD5=8D1016AEE0701929ED6C0CC93EB77ABE,SHA256=C352E7655E5544EB3BDFE871353F48E5CA51D3F505646A1104A55E74E01F87F6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066942Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.910{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211110-051958-00000003-ffffffff.binMD5=B69620498021D540A3F1E501BE804163,SHA256=37A39CEF74A0195D1F45D842490065096A29CC6A13FA3E6A1F3F0B3A07260A87,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066941Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.879{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211110-044442-00000003-ffffffff.binMD5=9D42B67A4F445BFB0D72018B2D532CBC,SHA256=720DFCCE747E27D37B554CB9ED98451A891A9A7F3E56187E63FEB66E3946C9BB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066940Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.879{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\History\desktop.ini2022-01-20 07:05:18.550 23542300x800000000000000066939Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.879{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\History\desktop.iniMD5=941682911C20B2DABECB20476F91C98A,SHA256=3FEF99E07B0455F88A5BB59E83329D0BFCEBE078D907985D0ABF70BE26B9B89A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066938Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.879{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide_alternate.db2022-01-20 07:05:18.550 23542300x800000000000000066937Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.879{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide_alternate.dbMD5=DB7C049E5E4E336D76D5A744C28C54C8,SHA256=E8830E7AC4088CF3DD464CAEC33A0035D966A7DE5AE4EFC3580D59A41916FF7B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066936Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.879{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide.db2022-01-20 07:05:18.550 23542300x800000000000000066935Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.879{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide.dbMD5=5F243BF7CC0A348B6D31460A91173E71,SHA256=1B1AED169F2ACFAE4CF230701BDA91229CB582FF2CE29A413C5B8FE3B890D289,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066934Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.879{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db2022-01-20 07:05:18.565 23542300x800000000000000066933Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.879{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.dbMD5=379523B9F5D5B954E719B664846DBF8F,SHA256=3C9002CAEDF0C007134A7E632C72588945A4892B6D7AD3977224A6A5A7457BF4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066932Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.863{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db2022-01-20 07:05:18.565 23542300x800000000000000066931Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.863{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.dbMD5=8FD87D2AA7859AF0EF86231C141FB3EA,SHA256=66CF1BCDFB4D760A87EE35B7FB3E6B7B222F13FA0E5E65379A94DFF3AB387A96,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066930Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.863{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_exif.db2022-01-20 07:05:18.565 23542300x800000000000000066929Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.863{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_exif.dbMD5=FC94FE7BD3975E75CEFAD79F5908F7B3,SHA256=EE1ED3B49720B22D5FDA63D3C46D62A96CA8838C76AB2D2F580B1E7745521AA5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066928Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.863{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_custom_stream.db2022-01-20 07:05:18.581 23542300x800000000000000066927Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.863{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_custom_stream.dbMD5=F732BF1006B6529CFFBA2B9F50C4B07F,SHA256=77739084A27CB320F208AC1927D3D9C3CAC42748DBDF6229684EF18352D95067,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066926Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db2022-01-20 07:05:18.581 23542300x800000000000000066925Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.dbMD5=2A8875D2AF46255DB8324AAD9687D0B7,SHA256=54097CCCAE0CFCE5608466BA5A5CA2A3DFEAC536964EEC532540F3B837F5A7C7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066924Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_768.db2022-01-20 07:05:18.581 23542300x800000000000000066923Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_768.dbMD5=D192F7C343602D02E3E020807707006E,SHA256=BB4D233C90BDBEE6EF83E40BFF1149EA884EFA790B3BEF496164DF6F90297C48,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066922Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_48.db2022-01-20 07:05:18.597 23542300x800000000000000066921Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_48.dbMD5=AE6FBDED57F9F7D048B95468DDEE47CA,SHA256=D3C9D1FF7B54B653C6A1125CAC49F52070338A2DD271817BBA8853E99C0F33A9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066920Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db2022-01-20 07:05:18.597 23542300x800000000000000066919Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.dbMD5=C89FDCCC0EAA5E334C35C7DCB9329A36,SHA256=F06983C3B1612AB00CEA83A93A54EF73F79BA9BE90E370A867A8EE4B686950D1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066918Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.847{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211110-041659-00000003-ffffffff.binMD5=98DC459FD801569B2C3593619A11C0A1,SHA256=E7579568A4A466FAB0A96EEE50CD8C65CE451338E03CD0F168D88F858E4183CA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066917Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.830{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211110-041654-00000003-ffffffff.binMD5=0FC12B6BB43C45A9E49CD9F4831FC4D5,SHA256=9933F4E38C25F21457B3484977B9A20B201B1AF14BD9F264450983AFF8B8DE95,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066916Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.814{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211110-040616-00000003-ffffffff.binMD5=274AB9282C62A6D19EF8BC8639C0CE20,SHA256=E22A2EA5FBE425728F3893B6A8B499AB7853A2101A6D04CB2666717CD9E90394,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000066915Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.725{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000066914Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.710{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000066913Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.710{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211110-040012-00000003-ffffffff.binMD5=9D7C5C8B16D82E7A329B8734C69179C9,SHA256=FC5E419FCD2F06A89BEA13B898BB33A6FA4C30021785C5E018C2582F896CC518,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066912Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.694{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_2560.db2022-01-20 07:05:18.612 23542300x800000000000000066911Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.694{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_2560.dbMD5=2D84AD5CFDF57BD4E3656BCFD9A864EA,SHA256=D241584A3FD4A91976FAFD5EC427E88F6E60998954DEC39E388AF88316AF3552,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066910Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.694{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211110-035629-00000003-ffffffff.binMD5=5F7A01C9E4CCE4FFB008E535960452DF,SHA256=80B454160B43E700C87A5BE2F5A9E524AC0E2459D08ACE2DA8F620901A1751DC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066909Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.694{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db2022-01-20 07:05:18.612 23542300x800000000000000066908Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.694{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.dbMD5=A978C9EC7D3D09BF25FEADEB95CF7087,SHA256=C0D870B46A68C7AC7E35EAB24DAD25F170290A19BE4495BA76611CF80AAAB7F9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066907Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.679{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1920.db2022-01-20 07:05:18.612 23542300x800000000000000066906Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.679{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1920.dbMD5=635E15CB045FF4CF0E6A31C827225767,SHA256=67219E5AD98A31E8FA8593323CD2024C1CA54D65985D895E8830AE356C7BDF1D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066905Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.679{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db2022-01-20 07:05:18.612 23542300x800000000000000066904Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.679{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.dbMD5=940EC22E4B61248D33BCA1FA21665853,SHA256=DEB877AA353FE075C9E68917A28362B435C8ABD3CAF799B29880BD97FE359274,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066903Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.647{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211110-034600-00000003-ffffffff.binMD5=361554B932CC43C5ED3CCD4ADFFA7E78,SHA256=B7A5866F2417885F4FE674A18B70753BD12FE190BA202A6619BDF4AE76D37468,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066902Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.647{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211110-031915-00000003-ffffffff.binMD5=DC86777C3938D4AF07D9D9372964A01D,SHA256=5D9B5C83952564F6542F87B96F51A5DA6061A397023F7D5C492F27687093672B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066901Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.594{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211110-031431-00000003-ffffffff.binMD5=92C53E101940D69AE9FD5CFF6B4D9384,SHA256=DFDD75B20F60691304E2E93FB72BC73548A397FD9BEEBD467A65BB2C2FC916EE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066900Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.579{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211110-031319-00000003-ffffffff.binMD5=C0EE46D4E9F36C26E38FADF1F90A9390,SHA256=2452E9F60BAB46A4558B33656AA5CB7FAD8508AE44CA644BC6920EB0FCE8C0CF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066899Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.563{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211013-051030-00000003-ffffffff.binMD5=FCAFB4167C7E6CE122A6636C07F17567,SHA256=65665CBACF1411B022D79451884FF554F84DB16B94B02C87F8E7282F9FC8A927,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066898Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.563{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211013-050825-00000003-ffffffff.binMD5=65ADD3B93E30CD8391D91CA4F6E99E12,SHA256=B7A4513505F72DFE6C4970F79C707DABAB72488A26323D428D031E7D80224CF6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066897Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.563{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211013-043342-00000003-ffffffff.binMD5=81A0D7292326E5ECC35DDB93BFFE59CA,SHA256=9DEBD6EBC562DBF94DA85428805CD8CDC45E1FB275D50613FAE3F3DA5C6D253B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066896Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.547{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211013-040353-00000003-ffffffff.binMD5=8A15ED93F5155C905260F28CC5BB093A,SHA256=E55211C16429276CB35791CF8EECBEC2188B934E0B2FD3D5D4CE1D04E807C32C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066895Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.494{6F5BEE90-18AA-61E9-1100-000000002102}480NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=A752AF103A1BA44C7CB37C4D686E5870,SHA256=642205598C46E1E1CAA1E5DC5E37B632CE53F342CDB9EBE162E9C6A3013B94D7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066894Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.479{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211013-040348-00000003-ffffffff.binMD5=60BBFCE58C3EA77531630F960B24A1C7,SHA256=9B876276FBE8B9479D6AF06ABC3EC3B75CDE413EB72FDC3CB7D66D6DD96A7C1F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066893Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.479{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211013-035332-00000003-ffffffff.binMD5=E53301A1C5A7457A732D3A93BE918F03,SHA256=FFE829EC2702CBB6C99734B00977017B3BCB7BA037ABF91AF0B46DB8D2B2BA89,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066892Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.479{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1280.db2022-01-20 07:05:18.612 23542300x800000000000000066891Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.479{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1280.dbMD5=2DD3F3C33E7100EC0D4DBBCA9774B044,SHA256=5A00CC998E0D0285B729964AFD20618CBAECFA7791FECDB843B535491A83AE21,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066890Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.479{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db2022-01-20 07:05:18.628 23542300x800000000000000066889Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.479{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.dbMD5=DB7C049E5E4E336D76D5A744C28C54C8,SHA256=E8830E7AC4088CF3DD464CAEC33A0035D966A7DE5AE4EFC3580D59A41916FF7B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066888Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.479{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db2022-01-20 07:05:18.644 23542300x800000000000000066887Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.479{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.dbMD5=5F243BF7CC0A348B6D31460A91173E71,SHA256=1B1AED169F2ACFAE4CF230701BDA91229CB582FF2CE29A413C5B8FE3B890D289,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066886Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.463{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db2022-01-20 07:05:18.659 23542300x800000000000000066885Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.463{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.dbMD5=379523B9F5D5B954E719B664846DBF8F,SHA256=3C9002CAEDF0C007134A7E632C72588945A4892B6D7AD3977224A6A5A7457BF4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066884Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.463{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db2022-01-20 07:05:18.659 23542300x800000000000000066883Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.463{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.dbMD5=5C22C458D992AA495AD20BED2235D8BB,SHA256=4BDC744E423892D42A7CAC2114BF2A4A4E424DB99F166F4A7BE19249B7CEC2C9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066882Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.463{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db2022-01-20 07:05:18.659 23542300x800000000000000066881Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.463{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.dbMD5=FC94FE7BD3975E75CEFAD79F5908F7B3,SHA256=EE1ED3B49720B22D5FDA63D3C46D62A96CA8838C76AB2D2F580B1E7745521AA5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066880Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.463{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db2022-01-20 07:05:18.659 23542300x800000000000000066879Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.463{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.dbMD5=F732BF1006B6529CFFBA2B9F50C4B07F,SHA256=77739084A27CB320F208AC1927D3D9C3CAC42748DBDF6229684EF18352D95067,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066878Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.463{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db2022-01-20 07:05:18.659 23542300x800000000000000066877Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.463{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.dbMD5=2A8875D2AF46255DB8324AAD9687D0B7,SHA256=54097CCCAE0CFCE5608466BA5A5CA2A3DFEAC536964EEC532540F3B837F5A7C7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066876Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.463{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db2022-01-20 07:05:18.659 23542300x800000000000000066875Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.463{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.dbMD5=D192F7C343602D02E3E020807707006E,SHA256=BB4D233C90BDBEE6EF83E40BFF1149EA884EFA790B3BEF496164DF6F90297C48,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066874Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.447{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db2022-01-20 07:05:18.675 23542300x800000000000000066873Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.447{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.dbMD5=BC006017D8EE4D162A84D5914F95CE4C,SHA256=322D8093E427A12E6B185DA0D49EA356F7C52331C5E560298DDA6C95ADDD7CE4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066872Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.394{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db2022-01-20 07:05:18.675 23542300x800000000000000066871Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.394{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.dbMD5=A98E0EBCA5CD148EC0FD803E3FB4F74B,SHA256=CE2AA6C9C29FA35C43AEFC541E3DA5D63B69571F922B6208AB137FB978B09E3B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066870Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.379{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211013-034950-00000003-ffffffff.binMD5=1EDFF6C8911A0C890B56FAF08C7457CD,SHA256=4595B78D8DE3D7E24677B053A46E1E2C5895C0668C659BCDC9C7C902B14374D5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066869Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.363{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211013-033904-00000003-ffffffff.binMD5=AFA6FF7595615C705E7670BA1CE4CDEA,SHA256=6BC5E2A52811DC9F70EAD87D7D60374414C6C4A2A077117A8A8A5ABD95D8491C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066868Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.363{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211013-031052-00000003-ffffffff.binMD5=ABCE32B61D2AA3F1892346161E67128F,SHA256=C56A5A9F451EE7CEC1E032D04565499FDF488243AF14C13A25A14B2BA9E6639A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066867Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.363{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211013-030717-00000003-ffffffff.binMD5=49C24725496810C9AC9AD9B00F4BD0E0,SHA256=CA7C0728ADB4C182B87343E6706841ACD9DC3CB549BD2BD47CDA881305F28DAB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066866Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.347{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211013-030552-00000003-ffffffff.binMD5=755CAA7F36E0F5B46C32645C36FC4D86,SHA256=3A2559B8CBEABCE9302C08D1879324A950264718A835BE10C3CC5A1CB683B0D5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066865Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.347{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210915-051932-00000003-ffffffff.binMD5=D0F5B0EB0DDAF179A01637F912757EE5,SHA256=20E93B4E0029DD91E959135FDE779A1F1A1412CE976453336FEB1A1D483C8DFC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066864Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.347{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210915-051733-00000003-ffffffff.binMD5=900A1D152E017A171281856C58084851,SHA256=FC8866A360DE07E109A48BABF2EA571670CD8C7E91741A2536B923F145BA0CF6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066863Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.347{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210915-051545-00000003-ffffffff.binMD5=22DAEE0CA015AF96E88BBAC9DC242A8D,SHA256=89BDE482FA430D046D723E5D14D8260E6BDF2058F0C5495A3927BD1B0C3DF4D4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066862Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.347{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210915-051539-00000003-ffffffff.binMD5=6A63EFC30077CDCA48F846F5F828E6DE,SHA256=4EBAC852B032960D13C8746EECF4D24EBED25DD30831097669AA867643C2F2A8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066861Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.347{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210915-051426-00000003-ffffffff.binMD5=ED06558AEAD6C26F3472626E974EA626,SHA256=232D36B8EBBA1AC21920315E08D56C1A9E2A150511A67EC239587006C5F51169,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066860Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.345{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210915-051136-00000003-ffffffff.binMD5=518649233FD53931E0BC724EDEB83AAC,SHA256=8B60ECC137DCF354B4822AC0513E4C510D750AEDDB028B02759E780B7768E7D4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066859Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.341{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210915-043451-00000003-ffffffff.binMD5=2F7BF90F474D13EDF274C91C2BE11537,SHA256=731459DFE69FA5D9ED6E9ED08C253BCA73F4791781A93C334306A11725245948,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066858Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.320{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210915-035220-00000003-ffffffff.binMD5=EDC515D77B582558E7C30E275EEAB0CB,SHA256=76BDF20E6828C7DE3E58EEB5B18DAB41D71F6618155447E3F79C60C4595F927E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066857Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.273{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E911791AF39110EF29B857270466C42C,SHA256=A146B6402E92E5A76C3B93C028FCACD1BE96F239D7482F8468BAAAB6892FC385,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066856Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.246{6F5BEE90-18B8-61E9-2900-000000002102}2920NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0571bb7ceded66ec2\channels\health\surveyor-20220120080928-146MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066855Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.195{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db2022-01-20 07:05:18.675 23542300x800000000000000066854Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.195{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.dbMD5=2D84AD5CFDF57BD4E3656BCFD9A864EA,SHA256=D241584A3FD4A91976FAFD5EC427E88F6E60998954DEC39E388AF88316AF3552,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066853Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.195{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db2022-01-20 07:05:18.675 23542300x800000000000000066852Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.195{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.dbMD5=CB3605EADA1CE5EFABC53A09F50F7C44,SHA256=62DB430F19B62C19F42E21598B81DF552C25D7D4E32BAAA53789549F5A6183BA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066851Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.126{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210915-034843-00000003-ffffffff.binMD5=1EAA9EA94FF5C666C9250BD1ACD4A422,SHA256=22387825E1F137EDC5DE8AB503C270EBA086A8B94EE1AF09F609404DF1866A5F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066850Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.110{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210915-033813-00000003-ffffffff.binMD5=8A864317DA14CD39D8FC59B6B221AA58,SHA256=95D691057109BBC9F01E848BD762425DB7C119D6D6595D5AF15889B6BE240B0F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066849Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.110{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210915-031006-00000003-ffffffff.binMD5=D8FB84ED46353BA04287FF94A6A783BC,SHA256=455038EE9E6272B44EFD51DE6BA530089CF72C02C437E4E39B2E78880D017444,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066848Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.079{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db2022-01-20 07:05:18.675 23542300x800000000000000066847Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.079{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.dbMD5=635E15CB045FF4CF0E6A31C827225767,SHA256=67219E5AD98A31E8FA8593323CD2024C1CA54D65985D895E8830AE356C7BDF1D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066846Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:15.079{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db2022-01-20 07:05:18.690 23542300x800000000000000066845Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.079{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.dbMD5=6DADBA396B56E038B6013CD5DF8A689D,SHA256=E16FCFD0A6003F27777AFBB1D99AB40B6367A0747B6CA69236F89E123DB71B6C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066844Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.048{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210915-030435-00000003-ffffffff.binMD5=4EB19C670FBE751288C706C4A6782714,SHA256=F75C28947DD5F2AA3177FDD18C7E28ADF914A10AB0FCBA866C2EC1D04B3127B1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066843Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.048{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210915-030314-00000003-ffffffff.binMD5=DBFED1816E50369ED6FB7221C4D0CE6C,SHA256=4634D971C06E7D611EFE35561D9B2702C2BABC08383044CD94CC24FDAF096FA2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066842Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.048{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210811-054236-00000003-ffffffff.binMD5=69D58741DE98E0D0A6741FC62CFCAB3B,SHA256=94239BA27B4E4F1B639C5E68D503AD6E840B735BD24739F0252F0D2CD4DA3374,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066841Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.047{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210811-053953-00000003-ffffffff.binMD5=02ACB7CABEB68F80CC3C5D6767DE0075,SHA256=070B778292A0AB0FC57BEB3A991306CE06356F536729AB5E46C323D65113DCA9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066840Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.045{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210811-053807-00000003-ffffffff.binMD5=B29825F9509DB584CCAC44520BC91758,SHA256=89E98902205DA506119A11EE4B42358A17ED9DA054D54FDCFB605FA5ABAA67D9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066839Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.043{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210811-053803-00000003-ffffffff.binMD5=17DAB7E0350A1C5D9CFC8E32E581116F,SHA256=D12B5FCCC83DEB3419E849497B7D29863094D54A1BCC63E52E35B1DAD2F1D7AA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066838Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.026{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210811-053738-00000003-ffffffff.binMD5=4287A4EF34BA8282F6F4B9196AA0FD47,SHA256=F6903EFFA36ED05BDD0E98BC078C0D92C5EC754CFCE9F6617D270CCF57E0CF12,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066837Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.026{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210811-053444-00000003-ffffffff.binMD5=CC191C9822C1721B91289049AF04D0D8,SHA256=3899CAE0B36F4015F98BBDCAF3FAA7F93FF3F71AC5952353BC1F5D01D35AD7D1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066836Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.026{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20210811-045958-00000003-ffffffff.binMD5=EABAED9D63B6F0D852B2BCDE1A8982DD,SHA256=577A2B015B7D1C0E9780432E37A90CA888FE7458B7E622365E28BD504DAF7ED2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000031969Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:16.408{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=065E18F18BCED1FAD8A66E829E0A254B,SHA256=0B6D07AC015207FDD43012010A5F9341CD14C672D98B6199585CFE16A9A74579,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000067072Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.979{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{93e918b8-f239-44ba-b3fb-ad2d4b5024b9}\appsglobals.txt2022-01-20 07:05:17.034 23542300x800000000000000067071Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.979{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{93e918b8-f239-44ba-b3fb-ad2d4b5024b9}\appsglobals.txtMD5=5925E930562DA940101DE785C1CBC5B3,SHA256=B6C3C8B85CECB5743E5A62C706152F83606B5690F0926B5CC16D29CBFE3ED39B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067070Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.979{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{93e918b8-f239-44ba-b3fb-ad2d4b5024b9}\appsconversions.txt2022-01-20 07:05:17.065 23542300x800000000000000067069Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.979{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{93e918b8-f239-44ba-b3fb-ad2d4b5024b9}\appsconversions.txtMD5=F21F68AB0FD9BF5B4255EDDDE72BE816,SHA256=9034FBD5F370A37A2E43CAE5D482B84D3ED9B6C62C6DDBC4BEE25B0526AD25EE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067068Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.979{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{521a01b1-5b6c-41b6-ad58-79363f21599f}\0.2.filtertrie.intermediate.txt2022-01-20 07:05:17.097 23542300x800000000000000067067Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.979{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{521a01b1-5b6c-41b6-ad58-79363f21599f}\0.2.filtertrie.intermediate.txtMD5=C204E9FAAF8565AD333828BEFF2D786E,SHA256=D65B6A3BF11A27A1CED1F7E98082246E40CF01289FD47FE4A5ED46C221F2F73F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067066Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{521a01b1-5b6c-41b6-ad58-79363f21599f}\0.1.filtertrie.intermediate.txt2022-01-20 07:05:17.097 23542300x800000000000000067065Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{521a01b1-5b6c-41b6-ad58-79363f21599f}\0.1.filtertrie.intermediate.txtMD5=34BD1DFB9F72CF4F86E6DF6DA0A9E49A,SHA256=8E1E6A3D56796A245D0C7B0849548932FEE803BBDB03F6E289495830E017F14C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067064Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{521a01b1-5b6c-41b6-ad58-79363f21599f}\0.0.filtertrie.intermediate.txt2022-01-20 07:05:17.112 23542300x800000000000000067063Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{521a01b1-5b6c-41b6-ad58-79363f21599f}\0.0.filtertrie.intermediate.txtMD5=F975464F45E06A57B8FE3C4FFE644599,SHA256=41B65982C681DAFBA517CEA1878436C4FE1500C161A00B9A916661DB425D5FB0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067062Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{1898f399-c028-4710-b40c-a5a12eaa891f}\0.2.filtertrie.intermediate.txt2022-01-20 07:05:17.128 23542300x800000000000000067061Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{1898f399-c028-4710-b40c-a5a12eaa891f}\0.2.filtertrie.intermediate.txtMD5=C204E9FAAF8565AD333828BEFF2D786E,SHA256=D65B6A3BF11A27A1CED1F7E98082246E40CF01289FD47FE4A5ED46C221F2F73F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067060Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{1898f399-c028-4710-b40c-a5a12eaa891f}\0.1.filtertrie.intermediate.txt2022-01-20 07:05:17.128 23542300x800000000000000067059Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{1898f399-c028-4710-b40c-a5a12eaa891f}\0.1.filtertrie.intermediate.txtMD5=34BD1DFB9F72CF4F86E6DF6DA0A9E49A,SHA256=8E1E6A3D56796A245D0C7B0849548932FEE803BBDB03F6E289495830E017F14C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067058Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{1898f399-c028-4710-b40c-a5a12eaa891f}\0.0.filtertrie.intermediate.txt2022-01-20 07:05:17.128 23542300x800000000000000067057Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{1898f399-c028-4710-b40c-a5a12eaa891f}\0.0.filtertrie.intermediate.txtMD5=F975464F45E06A57B8FE3C4FFE644599,SHA256=41B65982C681DAFBA517CEA1878436C4FE1500C161A00B9A916661DB425D5FB0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067056Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.846{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\2\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_COOBE_CortanaIcon[1].png2022-01-20 07:05:17.472 23542300x800000000000000067055Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.846{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\2\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_COOBE_CortanaIcon[1].pngMD5=A98EF91236D0A680740A3C0F10937087,SHA256=660FDBEDE1BFFF4F5F322F2DD862445A2BE9101828A32013843E5F6E0320D804,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067054Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.843{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\2\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_COOBE_COOBE[1].html2022-01-20 07:05:17.472 23542300x800000000000000067053Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.843{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\2\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_COOBE_COOBE[1].htmlMD5=CDD4A14258DC43D22C37F1E721AEC245,SHA256=0D9E19723D9ED66DD13CB8657808963130BAD94249F03228CCC68BB32FC360C5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067052Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_9[1].txt2022-01-20 07:05:17.487 23542300x800000000000000067051Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_9[1].txtMD5=F98851A644D901C32D1152CF001C2A30,SHA256=8A450F4631B7F451F470B7E7EF723A872C962749001C75AB1E9A01FC2765766A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067050Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_8[1].txt2022-01-20 07:05:17.503 23542300x800000000000000067049Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_8[1].txtMD5=5B7A3FBF6CE7627737B7AE8F7F73AF2B,SHA256=E5C8A584A8EF5082455DF1B7D986CDF9160F0A5AFA0EC6FD360EAAB9A1A8C5C1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067048Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_7[1].txt2022-01-20 07:05:17.550 23542300x800000000000000067047Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_7[1].txtMD5=FF638505C57813F0F9115CB2F853BC07,SHA256=18695997D547308B565AA0D9AC8FDF8981966A47AF431DCC943BCC882AB6ECB7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067046Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_6[1].txt2022-01-20 07:05:17.550 23542300x800000000000000067045Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_6[1].txtMD5=E68A5D04BF606560BDC326154A025956,SHA256=C32FBB255C914DA8336038933E799C5FEC8D50A0661B78DAB9E312131E7B7637,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067044Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_5[1].txt2022-01-20 07:05:17.550 23542300x800000000000000067043Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_5[1].txtMD5=10D7D30E23DBC108EC78C03F9E741566,SHA256=99355DBE0DDE1F5390AF8BA6FEB736E85B00C13E8D08B560DFE2D7EC5465E8C3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067042Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_4[1].txt2022-01-20 07:05:17.565 23542300x800000000000000067041Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_4[1].txtMD5=D20D4B52F55421E4F0EE293FA394F274,SHA256=6594DB803F6BEAC699E3B4FE1BFFF9F1A6C8B7D1CB43A9A92A7D6979EE62B9ED,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067040Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_3[1].txt2022-01-20 07:05:17.565 23542300x800000000000000067039Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_3[1].txtMD5=766B33AB225A94D22C45803D32D1D2C4,SHA256=8BF750226E7E4720AFCD86820D0752946ABB11DB79EF62AFFA61EEC941AB5C20,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067038Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_2[1].txt2022-01-20 07:05:17.597 23542300x800000000000000067037Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_2[1].txtMD5=6B559E6B268CC53FC0293A706E970550,SHA256=9179C223831AE54A2A21E24B1BDBD1D06C00098FA2A664F476756CEFA56C71E9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067036Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_22[1].txt2022-01-20 07:05:17.597 23542300x800000000000000067035Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_22[1].txtMD5=87C5803AC86277335317BEEC5B252EF0,SHA256=8F7211EC0F4E0532DB653FECB4F605EB4C3C6C9879B138185DB4AAF7245646BB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067034Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_21[1].txt2022-01-20 07:05:17.612 23542300x800000000000000067033Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_21[1].txtMD5=1DE957E6ECB8E53F1849E98E56D5D8F8,SHA256=D60A1010C3D82CAABA7C755C3A6423D7A268BCDC9EA4F27B10E8E14FD84ACD24,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067032Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_20[1].txt2022-01-20 07:05:17.644 23542300x800000000000000067031Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_20[1].txtMD5=A6A758B9A843A9AE35166154D051C654,SHA256=59BEC20EBDB4ABAD19803E90044333A5781C755A3DDC0663A4A95E88AA0F45DC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067030Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.779{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_19[1].txt2022-01-20 07:05:17.753 23542300x800000000000000067029Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.779{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_19[1].txtMD5=4EA6D9CCAE439451E3EDC69589C21F52,SHA256=115EE9EFD86B0AB505977609DBC1409CAD55275ED187667B37C1F7453406AA7D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067028Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.779{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_18[1].txt2022-01-20 07:05:17.784 23542300x800000000000000067027Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.779{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_18[1].txtMD5=7F25769992DF13C241A1F14C72781B7F,SHA256=C3F1170A49C7EE2CF721D222FA1F766543D0F69BBCB35BFA2C64453025365DA1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067026Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.779{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_17[1].txt2022-01-20 07:05:17.784 23542300x800000000000000067025Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.779{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_17[1].txtMD5=D2ECB824C1EBD5CAD726A8FA730F83BD,SHA256=9BA9C472659B68EC59A470063958FCF4C1B9F95670B884F95FF690DA601CADA6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067024Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.764{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_16[1].txt2022-01-20 07:05:17.800 23542300x800000000000000067023Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.764{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_16[1].txtMD5=91784C62BBC0181E5D1A1939D62C7576,SHA256=7C5953F43236E76AD1EABF5FB4E75FDC98F73A7686BFF5C023843D16A53C2CA7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 13241300x800000000000000067022Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:16.743{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{3283AE7C-C76D-4914-B7F9-5B411380CD3D}\RegisteredSinceBootDWORD (0x00000001) 13241300x800000000000000067021Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:16.743{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{3283AE7C-C76D-4914-B7F9-5B411380CD3D}\StaleAdapterDWORD (0x00000000) 13241300x800000000000000067020Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:16.743{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{3283AE7C-C76D-4914-B7F9-5B411380CD3D}\CompartmentIdDWORD (0x00000001) 13241300x800000000000000067019Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:16.743{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{3283AE7C-C76D-4914-B7F9-5B411380CD3D}\FlagsDWORD (0x00000002) 13241300x800000000000000067018Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:16.742{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{3283AE7C-C76D-4914-B7F9-5B411380CD3D}\TtlDWORD (0x000004b0) 13241300x800000000000000067017Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:16.742{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{3283AE7C-C76D-4914-B7F9-5B411380CD3D}\SentPriUpdateToIpBinary Data 13241300x800000000000000067016Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:16.742{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{3283AE7C-C76D-4914-B7F9-5B411380CD3D}\SentUpdateToIpBinary Data 13241300x800000000000000067015Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:16.742{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{3283AE7C-C76D-4914-B7F9-5B411380CD3D}\DnsServersBinary Data 13241300x800000000000000067014Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:16.742{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{3283AE7C-C76D-4914-B7F9-5B411380CD3D}\HostAddrsBinary Data 13241300x800000000000000067013Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:16.742{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{3283AE7C-C76D-4914-B7F9-5B411380CD3D}\PrimaryDomainNameattackrange.local 13241300x800000000000000067012Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:16.742{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{3283AE7C-C76D-4914-B7F9-5B411380CD3D}\AdapterDomainName(Empty) 13241300x800000000000000067011Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:16.742{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{3283AE7C-C76D-4914-B7F9-5B411380CD3D}\Hostnamewin-dc-tcontreras-attack-range-53 10341000x800000000000000067010Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.726{6F5BEE90-18A7-61E9-0B00-000000002102}608780C:\Windows\system32\lsass.exe{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2f1f1|C:\Windows\system32\lsasrv.dll+2d0d6|C:\Windows\system32\lsasrv.dll+32475|C:\Windows\system32\lsasrv.dll+302fb|C:\Windows\system32\lsasrv.dll+2f1f1|C:\Windows\system32\lsasrv.dll+1752d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e 13241300x800000000000000067009Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:16.726{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{3283AE7C-C76D-4914-B7F9-5B411380CD3D}\RegisteredSinceBootDWORD (0x00000001) 11241100x800000000000000067008Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_15[1].txt2022-01-20 07:05:17.800 23542300x800000000000000067007Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_15[1].txtMD5=E15FA9A83F9216A78A5E4AE2C2C08305,SHA256=65E0957B6D224D885497EE696AA97F94FE98D8BFBBD4F927508ABD645A4182BA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067006Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_14[1].txt2022-01-20 07:05:17.800 23542300x800000000000000067005Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_14[1].txtMD5=83CDB65FC5E3B9880848CA153945CD99,SHA256=E2E2AC74937053440DD9592C7CC1619F3290A042838C9922D69E1B5BFF985B89,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067004Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_13[1].txt2022-01-20 07:05:17.800 23542300x800000000000000067003Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_13[1].txtMD5=94E8C0A2D77D4C6A4CC2AA5D6D71B3FC,SHA256=F0E0AA4CBFFAC78A340ADD726D7D94A090CE6D8E6DEFBC9673531B4E5053B05D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067002Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_12[1].txt2022-01-20 07:05:17.862 23542300x800000000000000067001Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_12[1].txtMD5=3F65ED27EE681BC5D4F69A5C271DB6A1,SHA256=63828079B72050681B6811C4AA76A79CF8FB5F51E04B1596DBD761007BFC829E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067000Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_11[1].txt2022-01-20 07:05:17.862 23542300x800000000000000066999Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_11[1].txtMD5=006B1BF929F2A82B7AD00727A9F1623C,SHA256=A9F72540A0C0F03453F87AC641EB31BF401D6BE7A92F4615E9C49C7725BC3427,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066998Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_10[1].txt2022-01-20 07:05:17.862 23542300x800000000000000066997Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.647{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\UNBDVR11\1\C__Windows_SystemApps_Microsoft.Windows.Cortana_cw5n1h2txyewy_cache_Desktop_10[1].txtMD5=203D482240E2A13DE24F8F82A9037348,SHA256=5B64FA6B42BE7F59D4D48C4C85ED73B9311003133E8F02F04AE6FA198CD81ED2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066996Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.611{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066995Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.595{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\settings.ini2022-01-20 07:05:17.956 23542300x800000000000000066994Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.595{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\settings.iniMD5=081A9719D4FE8412D50113CC4BFB2B5E,SHA256=949860F6C3FD1C03ECBB873D07E9F5DE77E3F2D11BC6D7DDFEBC5FA35901D9E8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066993Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.595{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.iniMD5=F39A58EF97B3CDED2B0763F7A1024108,SHA256=864ED409A02C9405013F1443A6A2A5549B615E8815B8F4F0FBF6B9A27D349947,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066992Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.iniMD5=42D1770E232A5D25EA2C08E4EABF7E41,SHA256=CCED29BCEDE7E70AED3CA67BFD91BB704D1D5565E01DD48C37F3EF2045C198E3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066991Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.iniMD5=22F192FB4C42DF0A72A2FA00F41CE01A,SHA256=5047110D0DF7B37CBC100C4E6B534643E4DE9DB35BD9E2D6AAA0B7C743C7FCD4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066990Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log2022-01-20 07:05:18.144 23542300x800000000000000066989Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\WebCache\V01tmp.logMD5=4FB66CCAFA4A6F2BE5E29529A13D586C,SHA256=667FE56AD5FE0D7CD08B5C11EC0EA04816F410C2DC7F3ED67680861F1043FF64,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066988Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\WebCache\V0100007.log2022-01-20 07:05:18.144 23542300x800000000000000066987Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\WebCache\V0100007.logMD5=96AD520030D49EEA3165E024F867A19B,SHA256=9D1EC3B173067C513C4D9B2D0D60D2235D2364FB502BCC5752BEB7C648610525,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066986Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.564{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20220120-075401-00000003-ffffffff.binMD5=5502BBF29E966B51C425F6EF89BCF821,SHA256=1C7FCB3CDDD61E4DF17D7BE5FEF3B16B69D31BAE8457398188574148CD1E87A0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066985Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.564{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20220120-070540-00000003-ffffffff.binMD5=4A7BAC15213F725B432998FCC14668A6,SHA256=B1B4F7A4BF81D45F2FB4F03F24BAE6187E88187D0CF3452AADD4659E019D4034,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066984Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.548{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20220120-070444-00000003-ffffffff.binMD5=6B955B366DDAEEE43A5F15D665D7D6EF,SHA256=CD302B8DF1573C6F20DFB9C823898EB989B75AE42F3673FEE39683FAFC3976BA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066983Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.548{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20220112-053013-00000003-ffffffff.binMD5=F2ECF49445F72672074F7644B4964FE6,SHA256=091A410BCF2293BA2317D71A432C8B819F856A3A2BE1B2ADBB11EAA3E9B5BFE2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066982Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.548{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20220112-052729-00000003-ffffffff.binMD5=EB706378E63EBFEB4F6A34DF7F6346D8,SHA256=8C101D3F315E7C94FCCEBF990DC9F4C594228C0CFD9F2338788346E5D14B50BE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066981Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.548{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20220112-045142-00000003-ffffffff.binMD5=C7E9B607C8AB0CAC7BFA00AB3C17B4D6,SHA256=54C08802EE955DE261D2BC142B0A62A79D8C0455653B0C8FAFAB3A80A3A4AABA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066980Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.545{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20220112-043139-00000003-ffffffff.binMD5=0DA0195CE25D94EC69D441B18C177455,SHA256=54F64BF2674B421EC391925B37D6C5FA8587EA119DB336965F6785B62A4CCDE8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066979Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.526{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20220112-043133-00000003-ffffffff.binMD5=E219CF7D9D65D9AB7C8EBF62CA1F0AE0,SHA256=7F3BEE375F8976971EE6D2B1087D7A5CA9EC0EDDD3ED4663296585994563DC09,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066978Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.526{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20220112-040852-00000003-ffffffff.binMD5=4FD874AAB87FD9ACF01A69AAA18D7E14,SHA256=04240ECCD8BA537EB6A1ED620BF9963CF0A736C79E4DFBC99E023FB49CFBC0A2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066977Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.447{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\WebCache\V0100006.log2022-01-20 07:05:18.144 23542300x800000000000000066976Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.426{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\WebCache\V0100006.logMD5=0FA59896873F1E0DA1150AF09E83211C,SHA256=79EB1237FC893B0D731C4DC068EF097D0CAF284FFAC29EF8C10D88A923D6B71D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066975Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.410{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A69075F70AE38762008BD4CE6BD0F58,SHA256=CA090D22D25814791893E1A001AEDA25EEF679B02E59187B1F08A81E1920C0B8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066974Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.394{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A86702FE8261F3208664431FF573BF5,SHA256=0B986778805ABB2C9D852DC591674F59857DEF5249FDB7D614AE6E3426301791,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066973Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.363{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20220112-040046-00000003-ffffffff.binMD5=A673D7A33319449CB242EE297E09E38E,SHA256=8779F84D617AFB6BF7AC2A9CED697BB3355D875E182C0AC071C03ECAE2548D15,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066972Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.363{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\WebCache\V0100005.log2022-01-20 07:05:18.144 23542300x800000000000000066971Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.363{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\WebCache\V0100005.logMD5=5FFB9BF17F74ABE7333B2E6DAD568FCA,SHA256=9C531F7C4771E289FB08DFC17788578F537EE2E40EE30BB174D83840A3D8FA47,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066970Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.325{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20220112-035655-00000003-ffffffff.binMD5=44626F27213C82C8AD4FE0C44FF5BFB7,SHA256=22D2D679810F4B3F89B9CAC46979BBFE180E103FFC24A6AB8E8BDEF9CACD229B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066969Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.325{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20220112-034609-00000003-ffffffff.binMD5=2D1ADD5A9D90D71EB7AD7B973AB41442,SHA256=B2CE2F6BEF7DB8D242146C98493B9980ACDC7CAD721604742F075A76972BD855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066968Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.278{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20220112-031443-00000003-ffffffff.binMD5=070B99997F42D699660A95D9F784D827,SHA256=54082FA9DC1956B7A4ABAB77CF7900B2BBE72B2C0A81FF7608A3EC6D1973CA04,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066967Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\WebCache\V01.log2022-01-20 07:05:18.190 23542300x800000000000000066966Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\WebCache\V01.logMD5=F91E2DC201F02769B7729B26B01B5237,SHA256=492B73D7C3EA11EB87C3ED7894B89490AA18F135D61E0782F1EC525371EF214F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066965Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.263{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20220112-031304-00000003-ffffffff.binMD5=7671B2B0EF86C53756607B457F28226D,SHA256=9E33965AAEA49D9C6E5C96CAD25CF06B146AC17FA60D53910309EF56F2191356,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066964Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.263{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211215-051100-00000003-ffffffff.binMD5=FE43D9A08CE86AC600BC24CEA10D3258,SHA256=EEB82ED2C12E336F28F17C44B59B79802FA3ED3E7BEDD45CB60246BB4304CE97,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066963Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.263{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211215-050811-00000003-ffffffff.binMD5=8DDFD9EA118BC55227412FB69BA1F9BF,SHA256=82764D19D6A753DEF589CEC063A1EEF23401C4A2FE108243DBB19DB64513E0C6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066962Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.247{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211215-043305-00000003-ffffffff.binMD5=433DAEF7D64380380B9E0E12E5756480,SHA256=178C37C91CD29B56910FDA610534B84A0D39456554DB629B6F90BF0DC6C324C9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066961Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.197{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211215-035537-00000003-ffffffff.binMD5=11992640D06992C753C175500F40FDCD,SHA256=AD3FC76C3EF48F30D2F6B0869F837DB47CC879250322AE922868BBEAF012A886,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066960Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.178{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb2022-01-20 07:05:18.269 23542300x800000000000000066959Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.178{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edbMD5=117366841ED1DD6FDBF0799A58B5C733,SHA256=3E2C6F88348BE3371F27A1FA3D47D6D8C8CFFA54C8C2F53D24D4EC7B0FE8BCE6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066958Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.147{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\SettingSync\metastore\edbtmp.log2022-01-20 07:05:18.284 23542300x800000000000000066957Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.147{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\SettingSync\metastore\edbtmp.logMD5=59071590099D21DD439896592338BF95,SHA256=07854D2FEF297A06BA81685E660C332DE36D5D18D546927D30DAAD6D7FDA1541,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 11241100x800000000000000066956Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.094{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb00001.log2022-01-20 07:05:18.300 23542300x800000000000000066955Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.094{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb00001.logMD5=E9E8EB2C6B86F1E877C2F04C1E31E3FD,SHA256=666D5292FD14BB370DEDEEAD8AD7A01111BC4681AD11E9B5D7E0F429696B9690,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000066954Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:16.078{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log2022-01-20 07:05:18.331 23542300x800000000000000066953Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.078{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.logMD5=226338E3C4E47D1DD13E346231B53AAC,SHA256=DAD5D452E8CCE79150D0597C524B99AAB151C5EC50A5D5AF16DDE2E8D46D801B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066952Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.025{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211215-034935-00000003-ffffffff.binMD5=BBC8CCFC6F00EB84B278B9AAB0CA30A5,SHA256=52A677F7F5501B398624BF0FBB2EBC39C5C488FDB8A2CFD672D1B3547DF9678D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066951Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.010{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211215-034553-00000003-ffffffff.binMD5=CA589ACF015729FD4C8344E277373E18,SHA256=39774D3019D08250C02C9E5DFA987D06B9803F055A231D8B50A2F5BED74ADE27,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066950Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:16.010{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211215-033531-00000003-ffffffff.binMD5=FA55E09F94995F5332A04A91226D76B1,SHA256=FF9CC8F0E300B9702F268025485E4043F1C83E894C0730B0E7C114F635B8629F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000066949Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:15.994{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-20211215-031015-00000003-ffffffff.binMD5=730DA0822FCED720B9DACF1E0CD27284,SHA256=142E7BA475577833129D842F5D8E261D3D29D748E4182C4FE0EE4F531D22AF32,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000031971Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:17.440{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=72BF1DB7B26EB29DB69D384C8EA4087B,SHA256=7F821EA6269764E61570357FC225783F7049F229F494FAD993642CCD492F3713,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000067159Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.950{6F5BEE90-1B0F-61E9-E500-000000002102}41762952C:\Windows\system32\csrss.exe{6F5BEE90-3BD5-61E9-9009-000000002102}4304C:\Windows\SysWOW64\PING.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000067158Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.950{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067157Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.950{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067156Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.950{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067155Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.950{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067154Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.950{6F5BEE90-3BD5-61E9-8E09-000000002102}46965196C:\Windows\SysWOW64\cmd.exe{6F5BEE90-3BD5-61E9-9009-000000002102}4304C:\Windows\SysWOW64\PING.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9278(wow64)|C:\Windows\System32\KERNELBASE.dll+d7f5c(wow64)|C:\Windows\SysWOW64\cmd.exe+ebb2|C:\Windows\SysWOW64\cmd.exe+69f6|C:\Windows\SysWOW64\cmd.exe+68fd|C:\Windows\SysWOW64\cmd.exe+c912|C:\Windows\SysWOW64\cmd.exe+c161|C:\Windows\SysWOW64\cmd.exe+8553|C:\Windows\SysWOW64\cmd.exe+c1fc|C:\Windows\SysWOW64\cmd.exe+10c43|C:\Windows\SysWOW64\cmd.exe+1499f|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 154100x800000000000000067153Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.956{6F5BEE90-3BD5-61E9-9009-000000002102}4304C:\Windows\SysWOW64\PING.EXE10.0.14393.0 (rs1_release.160715-1616)TCP/IP Ping CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationping.exeping 111.111.111.111 -n 5 -w 10 C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ATTACKRANGE\Administrator{6F5BEE90-1B13-61E9-8513-0D0000000000}0xd13852HighMD5=8CA6D537FD710AC4A2E5668877345C12,SHA256=BDC34D4260925E54B84395B8167CA5D6F9C4AA2E047221C14F7736DDDEB13906,IMPHASH=0EB64EACA8C951D760EEA1A941A2A3F7{6F5BEE90-3BD5-61E9-8E09-000000002102}4696C:\Windows\SysWOW64\cmd.execmd.exe /min /C ping 111.111.111.111 -n 5 -w 10 > Nul & Del /f /q "C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exe" 10341000x800000000000000067152Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.897{6F5BEE90-18AA-61E9-1600-000000002102}13241676C:\Windows\System32\svchost.exe{6F5BEE90-3BD5-61E9-8F09-000000002102}2136C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067151Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.897{6F5BEE90-18AA-61E9-1600-000000002102}13241364C:\Windows\System32\svchost.exe{6F5BEE90-3BD5-61E9-8F09-000000002102}2136C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067150Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.881{6F5BEE90-3BD5-61E9-8F09-000000002102}21365900C:\Windows\system32\conhost.exe{6F5BEE90-3BD5-61E9-8E09-000000002102}4696C:\Windows\SysWOW64\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067149Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.865{6F5BEE90-1B0F-61E9-E500-000000002102}41764072C:\Windows\system32\csrss.exe{6F5BEE90-3BD5-61E9-8F09-000000002102}2136C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 534500x800000000000000067148Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.850{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exe 10341000x800000000000000067147Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.845{6F5BEE90-1B0F-61E9-E500-000000002102}41763520C:\Windows\system32\csrss.exe{6F5BEE90-3BD5-61E9-8E09-000000002102}4696C:\Windows\SysWOW64\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000067146Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.844{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067145Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.844{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067144Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.843{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067143Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.843{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067142Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.827{6F5BEE90-3BA5-61E9-8409-000000002102}15166808C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exe{6F5BEE90-3BD5-61E9-8E09-000000002102}4696C:\Windows\SysWOW64\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9278(wow64)|C:\Windows\System32\KERNELBASE.dll+15a0bb(wow64)|C:\Windows\System32\KERNELBASE.dll+159d6c(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exe+18c8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exe+1935(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exe+194a(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exe+41b4(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exe+1288(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exe+12f5(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 154100x800000000000000067141Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.837{6F5BEE90-3BD5-61E9-8E09-000000002102}4696C:\Windows\SysWOW64\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Execmd.exe /min /C ping 111.111.111.111 -n 5 -w 10 > Nul & Del /f /q "C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exe"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ATTACKRANGE\Administrator{6F5BEE90-1B13-61E9-8513-0D0000000000}0xd13852HighMD5=0FEC5F30E705EADAEA5E9144F2FB12DC,SHA256=614CA7B627533E22AA3E5C3594605DC6FE6F000B0CC2B845ECE47CA60673EC7F,IMPHASH=B20DE9D5F257E3C5BDD2834F89FC042A{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exe 23542300x800000000000000067140Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.827{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Public\Videos\desktop.iniMD5=582BD0FACB013808C1C4804D894CD9FD,SHA256=D719C6796022F1E7C94A3208B6A488191E83C135067B6640DC5F7FCB872604E8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067139Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.812{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Public\Pictures\desktop.iniMD5=2F145CCA0196FB928EE5656F2CFC2934,SHA256=73671D1BA8A835E74033F7E62AFB9371C98F01EFDD760A2D7093ABBFCAB7FAFA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067138Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.812{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Public\Music\desktop.iniMD5=48F5AC70AAEDAFE403B362E41DA1E1D6,SHA256=F09A1312CD41AADC809249DC3A6F5D5318266B40FD74B9E714571419810131DE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067137Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.812{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Public\Libraries\desktop.iniMD5=203ABC35EE1B804C770321D392CAC58C,SHA256=1EFC1DC35230C0812630135F042918692572CD0689D6DABD9787F7086794770F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067136Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.812{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Public\Downloads\desktop.iniMD5=81594CBB270B4099912612CD3C20306A,SHA256=6783E0A9FEA5BEB9FF2BFF02264784E42E5890F89DA6C0395F6325591C823FBB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067135Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.812{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Public\Documents\desktop.iniMD5=EC659B643B3DC5A57DAFA797BBC83871,SHA256=B18F9A899844D82F60FF3A1AB7FC9EFC4A7297D78C04BCDA65362B7BCE2C02A8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067134Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.796{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Public\desktop.iniMD5=7220FAD57A4B3D9D9755C51198CC0386,SHA256=6DE1A716B5C49541EBC9692B16EFA6FDB75B18C2A210974F94F83DCFDF8800D7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067133Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.796{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Public\Desktop\desktop.iniMD5=DC723B859DEC1526568AD581AEC334D5,SHA256=7148FBBF1AAC8B5A54D248DF19B60C00D3C0DCB2FD5BB2A1EFD4E0F0EAC6DD0F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067132Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.796{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Public\AccountPictures\desktop.iniMD5=2971C89BFB3B06E591694B9A78E467B9,SHA256=658D53A476592DB7E0E09ECD0073B80315DC2D9041B2FB3BF96EB84FF89676CC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067131Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\desktop.iniMD5=6B1A6A9959CE35FA0DF98F8E602BB191,SHA256=8F6C28C6F4EF09A335123AF11DFD7A45FFDEC661ACDEF2C151E871A7E060E71E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067130Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\Videos\desktop.iniMD5=50A956778107A4272AAE83C86ECE77CB,SHA256=B287B639F6EDD612F414CAF000C12BA0555ADB3A2643230CBDD5AF4053284978,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067129Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\Searches\desktop.iniMD5=089D48A11BFF0DF720F1079F5DC58A83,SHA256=A9E8AD0792B546A4A8CE49EDA82B327AD9581141312EFEC3AC6F2D3AD5A05F17,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067128Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\Saved Games\desktop.iniMD5=B441CF59B5A64F74AC3BED45BE9FADFC,SHA256=E6FDF8ED07B19B2A3B8EFF05DE7BC71152C85B377B9226F126DC54B58B930311,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000067127Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.023{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53domainfalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local54416- 354300x800000000000000067126Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.023{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local54416-false10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53domain 354300x800000000000000067125Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.022{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local59245- 23542300x800000000000000067124Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.765{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\Pictures\desktop.iniMD5=29EAE335B77F438E05594D86A6CA22FF,SHA256=88856962CEF670C087EDA4E07D8F78465BEEABB6143B96BD90F884A80AF925B4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067123Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.765{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\ntuser.iniMD5=6FC234AD3752E1267B34FB12BCD6718B,SHA256=5AD8F52071D25165E7E68064AB194EC27A074A3846149ED0689AF23E7F7F2D00,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067122Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.765{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\Music\desktop.iniMD5=06E8F7E6DDD666DBD323F7D9210F91AE,SHA256=8301E344371B0753D547B429C5FE513908B1C9813144F08549563AC7F4D7DA68,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067121Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.765{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\Links\desktop.iniMD5=3B960DA228CC489B622697659C885D64,SHA256=A4234E2CF44C57609FD7CB0F9F0A33EE136B542FBA5121AC02D85B38FB2EA02D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067120Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.765{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\Favorites\Links\desktop.iniMD5=3C106F431417240DA12FD827323B7724,SHA256=E469ED17B4B54595B335DC51817A52B81FCF13AAD7B7B994626F84EC097C5D57,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067119Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.765{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\Favorites\desktop.iniMD5=881DFAC93652EDB0A8228029BA92D0F5,SHA256=A45E345556901CD98B9BF8700B2A263F1DA2B2E53DBDF69B9E6CFAB6E0BD3464,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067118Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.749{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BF5651F6F2707086CF2E3DA028FD9B54,SHA256=FC9329BF38378363B72C3A29627540F4B84264218424926EC36B996A4D97559C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067117Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.749{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\Downloads\desktop.iniMD5=3A37312509712D4E12D27240137FF377,SHA256=B029393EA7B7CF644FB1C9F984F57C1980077562EE2E15D0FFD049C4C48098D3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067116Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.749{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DEFDA7E026BE2B1F6E589AB0A19D81D1,SHA256=BB8FC6D11A6E663494D65A65F9A3C5EE1325F761E493E93C5B64EA5493E6BFAE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067115Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.749{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\Documents\desktop.iniMD5=ECF88F261853FE08D58E2E903220DA14,SHA256=CAFEC240D998E4B6E92AD1329CD417E8E9CBD73157488889FD93A542DE4A4844,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067114Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.726{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\Desktop\desktop.iniMD5=9E36CC3537EE9EE1E3B10FA4E761045B,SHA256=4B9D687AC625690FD026ED4B236DAD1CAC90EF69E7AD256CC42766A065B50026,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067113Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.726{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\Contacts\desktop.iniMD5=449F2E76E519890A212814D96CE67D64,SHA256=48A6703A09F1197EE85208D5821032B77D20B3368C6B4DE890C44FB482149CF7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067112Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.726{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.iniMD5=3AA1D8D650944F797F80D23D67A2F335,SHA256=051EAC875E4DCC20F0C7DCE3ED02A9FDD347F554550774EF7EC827248B4CE1E1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067111Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.711{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.iniMD5=9E99BA5EFB1439677D639C9DF7A49DEE,SHA256=E82D3C52740AC98C944882F75C2F217733D8E8296D7E12F21D535DDBBD9AFF5A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067110Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localT10232022-01-20 10:39:17.711{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunWallpaperSetupInit.cmd2022-01-20 07:05:56.134 23542300x800000000000000067109Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.711{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunWallpaperSetupInit.cmdMD5=6F31D86A88379966303FF5E580AC09C9,SHA256=D6EC54010FC20FADFE76B05AE3DDBCAB1C3134F462C4ED615C32B571A2930D38,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067108Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.iniMD5=7F1698BAB066B764A314A589D338DAAE,SHA256=CDB11958506A5BA5478E22ED472FA3AE422FE9916D674F290207E1FC29AE5A76,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067107Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.iniMD5=CAC4D0F604168B35338F40B0FE08C453,SHA256=8D1EDA3F60FDB808BB783045C7295EF4ECA5192136160F6C46A919E9E53E92E6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067106Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.iniMD5=17D5D0735DEAA1FB4B41A7C406763C0A,SHA256=768B6FDE6149D9EBBED1E339A72E8CC8C535E5C61D7C82752F7DFF50923B7AED,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067105Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.iniMD5=548B310FBC7A26D0B9DA3A9F2D604A0C,SHA256=BE49AFF1E82FDDFC2AB9DFFFCB7E7BE100800E3653FD1D12B6F8FA6A0957FCAC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067104Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.iniMD5=3A2D5E6CEEB1BFC64E8B7FE7C1697BB6,SHA256=0B4987D67F591D62F09BCEEF32299562ACF224E9ECC59A6EBAC45B6CF23D895F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067103Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.680{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.iniMD5=D69BA89AE591A62E758F84E1A06DDA6C,SHA256=BE3B457C123FD5B98BEF1C6224CEFDC3EA84E0DEADF3B92740929A8A19476602,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067102Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.680{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniMD5=A2D31A04BC38EEAC22FCA3E30508BA47,SHA256=8E00A24AE458EFFE00A55344F7F34189B4594613284745FF7D406856A196C531,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067101Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.680{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.iniMD5=E5DD8495A100A9AA69637A23F1AEAE2E,SHA256=E6B8D4B42513796767B593A7C0C1CD2CC959082BA63BAEEF4D0F4F4D45F99ADE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067100Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent\desktop.iniMD5=F107D0270E21A2FE91099FDC15918D44,SHA256=EB315C9D165B4916E3B00E4D148B53A6C03A2F0694A6A8821D98E76F935CA6A8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067099Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows\Libraries\desktop.iniMD5=99D72ADF4E683FA1E6F1A435FF5BE9B3,SHA256=873BCD7FC25E21142BDFCD6C8F2BEA3E294A055E3F132D8A2B3407ABA45074E1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067098Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.iniMD5=08E1B7B2FD872CDCC42AF67707DC2A98,SHA256=4E252DBEE2058E1CF6F78FC67568759A8AD213BCAFE33192E55DD5712D7E4ABD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067097Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.iniMD5=438516CFB879D7D8C3CE7EC7783CBF79,SHA256=57C38ADA78BB25A608C0B85A4D255B6FEB435726027D192CE08E39A66385B147,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067096Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniMD5=DEE294828EE7536D2F8C97BD714C8AF8,SHA256=BE29918EBC9503393EB28C8BF2026D8E240F08A087B1B6597F55E1D49A4B652F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067095Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:17.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\TileDataLayer\Database\vedatamodel.edb2022-01-20 07:05:16.800 23542300x800000000000000067094Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\TileDataLayer\Database\vedatamodel.edbMD5=08334A7B9841C4003313098EED50C26B,SHA256=0FA67F1DF533B55F7D9C9096F1CEC9B011D7F17D40542AC9528D1E6D7FCF9337,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067093Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.610{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=CBEAEA839D958C70F46DEEA2F087F84B,SHA256=952DBD3E4E460F65C75C4DD3410970F2BD2AB89F346422915402A1F111C3CC56,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067092Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:17.610{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\TileDataLayer\Database\EDBtmp.log2022-01-20 07:05:16.800 23542300x800000000000000067091Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.610{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\TileDataLayer\Database\EDBtmp.logMD5=0A29DF94E899C56C1EDF4B73FA3287A4,SHA256=C7026ED3F96A50AA2BBD43C72A37D637AD3E452DF598C13CE3B267F3DDEC80FD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067090Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:17.526{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\TileDataLayer\Database\EDB00004.log2022-01-20 07:05:16.831 23542300x800000000000000067089Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.526{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\TileDataLayer\Database\EDB00004.logMD5=DA44644C2EFDBDA46436AE5441687664,SHA256=F391267340FE73A80762EB294FB85CB4F68F571CB394631D0EA5B880143B937F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067088Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:17.426{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\TileDataLayer\Database\EDB.log2022-01-20 07:05:16.847 23542300x800000000000000067087Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.426{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\TileDataLayer\Database\EDB.logMD5=6DE21D7565716823F4ED6D0471437E17,SHA256=5F3174C7BF75B630AF75EE22EBA477E6E0B1AB3817A75B489D27CB2A06668308,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067086Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.179{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D67F342FD36FA41F10C055EF7988EBA3,SHA256=F9E9501A4CA38E92D48A4019ADD5CDCAA73D5763296BCC7AAF28E22C54D0D952,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000031970Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:17.362{CE7C8936-1B12-61E9-AB00-000000002202}1912NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9E11AA9F3452DB0F16F9E79CCD407159,SHA256=0B6123CF67044127245D77723D015AECD3385919E1F78356EC114EAF4F576866,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000067085Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:17.095{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131420250026721327.txt2022-01-20 07:05:16.987 23542300x800000000000000067084Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.095{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131420250026721327.txtMD5=35CB8C19D2035D2165E1EFA7FA0ADF70,SHA256=5DCC967527060112D9824F3C852F5F1344613C12F2BEEAAF6D67A901E00B615F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067083Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:17.095{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131420249992652675.txt2022-01-20 07:05:16.987 23542300x800000000000000067082Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.095{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131420249992652675.txtMD5=35CB8C19D2035D2165E1EFA7FA0ADF70,SHA256=5DCC967527060112D9824F3C852F5F1344613C12F2BEEAAF6D67A901E00B615F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067081Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:17.079{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{93e918b8-f239-44ba-b3fb-ad2d4b5024b9}\settingssynonyms.txt2022-01-20 07:05:16.987 23542300x800000000000000067080Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.079{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{93e918b8-f239-44ba-b3fb-ad2d4b5024b9}\settingssynonyms.txtMD5=9239D33BCC9C55C4D97DCAE64A7E2F5B,SHA256=D147C9B76ACC226324DEF206D680C3368109018BE254FD1399C8E2ED2C3D77E8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067079Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:17.079{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{93e918b8-f239-44ba-b3fb-ad2d4b5024b9}\settingsglobals.txt2022-01-20 07:05:17.003 23542300x800000000000000067078Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.079{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{93e918b8-f239-44ba-b3fb-ad2d4b5024b9}\settingsglobals.txtMD5=D2D6B108ED635B192276F2E13160BB9F,SHA256=598A2674BE811C1256B0E18311CE5CBA2A542D0965FF4A0AC96173CE78A4C575,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067077Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:17.079{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{93e918b8-f239-44ba-b3fb-ad2d4b5024b9}\settingsconversions.txt2022-01-20 07:05:17.019 23542300x800000000000000067076Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.079{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{93e918b8-f239-44ba-b3fb-ad2d4b5024b9}\settingsconversions.txtMD5=F21F68AB0FD9BF5B4255EDDDE72BE816,SHA256=9034FBD5F370A37A2E43CAE5D482B84D3ED9B6C62C6DDBC4BEE25B0526AD25EE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 11241100x800000000000000067075Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localDefaultUserModified2022-01-20 10:39:17.079{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{93e918b8-f239-44ba-b3fb-ad2d4b5024b9}\appssynonyms.txt2022-01-20 07:05:17.034 23542300x800000000000000067074Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.079{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Users\Default\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{93e918b8-f239-44ba-b3fb-ad2d4b5024b9}\appssynonyms.txtMD5=E86D86E41327A21E2448076DD6C97A81,SHA256=A3DC890A9E3D99D3336455F0CFD94ACCAAD69242D0A1C8649AC82B8E1F8BB6FE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067073Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.044{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CCA35FD15D6360BA8C1B5DB44C0A2C79,SHA256=6CB5914FEE127D3847314028A88968304DE8344512A8B7833338CABE2839C932,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000031972Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:18.455{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C7172B32008242A3D6F64171ABFFD7F,SHA256=C0AD247C37D36C5132810D494D98C48E187FA898C6A0EF522EE8B55EA65F79C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067175Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:18.828{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BF5651F6F2707086CF2E3DA028FD9B54,SHA256=FC9329BF38378363B72C3A29627540F4B84264218424926EC36B996A4D97559C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067174Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:18.181{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C0863243527AB2087ADF6388A5056CFF,SHA256=0DBBF768591D2F58BDA05C2EF847C498A4AD0C0596F8D71AA18206DFDB0F04A3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067173Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:18.112{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=43BA1130604D9398C51347BAF8ADAA0D,SHA256=141848DA1F925EC379F8E7506CBC3B2C91B815B560CC9C0E6129AB36C9AE1FEE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000067172Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.036{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53domainfalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local49592- 354300x800000000000000067171Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.036{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local59245-false10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53domain 354300x800000000000000067170Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.035{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruea00:10e:f041:83fc:c840:59f0:c8b:ffff-59245-truea00:10e:0:0:0:0:0:0win-dc-tcontreras-attack-range-53.attackrange.local53domain 354300x800000000000000067169Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.035{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local54609- 354300x800000000000000067168Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.034{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local60734- 354300x800000000000000067167Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.034{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local60734-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53domain 354300x800000000000000067166Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.034{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local62341- 354300x800000000000000067165Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.028{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53407-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local389ldap 354300x800000000000000067164Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.028{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53407-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local389ldap 354300x800000000000000067163Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.027{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53domainfalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local62400- 354300x800000000000000067162Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.025{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53406-false10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53domain 354300x800000000000000067161Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.025{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53406-false10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53domain 10341000x800000000000000067160Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:17.997{6F5BEE90-3BD5-61E9-8F09-000000002102}21365900C:\Windows\system32\conhost.exe{6F5BEE90-3BD5-61E9-9009-000000002102}4304C:\Windows\SysWOW64\PING.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000031974Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:19.471{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=03A34BC29C29FB8BC7D474A3BC83AFE7,SHA256=F989E7AECFF2359DDDD59484C4B0F4DB13B1F834D042051365A455502E97EE9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067176Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:19.196{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7009F035EB06EB4971104BE08DCC9E09,SHA256=F847549C44729DE11EB4CBCDF8CDC686673DA04F1DEE98A6ED00EAB85C4B2E60,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000031973Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:17.062{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51394-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000067179Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:20.664{6F5BEE90-18B8-61E9-2F00-000000002102}3024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9E11AA9F3452DB0F16F9E79CCD407159,SHA256=0B6123CF67044127245D77723D015AECD3385919E1F78356EC114EAF4F576866,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067178Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:20.212{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=02F1E0131EEFD5ED78E40EF010DCEB34,SHA256=2EF6599196700641BEFA6CC33C54719E2A70ECDB512F51A0E0AFB9E9518D1A5F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000031976Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:20.487{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=67C4D6E0FFF2D2A5233731BB1CF44384,SHA256=F97A12AC64DAADFA341ABFF2528283A7C238393079232D919997F131BEAD221A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031975Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:17.796{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51395-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000067177Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:18.537{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53408-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000067180Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:21.227{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A02F5782CC314A76AF8D17DE6D5B2B98,SHA256=24FDE3E16A8846905A14EC964051CDA1F1E6DAA72F0B49E4D24FEC68CA85A687,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000031977Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:21.502{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=240724EF55EF8FC59FE09857A7E2C449,SHA256=E9E8DB8EC6860B9F39C734CFA8DC5211FA00F6A6717C9A4D639301E9C5210223,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031978Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:22.533{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53513871DE26FC7C0DFD45C56B5A10FF,SHA256=680D387EDDAC6EC5A17F9E94070666A61AB68E9F724F358618DAFA756D007847,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067182Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:22.244{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7A5953ECE74D9D3520E0A9CA9FDAC99,SHA256=2E0A6B10BDED269B6274C29770C7C17E85E1F9FAEEC404A6B2E6917B7012188F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000067181Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:20.936{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53409-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000031979Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:23.549{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=464C87309B93D98B15AFC9D8DD926DDC,SHA256=4B1E76CA6423CE536AE23C0424D50E3ECEFCA2B4335863843ABE30215096210C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067183Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:23.263{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0599DAAA2F8F5CFE0B93BDDE9AA9C235,SHA256=22101A13E7FD5376671D124AB1A86DD5B9A32D99B84996DA10B9D63D9ED37233,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000031980Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:24.580{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56A6CBB24351D3B06E887A58F5B1B437,SHA256=101439CA75CD213C292FCAAF3E0E44D0F58031E469E5D106F687C7112BAFA8EE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000067188Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:24.948{6F5BEE90-18A7-61E9-0B00-000000002102}608780C:\Windows\system32\lsass.exe{6F5BEE90-18A4-61E9-0100-000000002102}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2f1f1|C:\Windows\system32\lsasrv.dll+2d0d6|C:\Windows\system32\lsasrv.dll+32919|C:\Windows\system32\lsasrv.dll+30267|C:\Windows\system32\lsasrv.dll+2f1f1|C:\Windows\system32\lsasrv.dll+1752d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e 23542300x800000000000000067187Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:24.494{6F5BEE90-3BD5-61E9-8E09-000000002102}4696ATTACKRANGE\AdministratorC:\Windows\SysWOW64\cmd.exeC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeMD5=AF862061889F5B9B956E9469DCDAE773,SHA256=AF5CBD35C7D8DEA7D879113FDA61B0F64AC6618BCDAE15C0C732A018BABF68EE,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744truefalse - insufficient disk space 10341000x800000000000000067186Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:24.293{6F5BEE90-18A7-61E9-0B00-000000002102}608780C:\Windows\system32\lsass.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067185Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:24.293{6F5BEE90-18A7-61E9-0B00-000000002102}608780C:\Windows\system32\lsass.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000067184Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:24.278{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=27497BD731E0FF86BB1CCCE94B140464,SHA256=F3DCAE04908D308744E37FD723375423D1DADB96D8ACC602F751F42ED42A1835,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000031981Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:25.596{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E96A1338D313FAFF7B782AF226C60505,SHA256=729752BAF77F9AF4D194EB4FD79B8066442FB01EAC6A559E379C1E89CD849912,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067205Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:25.959{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=28ABD8BFA0BC443EB4D3CE8A01EA11A9,SHA256=B95A1EAF099D3846F2A045106DF3D0C8F5F3DF122D1F69D80A0EAF2EABCA1C6A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067204Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:25.958{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=404F51527E34F4A50CB42F3C830FF7A8,SHA256=EA94215DE77324040AB9266F5540C1F57D36878367F55D7DF579076E4C3C8D75,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000067203Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:25.729{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6163f|C:\Windows\System32\SHELL32.dll+62725|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067202Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:25.729{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6263e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067201Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:25.729{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62607|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067200Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:25.598{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6163f|C:\Windows\System32\SHELL32.dll+62db0|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067199Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:25.598{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+62d6c|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067198Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:25.598{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62d40|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067197Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:25.598{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d549|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067196Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:25.397{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067195Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:25.397{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067194Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:25.397{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067193Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:25.397{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067192Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:25.397{6F5BEE90-1B0F-61E9-E500-000000002102}41764072C:\Windows\system32\csrss.exe{6F5BEE90-3BDD-61E9-9109-000000002102}3540C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000067191Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:25.397{6F5BEE90-1B15-61E9-FA00-000000002102}46324732C:\Windows\Explorer.EXE{6F5BEE90-3BDD-61E9-9109-000000002102}3540C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Notepad++\NppShell_06.dll+4449|C:\Program Files\Notepad++\NppShell_06.dll+46a6|C:\Windows\System32\SHELL32.dll+80267|C:\Windows\System32\SHELL32.dll+6717e|C:\Windows\System32\SHELL32.dll+17c29c|C:\Windows\System32\SHELL32.dll+19ea38|C:\Windows\System32\SHELL32.dll+284513|C:\Windows\system32\explorerframe.dll+13cf7b|C:\Windows\system32\explorerframe.dll+139d07|C:\Windows\System32\SHELL32.dll+17c540|C:\Windows\System32\SHELL32.dll+1799be|C:\Windows\System32\SHELL32.dll+736d1|C:\Windows\System32\SHELL32.dll+765b6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\System32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53 154100x800000000000000067190Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:25.321{6F5BEE90-3BDD-61E9-9109-000000002102}3540C:\Program Files\Notepad++\notepad++.exe8.2Notepad++ : a free (GPL) source code editorNotepad++Don HO don.h@free.frnotepad++.exe"C:\Program Files\Notepad++\notepad++.exe" "C:\Users\Administrator\AppData\Local\Ec2Wallpaper.233f"C:\Windows\system32\ATTACKRANGE\Administrator{6F5BEE90-1B13-61E9-8513-0D0000000000}0xd13852HighMD5=460294BA06DB87C19B6755D2D315DCC2,SHA256=F4921855A22003A8979DF81532BC4F26AF50E8357B9DA2335CA2309012A0D5F9,IMPHASH=CE86A23E612B007E34CBDD39A996AE98{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 23542300x800000000000000067189Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:25.281{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D74DFB63B6FE065BAD066C9C07C4ABB0,SHA256=4B1D992037EC390D20377C00F8E44D0F0488C6AFF039A13F48A5443597443436,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000031983Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:26.612{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D2BEB2B1EB35A7C61E0DCD3C5A783FB,SHA256=0E06CCFFBB681114F02F953C93E3601FA67AB9D8803CD24439A1E89B8CC15A91,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000067209Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:25.239{6F5BEE90-18A4-61E9-0100-000000002102}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53411-false10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local445microsoft-ds 354300x800000000000000067208Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:25.239{6F5BEE90-18A4-61E9-0100-000000002102}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53411-false10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local445microsoft-ds 354300x800000000000000067207Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:24.535{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53410-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000067206Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:26.304{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71920CB75040D9FCA15D130DC103C068,SHA256=A7041D93F5D7E8A0B2210306819E3F324F558226CF10A0156F21A1E35C0023AE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000031982Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:23.749{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51396-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031984Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:27.663{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4CE7D10ECA3688D9BD39FAC05258260E,SHA256=0E9451D00ED8CB9BDF2170C7648E8205E739C5C7DD40E74CB889F4FC3EA0EFA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067210Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:27.315{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F0DB0EC79E6C907D5373D32EE9E81062,SHA256=932A5747DFBEAF07521674F5760B2BFBC0ED4F2EE1162753A59C10C2B685A825,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000031986Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:28.663{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4654959A1644B9E637E48E13B9B67F8B,SHA256=136A3A53DBD4D6C36E68A0E33493919846E72C84C3A8758194179DF120520C1F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067211Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:28.321{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7264CF8595537D3DE3DBA2713AF38ED7,SHA256=C78E4FB65B3C7FF24359A6CF2116749BD8F72C7BD1D4AA46B8F0FB20B82FADDE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000031985Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:26.672{CE7C8936-1A7C-61E9-1200-000000002202}1000C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruetruefe80:0:0:0:14e8:292f:f5ff:fef0win-host-tcontreras-attack-range-276546dhcpv6-clienttrueff02:0:0:0:0:0:1:2-547dhcpv6-server 23542300x800000000000000031987Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:29.679{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9FD7618139E1F4CA70C9561A1C0857D1,SHA256=A3BB1CA3F3DC99D14533EB1C24B231539CF9FFA8AB632BA842C568525625D97A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067212Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:29.329{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75A13D23D4BD8C2F8F7E64F886956023,SHA256=352406F81588390CFD28EB9959F2C73F082E52F7D85D865696F704710CCF203E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000031988Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:30.694{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5BCCF7D7154680A0405A50FFF8F5247,SHA256=3038674C270BD5C5FF4B17BC7D19BFBF7C27C3FEC76B2353E141607618E86D6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067213Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:30.363{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3534900B3E45EFA14E557966C3C9EC6,SHA256=14B471644C06C54BA832894A31D73B20AA4F7129DDEC2E764A113CCECA5D7C1D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000031990Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:31.710{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DFBC240EEA6D7D82362E6E922750A64,SHA256=BE0577F303B098B5A4CC18692D030EE5EE3C1B9A12B26DA7F5EAA84CDEEE4D36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067225Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:31.369{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E700B1BE91B7BA9F5329E15A165836EC,SHA256=BC70A3C66499A80D71670FFC7006C7A2318E06AD0979C1EAD6FF0594BCE6495E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000031989Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:28.942{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51397-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 13241300x800000000000000067224Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:31.322{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x800000000000000067223Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:31.322{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0089b348) 13241300x800000000000000067222Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:31.322{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d80de1-0x9fd146fb) 13241300x800000000000000067221Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:31.322{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d80dea-0x0195aefb) 13241300x800000000000000067220Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:31.322{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d80df2-0x635a16fb) 13241300x800000000000000067219Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:31.322{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x800000000000000067218Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:31.322{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0089b348) 13241300x800000000000000067217Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:31.322{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d80de1-0x9fd146fb) 13241300x800000000000000067216Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:31.322{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d80dea-0x0195aefb) 13241300x800000000000000067215Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:39:31.322{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d80df2-0x635a16fb) 354300x800000000000000067214Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:29.542{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53412-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031991Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:32.726{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E897C3E3B349E11E88E574EC3AAEEE20,SHA256=3ED0D8E37AA43BD0B5BF67BB3B5C03672913A9020D8564B892760E76EAF1C90E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067226Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:32.380{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=29C24E09A7FB811A20C8CD7FB81615C0,SHA256=BE2E63CC1881770F32ED85377D5A915D92A07CEEB0DB5BC5255711A57DB12643,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000031992Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:33.741{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48349B6653876BBFDC5BA13AF807C471,SHA256=5C8B5F81A049F3ECA94EA35C5084BE7A9F8D4EB5DC3A25B6601974C988D22CD4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067227Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:33.388{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA953CDA667DCE0A5B7D4AEFAC4722A0,SHA256=10E1F21A1590FAEB74694098EB3326CCD2CC59E342530EBFAB9633E2003A8D73,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000031993Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:34.741{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04AE0170AB6914046410A0BE46691DF2,SHA256=F2AD0D037F796269556D4D8A74F968526DFBDFFDB656559E25C9802B50298654,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000067256Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.437{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3BE6-61E9-9209-000000002102}6320C:\Temp\hiew32demo.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6163f|C:\Windows\System32\SHELL32.dll+62725|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067255Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.437{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3BE6-61E9-9209-000000002102}6320C:\Temp\hiew32demo.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6263e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067254Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.436{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3BE6-61E9-9209-000000002102}6320C:\Temp\hiew32demo.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62607|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000067253Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.430{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5CDE19FF6B285A7E2B6A92E14AACD604,SHA256=18CA42A33D0B3A4BC7B094E5A29861BAA5DE52CA0184F9AB1728A4AE57CF7F7B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000067252Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.425{6F5BEE90-1B14-61E9-F400-000000002102}36683156C:\Windows\System32\taskhostw.exe{6F5BEE90-3BE6-61E9-9309-000000002102}6112C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067251Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.422{6F5BEE90-1B14-61E9-F400-000000002102}36683156C:\Windows\System32\taskhostw.exe{6F5BEE90-3BE6-61E9-9309-000000002102}6112C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067250Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.388{6F5BEE90-1B15-61E9-FA00-000000002102}46326480C:\Windows\Explorer.EXE{6F5BEE90-3BE6-61E9-9209-000000002102}6320C:\Temp\hiew32demo.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6163f|C:\Windows\System32\SHELL32.dll+62725|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067249Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.387{6F5BEE90-1B15-61E9-FA00-000000002102}46326480C:\Windows\Explorer.EXE{6F5BEE90-3BE6-61E9-9209-000000002102}6320C:\Temp\hiew32demo.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6263e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067248Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.387{6F5BEE90-1B15-61E9-FA00-000000002102}46326480C:\Windows\Explorer.EXE{6F5BEE90-3BE6-61E9-9209-000000002102}6320C:\Temp\hiew32demo.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62607|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067247Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.386{6F5BEE90-1B15-61E9-FA00-000000002102}46326480C:\Windows\Explorer.EXE{6F5BEE90-3BE6-61E9-9209-000000002102}6320C:\Temp\hiew32demo.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067246Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.361{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3BE6-61E9-9309-000000002102}6112C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6163f|C:\Windows\System32\SHELL32.dll+62db0|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067245Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.361{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3BE6-61E9-9309-000000002102}6112C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+62d6c|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067244Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.360{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3BE6-61E9-9309-000000002102}6112C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62d40|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067243Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.360{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3BE6-61E9-9309-000000002102}6112C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d549|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067242Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.338{6F5BEE90-18AA-61E9-1600-000000002102}13241676C:\Windows\System32\svchost.exe{6F5BEE90-3BE6-61E9-9309-000000002102}6112C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067241Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.338{6F5BEE90-18AA-61E9-1600-000000002102}13241364C:\Windows\System32\svchost.exe{6F5BEE90-3BE6-61E9-9309-000000002102}6112C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067240Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.326{6F5BEE90-3BE6-61E9-9309-000000002102}61122892C:\Windows\system32\conhost.exe{6F5BEE90-3BE6-61E9-9209-000000002102}6320C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067239Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.309{6F5BEE90-1B0F-61E9-E500-000000002102}41763520C:\Windows\system32\csrss.exe{6F5BEE90-3BE6-61E9-9309-000000002102}6112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000067238Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.304{6F5BEE90-18AA-61E9-1300-000000002102}3364544C:\Windows\System32\svchost.exe{6F5BEE90-3BE6-61E9-9309-000000002102}6112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067237Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.299{6F5BEE90-18AA-61E9-1300-000000002102}3364544C:\Windows\System32\svchost.exe{6F5BEE90-3BE6-61E9-9209-000000002102}6320C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067236Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.298{6F5BEE90-18AA-61E9-1300-000000002102}3361068C:\Windows\System32\svchost.exe{6F5BEE90-3BE6-61E9-9209-000000002102}6320C:\Temp\hiew32demo.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\pcasvc.dll+52e4|c:\windows\system32\pcasvc.dll+58a9|c:\windows\system32\pcasvc.dll+5b49|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067235Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.298{6F5BEE90-18AA-61E9-1300-000000002102}3361068C:\Windows\System32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1440C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067234Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.298{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067233Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.297{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067232Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.297{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067231Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.291{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067230Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.291{6F5BEE90-1B0F-61E9-E500-000000002102}41764072C:\Windows\system32\csrss.exe{6F5BEE90-3BE6-61E9-9209-000000002102}6320C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000067229Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.291{6F5BEE90-1B15-61E9-FA00-000000002102}46323788C:\Windows\Explorer.EXE{6F5BEE90-3BE6-61E9-9209-000000002102}6320C:\Temp\hiew32demo.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+a912f|C:\Windows\System32\windows.storage.dll+a8da5|C:\Windows\System32\windows.storage.dll+a8896|C:\Windows\System32\windows.storage.dll+a9d08|C:\Windows\System32\windows.storage.dll+a86be|C:\Windows\System32\windows.storage.dll+ab4d5|C:\Windows\System32\windows.storage.dll+ab854|C:\Windows\System32\windows.storage.dll+aae90|C:\Windows\System32\windows.storage.dll+ad6ba|C:\Windows\System32\windows.storage.dll+ad472|C:\Windows\System32\SHELL32.dll+3f8bd|C:\Windows\System32\SHELL32.dll+3e456|C:\Windows\System32\SHELL32.dll+801e1|C:\Windows\System32\SHELL32.dll+6717e|C:\Windows\System32\SHELL32.dll+18ce6c|C:\Windows\System32\SHELL32.dll+18cbc3|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000067228Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:34.294{6F5BEE90-3BE6-61E9-9209-000000002102}6320C:\Temp\hiew32demo.exe-----"C:\Temp\hiew32demo.exe" C:\Temp\ATTACKRANGE\Administrator{6F5BEE90-1B13-61E9-8513-0D0000000000}0xd13852HighMD5=80A81AD326D018152D74AB62E8283F53,SHA256=53308FE47BCEF0F053E2A50FED1ADDFDDA2739556CDE16366ED3BC2A2C1B1862,IMPHASH=00000000000000000000000000000000{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 23542300x800000000000000031995Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:35.749{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6ADCD2755F340050F7D87A245198B756,SHA256=6A6B2A1921125DC1A4AB68DE344C0765A43331FDAF6F0AAEEA8F5328FE08F0B7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000067262Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:35.588{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18AA-61E9-1500-000000002102}1264C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067261Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:35.587{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18AA-61E9-1500-000000002102}1264C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067260Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:35.587{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18AA-61E9-1500-000000002102}1264C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000067259Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:35.459{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=421529383869597FDC7C4F2F51C395F2,SHA256=7915B518A8E27AA64F0E9DFF900C47668C1896C391A1D681F886B69AF0B1046C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000031994Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:35.655{CE7C8936-1A7D-61E9-2200-000000002202}1212NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0b4c8a78fb3fad9c4\channels\health\respondent-20220120081703-138MD5=48D9DB22D5DA72E1508DB4774F89CD54,SHA256=47231F73915EFCF046725A41CCC183BD3625BDF28EF9197BB172C87CF7B7A72C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067258Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:35.305{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C8DF6C25DED0B0852DDD96C245CE6D14,SHA256=2E727721175C255EF37A33E29A1BBF16FB8D71E83C1A35E928C3ED3D60CA32F8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067257Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:35.304{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=28ABD8BFA0BC443EB4D3CE8A01EA11A9,SHA256=B95A1EAF099D3846F2A045106DF3D0C8F5F3DF122D1F69D80A0EAF2EABCA1C6A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000031997Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:36.778{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F2B7ACD253243B3E9ADD2D10F347994,SHA256=C22EB73B03EE584F54D4F2B93A94850AEF9DE7A07DBB9DA9493DB299E27D3782,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067265Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:36.893{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C8DF6C25DED0B0852DDD96C245CE6D14,SHA256=2E727721175C255EF37A33E29A1BBF16FB8D71E83C1A35E928C3ED3D60CA32F8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067264Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:36.483{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19051AB602666DD86A93628490C4FB31,SHA256=132CF38CB0334FDC5964BA26D2CDF57F7A25D49D0118841FE77A05EB9BFECBD5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000031996Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:36.656{CE7C8936-1A7D-61E9-2200-000000002202}1212NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0b4c8a78fb3fad9c4\channels\health\surveyor-20220120081701-139MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000067263Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:35.310{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53413-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031999Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:37.781{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A58B742FF77E7D2F42E46A506A8BCD98,SHA256=89F54B5B05DBB553F489CB7E580890785F43995CA61C30C11686FEF7AB7350ED,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031998Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:34.962{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51398-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000067266Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:37.508{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E2B2A5D81CD5CCFFEB6944BA417C93AA,SHA256=FBCEC5CB1A2D92C5E815287DB46434F6545EF0A7B049D4549B909399E93F25EE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032000Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:38.859{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F4D938EB50086B9203A9DE8FFE005EF,SHA256=A0C2DFF92D5F911AE707D7701910FFDCFA4CA90AB9C4A410AA7AD26788BBE053,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067270Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:38.516{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47F863814655D13C7FD031EFC88E8E47,SHA256=EDEE41CDC58E532ACC5FB535D7AA25D332D788BBD764C4CD57D3C1BF90FC7BD1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000067269Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:38.184{6F5BEE90-18A7-61E9-0B00-000000002102}608824C:\Windows\system32\lsass.exe{6F5BEE90-18A4-61E9-0100-000000002102}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2f1f1|C:\Windows\system32\lsasrv.dll+2d0d6|C:\Windows\system32\lsasrv.dll+32919|C:\Windows\system32\lsasrv.dll+30267|C:\Windows\system32\lsasrv.dll+2f1f1|C:\Windows\system32\lsasrv.dll+1752d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e 10341000x800000000000000067268Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:38.068{6F5BEE90-18A7-61E9-0B00-000000002102}608824C:\Windows\system32\lsass.exe{6F5BEE90-18AA-61E9-1600-000000002102}1324C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067267Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:38.031{6F5BEE90-18A7-61E9-0B00-000000002102}608824C:\Windows\system32\lsass.exe{6F5BEE90-18AA-61E9-1600-000000002102}1324C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000032014Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:39.984{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21C51D09F6AEC0958A5653FBF784C93A,SHA256=C37ED881C4C9154614B3406938E28B752FD6AF88DAF40A4118910D6E75EC80DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067308Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.676{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D39B7112237B8495A5469156A459619A,SHA256=D4846BCF97FB40BC209FECC31AA68DFCDB6D1B3411ACB8E58A39025083B6C9D1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000032013Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:39.781{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3BEB-61E9-1106-000000002202}1232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032012Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:39.781{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032011Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:39.781{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032010Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:39.781{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032009Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:39.781{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032008Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:39.781{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032007Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:39.781{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032006Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:39.781{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032005Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:39.781{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032004Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:39.781{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032003Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:39.781{CE7C8936-1A7C-61E9-0500-000000002202}388504C:\Windows\system32\csrss.exe{CE7C8936-3BEB-61E9-1106-000000002202}1232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032002Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:39.781{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3BEB-61E9-1106-000000002202}1232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032001Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:39.781{CE7C8936-3BEB-61E9-1106-000000002202}1232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000067307Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:38.475{6F5BEE90-18A4-61E9-0100-000000002102}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:d11b:5952:8f62:5d6dwin-dc-tcontreras-attack-range-53.attackrange.local53416-truefe80:0:0:0:d11b:5952:8f62:5d6dwin-dc-tcontreras-attack-range-53.attackrange.local445microsoft-ds 354300x800000000000000067306Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:38.475{6F5BEE90-18A4-61E9-0100-000000002102}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:d11b:5952:8f62:5d6dwin-dc-tcontreras-attack-range-53.attackrange.local53416-truefe80:0:0:0:d11b:5952:8f62:5d6dwin-dc-tcontreras-attack-range-53.attackrange.local445microsoft-ds 354300x800000000000000067305Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:38.362{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53415-false10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local389ldap 354300x800000000000000067304Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:38.361{6F5BEE90-18AA-61E9-1600-000000002102}1324C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53415-false10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local389ldap 354300x800000000000000067303Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:38.331{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:d11b:5952:8f62:5d6dwin-dc-tcontreras-attack-range-53.attackrange.local53414-truefe80:0:0:0:d11b:5952:8f62:5d6dwin-dc-tcontreras-attack-range-53.attackrange.local389ldap 354300x800000000000000067302Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:38.331{6F5BEE90-18AA-61E9-1600-000000002102}1324C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:d11b:5952:8f62:5d6dwin-dc-tcontreras-attack-range-53.attackrange.local53414-truefe80:0:0:0:d11b:5952:8f62:5d6dwin-dc-tcontreras-attack-range-53.attackrange.local389ldap 10341000x800000000000000067301Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.298{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067300Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.297{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067299Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.297{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067298Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.297{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067297Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.297{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067296Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.297{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067295Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.297{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067294Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.297{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067293Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.297{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067292Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.296{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067291Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.296{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067290Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.296{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067289Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.296{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067288Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.296{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067287Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.296{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067286Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.296{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067285Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.296{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067284Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.296{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067283Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.296{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067282Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.296{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067281Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.296{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067280Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.296{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067279Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.296{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067278Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.293{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067277Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.293{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067276Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.293{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067275Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.293{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067274Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.293{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067273Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.293{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067272Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.293{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000067271Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:39.065{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B628A19209B19FE2896442CFF64E8D4B,SHA256=3D6CBF7C04F8A2DD56549F48DBA3A7F640F8CEBEC0BA2A1B739BECDE66FA6B58,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067309Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:40.686{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F0EA533C893377FA7877200D71C7BA3B,SHA256=F56824D804B65919909D5B668C8D5E8DBB3B45E252B923023FBEB0153602FC34,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032029Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:40.843{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4C2A67295D85526CC11230936FBA67F0,SHA256=C1F869999D542FB955B1009E095E4559FBF9AECB04246CDF01B78456FB62F441,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032028Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:40.843{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=75C4210F36F43D38651A0885A88EEE47,SHA256=B10DB46B25CB32C11CE61F3C2370094E8F707F836F332DC4F2E9A23EB4A08B92,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032027Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:40.452{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3BEC-61E9-1206-000000002202}412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032026Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:40.452{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032025Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:40.452{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032024Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:40.452{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032023Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:40.452{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032022Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:40.452{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032021Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:40.452{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032020Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:40.452{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032019Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:40.452{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032018Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:40.452{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032017Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:40.452{CE7C8936-1A7C-61E9-0500-000000002202}388504C:\Windows\system32\csrss.exe{CE7C8936-3BEC-61E9-1206-000000002202}412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032016Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:40.452{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3BEC-61E9-1206-000000002202}412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032015Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:40.453{CE7C8936-3BEC-61E9-1206-000000002202}412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000067311Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:40.457{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53417-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000067310Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:41.693{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3EB388045412668C182F3CC92E4E4315,SHA256=A881C41ACE6726BDD25B91D548F8635DB9F23E798CC50BF750D2504E87DDEDD4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000032044Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:41.265{CE7C8936-3BED-61E9-1306-000000002202}25283000C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000032043Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:41.156{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB9E8D01B77511F3768B0E5A19D31E55,SHA256=B287D25DCB9C2452F8672576CB4C02C19E81FAD84967A328950F380E9CE3A071,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032042Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:41.124{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3BED-61E9-1306-000000002202}2528C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032041Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:41.124{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032040Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:41.124{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032039Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:41.124{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032038Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:41.124{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032037Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:41.124{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032036Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:41.124{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032035Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:41.124{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032034Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:41.124{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032033Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:41.124{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032032Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:41.124{CE7C8936-1A7C-61E9-0500-000000002202}388940C:\Windows\system32\csrss.exe{CE7C8936-3BED-61E9-1306-000000002202}2528C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032031Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:41.124{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3BED-61E9-1306-000000002202}2528C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032030Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:41.125{CE7C8936-3BED-61E9-1306-000000002202}2528C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000067321Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:42.727{6F5BEE90-3BEE-61E9-9409-000000002102}6886924C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000067320Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:42.702{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7A140CEDAAFF12E14EB44962CE5D416,SHA256=78D69A021F9D430FEE0E9C0FE819FB93B3C3F82EBFCF7FD63BCBC7E2E09B1720,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000032075Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.874{CE7C8936-3BEE-61E9-1506-000000002202}35043380C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x800000000000000032074Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:40.840{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51399-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000032073Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.734{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3BEE-61E9-1506-000000002202}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032072Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.734{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032071Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.734{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032070Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.734{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032069Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.734{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032068Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.734{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032067Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.734{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032066Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.734{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032065Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.734{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032064Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.734{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032063Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.734{CE7C8936-1A7C-61E9-0500-000000002202}388404C:\Windows\system32\csrss.exe{CE7C8936-3BEE-61E9-1506-000000002202}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032062Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.734{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3BEE-61E9-1506-000000002202}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032061Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.734{CE7C8936-3BEE-61E9-1506-000000002202}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032060Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.249{CE7C8936-3BEE-61E9-1406-000000002202}1256956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000032059Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.156{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF5E57BF67E32D8453905F61300108EB,SHA256=FB72F930623C5F2059526A6BF74ABD16762C82EE6D7DA2695542D5CDF4E7B28D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000067319Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:42.436{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3BEE-61E9-9409-000000002102}688C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067318Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:42.432{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067317Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:42.432{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067316Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:42.432{6F5BEE90-18A7-61E9-0500-000000002102}392508C:\Windows\system32\csrss.exe{6F5BEE90-3BEE-61E9-9409-000000002102}688C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000067315Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:42.432{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067314Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:42.432{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067313Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:42.431{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3BEE-61E9-9409-000000002102}688C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000067312Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:42.430{6F5BEE90-3BEE-61E9-9409-000000002102}688C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032058Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.140{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4C2A67295D85526CC11230936FBA67F0,SHA256=C1F869999D542FB955B1009E095E4559FBF9AECB04246CDF01B78456FB62F441,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032057Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.124{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3BEE-61E9-1406-000000002202}1256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032056Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.124{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032055Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.124{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032054Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.124{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032053Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.124{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032052Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.124{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032051Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.124{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032050Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.124{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032049Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.124{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032048Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.124{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032047Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.124{CE7C8936-1A7C-61E9-0500-000000002202}388504C:\Windows\system32\csrss.exe{CE7C8936-3BEE-61E9-1406-000000002202}1256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032046Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.124{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3BEE-61E9-1406-000000002202}1256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032045Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:42.125{CE7C8936-3BEE-61E9-1406-000000002202}1256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000067341Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:43.830{6F5BEE90-1CB8-61E9-7203-000000002102}6636ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3zus1al1.default-release\datareporting\glean\pending_pings\ee3301d4-3913-40e2-b593-c3cf4d6bba5aMD5=1132CABDC8D28B43E78CFFE5F4097DF0,SHA256=06721310201D10D93A17261E6AD9856F40CDDA5369A85E4C4EDA3303DE1F2ABC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067340Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:43.730{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D902AB5B3D3BBD6A578620538C19D38F,SHA256=0A935ABA2E84827D1BFD0447F8E190276C8D63A56AFE751049E951AB18A249D7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032091Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:43.749{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C61F287499A1736B11AF3E647D933A7D,SHA256=B0E90B1EEE3878ADE5433344DDB3ECEFFA37964F34101ABBC34B7764E9B7AD4A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032090Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:43.546{CE7C8936-3BEF-61E9-1606-000000002202}35003700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032089Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:43.405{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3BEF-61E9-1606-000000002202}3500C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032088Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:43.405{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032087Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:43.405{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032086Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:43.405{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032085Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:43.405{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032084Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:43.405{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032083Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:43.405{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032082Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:43.405{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032081Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:43.405{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032080Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:43.405{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032079Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:43.405{CE7C8936-1A7C-61E9-0500-000000002202}388940C:\Windows\system32\csrss.exe{CE7C8936-3BEF-61E9-1606-000000002202}3500C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032078Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:43.405{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3BEF-61E9-1606-000000002202}3500C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032077Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:43.406{CE7C8936-3BEF-61E9-1606-000000002202}3500C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032076Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:43.187{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7476019102BCC706C97590599ACEFB22,SHA256=7EBB20C6083D499A42E28EF9A6ED9EF5EAF7A41975E221960CE59D1D4C0BFB9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067339Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:43.483{6F5BEE90-1CB8-61E9-7203-000000002102}6636ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3zus1al1.default-release\datareporting\glean\db\data.safe.binMD5=2C8C61DA3AC7A6688F4A484538D3D5D7,SHA256=BEC47293655105D92A1F7420EB39B7DA2264B0A8C4AA506FA276734E703F71C0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067338Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:43.476{6F5BEE90-1CB8-61E9-7203-000000002102}6636ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3zus1al1.default-release\datareporting\glean\db\data.safe.binMD5=7F75D6FDB38CCF66D1BBD85A8BD1664C,SHA256=3737CF49B34A4A7543941456511548B7F5A1E842DEC3255AA665747624C2CA81,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067337Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:43.474{6F5BEE90-1CB8-61E9-7203-000000002102}6636ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3zus1al1.default-release\datareporting\glean\db\data.safe.binMD5=52FA4899C228A6ED999BB57F62A7B7D9,SHA256=894C9AE8ED9A3EEA124B41399BD9052F80A8989C7D6BA3080D7E88B0383557A5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000067336Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:43.471{6F5BEE90-1CB8-61E9-7203-000000002102}66366776C:\Program Files\Mozilla Firefox\firefox.exe{6F5BEE90-1CBF-61E9-8B03-000000002102}6916C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2cd00|C:\Program Files\Mozilla Firefox\xul.dll+e1fc3d|C:\Program Files\Mozilla Firefox\xul.dll+e20d2f|C:\Program Files\Mozilla Firefox\xul.dll+113f536|C:\Program Files\Mozilla Firefox\xul.dll+e1d88d|C:\Program Files\Mozilla Firefox\xul.dll+e02340|C:\Program Files\Mozilla Firefox\xul.dll+1f95012|C:\Program Files\Mozilla Firefox\xul.dll+1a12d1e|C:\Program Files\Mozilla Firefox\xul.dll+1a14dd1|C:\Program Files\Mozilla Firefox\xul.dll+1793100|C:\Program Files\Mozilla Firefox\xul.dll+16c26e6|C:\Program Files\Mozilla Firefox\xul.dll+1bd6a9f|C:\Program Files\Mozilla Firefox\xul.dll+1bcd3bf|C:\Program Files\Mozilla Firefox\xul.dll+1793321|C:\Program Files\Mozilla Firefox\xul.dll+16c26e6|C:\Program Files\Mozilla Firefox\xul.dll+1bd6a9f|C:\Program Files\Mozilla Firefox\xul.dll+178f9ec|C:\Program Files\Mozilla Firefox\xul.dll+1880a07|C:\Program Files\Mozilla Firefox\xul.dll+1ad07e7|C:\Program Files\Mozilla Firefox\xul.dll+175bf96|C:\Program Files\Mozilla Firefox\xul.dll+175aa15|C:\Program Files\Mozilla Firefox\xul.dll+1207c8 23542300x800000000000000067335Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:43.469{6F5BEE90-1CB8-61E9-7203-000000002102}6636ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3zus1al1.default-release\datareporting\glean\db\data.safe.binMD5=0FB9AD4FFFABC278DE070289A471765D,SHA256=D65273071D859F1C64DEDD97D6CA1B541820DDDC82FF4C2689A6184BB285DF91,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000067334Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:43.468{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-1CB8-61E9-7203-000000002102}6636C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62607|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000067333Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:43.467{6F5BEE90-1CB8-61E9-7203-000000002102}6636ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3zus1al1.default-release\datareporting\glean\db\data.safe.binMD5=EF50077DC0924A3433A94AF428AFF86C,SHA256=D53EF3F89F47841E7C17ABB9F55AE7F0D67FBD9AA2B04E716268ADB517A51928,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000067332Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:43.461{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-1CB8-61E9-7203-000000002102}6636C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62d40|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067331Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:43.461{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-1CB8-61E9-7203-000000002102}6636C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d549|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000067330Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:43.449{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=49E0AE2A686DDB4A7783D99A6865E75E,SHA256=EFCF8665CD3D72EBA50F584EE22382F4E66EB8D51DB531C144E9A87084F51F91,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000067329Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:43.365{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3BEF-61E9-9509-000000002102}5808C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067328Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:43.327{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067327Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:43.327{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067326Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:43.327{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067325Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:43.326{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067324Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:43.326{6F5BEE90-18A7-61E9-0500-000000002102}392408C:\Windows\system32\csrss.exe{6F5BEE90-3BEF-61E9-9509-000000002102}5808C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000067323Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:43.326{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3BEF-61E9-9509-000000002102}5808C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000067322Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:43.102{6F5BEE90-3BEF-61E9-9509-000000002102}5808C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000067345Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:43.548{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53418-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local389ldap 354300x800000000000000067344Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:43.548{6F5BEE90-18B8-61E9-2700-000000002102}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53418-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local389ldap 23542300x800000000000000067343Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:44.759{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA9ACF69117AF9DB0B07B765CE6845B0,SHA256=A7944DD4724B8C4F9687092D7F6EA00E34D2EDA459FD974E8C0A5175A8A6FF53,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032105Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:44.437{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F54BCF11F430EBF51C907988B085B7BC,SHA256=0DDAA770C823579B283D50280D15DD1A6531A722CC9E983DDCBAACACCDA56A0E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000067342Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:44.628{6F5BEE90-1CB8-61E9-7203-000000002102}66366776C:\Program Files\Mozilla Firefox\firefox.exe{6F5BEE90-1CBD-61E9-8503-000000002102}6656C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2cd00|C:\Program Files\Mozilla Firefox\xul.dll+e1fc3d|C:\Program Files\Mozilla Firefox\xul.dll+e20d2f|C:\Program Files\Mozilla Firefox\xul.dll+113f536|C:\Program Files\Mozilla Firefox\xul.dll+e1d88d|C:\Program Files\Mozilla Firefox\xul.dll+e02340|C:\Program Files\Mozilla Firefox\xul.dll+1f95012|C:\Program Files\Mozilla Firefox\xul.dll+1a12d1e|C:\Program Files\Mozilla Firefox\xul.dll+1a14dd1|C:\Program Files\Mozilla Firefox\xul.dll+1793100|C:\Program Files\Mozilla Firefox\xul.dll+16c26e6|C:\Program Files\Mozilla Firefox\xul.dll+1bd6a9f|C:\Program Files\Mozilla Firefox\xul.dll+1bcd3bf|C:\Program Files\Mozilla Firefox\xul.dll+1793321|C:\Program Files\Mozilla Firefox\xul.dll+16c26e6|C:\Program Files\Mozilla Firefox\xul.dll+1bd6a9f|C:\Program Files\Mozilla Firefox\xul.dll+178f9ec|C:\Program Files\Mozilla Firefox\xul.dll+1880a07|C:\Program Files\Mozilla Firefox\xul.dll+1ad5f41|C:\Program Files\Mozilla Firefox\xul.dll+175bf96|C:\Program Files\Mozilla Firefox\xul.dll+cd85f2|C:\Program Files\Mozilla Firefox\xul.dll+cd90b1 10341000x800000000000000032104Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:44.077{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3BF0-61E9-1706-000000002202}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032103Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:44.077{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032102Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:44.077{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032101Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:44.077{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032100Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:44.077{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032099Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:44.077{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032098Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:44.077{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032097Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:44.077{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032096Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:44.077{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032095Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:44.077{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032094Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:44.077{CE7C8936-1A7C-61E9-0500-000000002202}388404C:\Windows\system32\csrss.exe{CE7C8936-3BF0-61E9-1706-000000002202}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032093Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:44.077{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3BF0-61E9-1706-000000002202}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032092Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:44.078{CE7C8936-3BF0-61E9-1706-000000002202}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000067361Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:45.884{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3BF1-61E9-9609-000000002102}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067360Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:45.882{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067359Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:45.881{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067358Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:45.881{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067357Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:45.881{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067356Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:45.880{6F5BEE90-18A7-61E9-0500-000000002102}392508C:\Windows\system32\csrss.exe{6F5BEE90-3BF1-61E9-9609-000000002102}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000067355Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:45.879{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3BF1-61E9-9609-000000002102}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000067354Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:45.632{6F5BEE90-3BF1-61E9-9609-000000002102}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000067353Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:45.778{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B55B17B2BAECB787D1F779B70634553F,SHA256=7E806ADDF2CBD8B19A796A448FBF693570BF6F7895A1E9498742CCB2CDA77A65,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032107Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:45.468{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E75B3A7698A69E3BDEC5240047A9BD62,SHA256=E2C716FB3C41C3B4ED1CCED9CB856CC14063909701CDCB75CBE7E420CEE1503B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000067352Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:43.906{6F5BEE90-1CB8-61E9-7203-000000002102}6636C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53419-false34.120.208.123123.208.120.34.bc.googleusercontent.com443https 354300x800000000000000067351Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:43.893{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local49284- 354300x800000000000000067350Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:43.891{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local54888- 10341000x800000000000000067349Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:45.485{6F5BEE90-1CB8-61E9-7203-000000002102}66366776C:\Program Files\Mozilla Firefox\firefox.exe{6F5BEE90-1CBD-61E9-8503-000000002102}6656C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2cd00|C:\Program Files\Mozilla Firefox\xul.dll+e1fc3d|C:\Program Files\Mozilla Firefox\xul.dll+e1f6c8|C:\Program Files\Mozilla Firefox\xul.dll+825252|C:\Program Files\Mozilla Firefox\xul.dll+818e51|C:\Program Files\Mozilla Firefox\xul.dll+19c4c23|C:\Program Files\Mozilla Firefox\xul.dll+16762ac|C:\Program Files\Mozilla Firefox\xul.dll+19eb83f|C:\Program Files\Mozilla Firefox\xul.dll+970baf|C:\Program Files\Mozilla Firefox\xul.dll+254ce|C:\Program Files\Mozilla Firefox\xul.dll+1910c8|C:\Program Files\Mozilla Firefox\xul.dll+18ffef|C:\Program Files\Mozilla Firefox\xul.dll+43be401|C:\Program Files\Mozilla Firefox\xul.dll+442a149|C:\Program Files\Mozilla Firefox\xul.dll+442af39|C:\Program Files\Mozilla Firefox\xul.dll+1f98893|C:\Program Files\Mozilla Firefox\firefox.exe+a18f|C:\Program Files\Mozilla Firefox\firefox.exe+1c9f8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000067348Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:45.453{6F5BEE90-1CB8-61E9-7203-000000002102}6636ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\3zus1al1.default-release\cache2\doomed\1873MD5=0072EFE324AC1F3FA6A0E4AF49AFAF5D,SHA256=91BAC5E56BD2E6DAECEBA2FCE978E4CE1D2C4A1CA3C6B9F43B77450B968CBB3B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000067347Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:45.230{6F5BEE90-1CB8-61E9-7203-000000002102}66366776C:\Program Files\Mozilla Firefox\firefox.exe{6F5BEE90-1CBF-61E9-8B03-000000002102}6916C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2cd00|C:\Program Files\Mozilla Firefox\xul.dll+e1fc3d|C:\Program Files\Mozilla Firefox\xul.dll+e1f6c8|C:\Program Files\Mozilla Firefox\xul.dll+825252|C:\Program Files\Mozilla Firefox\xul.dll+818e51|C:\Program Files\Mozilla Firefox\xul.dll+19c4c23|C:\Program Files\Mozilla Firefox\xul.dll+16762ac|C:\Program Files\Mozilla Firefox\xul.dll+19eb83f|C:\Program Files\Mozilla Firefox\xul.dll+970baf|C:\Program Files\Mozilla Firefox\xul.dll+254ce|C:\Program Files\Mozilla Firefox\xul.dll+1910c8|C:\Program Files\Mozilla Firefox\xul.dll+18ffef|C:\Program Files\Mozilla Firefox\xul.dll+43be401|C:\Program Files\Mozilla Firefox\xul.dll+442a149|C:\Program Files\Mozilla Firefox\xul.dll+442af39|C:\Program Files\Mozilla Firefox\xul.dll+1f98893|C:\Program Files\Mozilla Firefox\firefox.exe+a18f|C:\Program Files\Mozilla Firefox\firefox.exe+1c9f8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x800000000000000067346Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localInvDBSetValue2022-01-20 10:39:45.223{6F5BEE90-18AA-61E9-1300-000000002102}336C:\Windows\System32\svchost.exeHKU\S-1-5-21-3390778582-3319667597-4011983492-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Temp\hiew32demo.exeBinary Data 23542300x800000000000000032106Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:45.093{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=11B7C0AF78AA8D91C9B88613E76587FA,SHA256=65C552ACD8C2318F41D933F8580ED445765CAC0C3AE914C280705CB2B91563BE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000067374Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:45.581{6F5BEE90-1CB8-61E9-7203-000000002102}6636C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53421-false18.66.139.69server-18-66-139-69.fra60.r.cloudfront.net443https 354300x800000000000000067373Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:45.555{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local50990- 354300x800000000000000067372Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:45.542{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53420-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000067371Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:46.877{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EDC175BDF0C3EE191FAA6A41968BC9B8,SHA256=53443A0D4B665C472013059B574DFFD77F02AE6D4771DC7AB9EAF2E5F32FE8DA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032108Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:46.484{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA7010028677BE6AE948D2D5111DEF6A,SHA256=7F4C8F84D94D52EDAC1831CE9EFACE9E2D7A68997608DFAB10DD4940BBCE5106,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000067370Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:46.763{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3BF2-61E9-9709-000000002102}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067369Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:46.755{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067368Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:46.755{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067367Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:46.754{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067366Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:46.753{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067365Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:46.754{6F5BEE90-18A7-61E9-0500-000000002102}392508C:\Windows\system32\csrss.exe{6F5BEE90-3BF2-61E9-9709-000000002102}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000067364Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:46.753{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3BF2-61E9-9709-000000002102}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000067363Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:46.550{6F5BEE90-3BF2-61E9-9709-000000002102}7028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000067362Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:46.648{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8C4B95F6C22DC6AD2B918C59CB686396,SHA256=984BA9ADE9AD296F805D54243F87354450670E9D36764698BB28BA63042F26F9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000067386Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.993{6F5BEE90-3BF3-61E9-9809-000000002102}24605656C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x800000000000000067385Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:45.722{6F5BEE90-1CB8-61E9-7203-000000002102}6636C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53422-false34.120.115.102102.115.120.34.bc.googleusercontent.com443https 23542300x800000000000000067384Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.891{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD67733459FDF27D9C234B00B746904C,SHA256=B51727A5D08415C2E90866106EA57289040436F1AB7582498A0DD160565A1A52,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032109Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:47.499{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CCE161F031B257353DC8204F60AF3BC0,SHA256=100DDD793204B4AC4FD03DFEAE60651100C13D61F7A60982DC26EE1B1F1C954F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000067383Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.643{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3BF3-61E9-9809-000000002102}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067382Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.638{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067381Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.637{6F5BEE90-18A7-61E9-0500-000000002102}392368C:\Windows\system32\csrss.exe{6F5BEE90-3BF3-61E9-9809-000000002102}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000067380Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.638{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067379Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.638{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067378Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.638{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067377Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.637{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3BF3-61E9-9809-000000002102}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000067376Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.426{6F5BEE90-3BF3-61E9-9809-000000002102}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000067375Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.185{6F5BEE90-3BF2-61E9-9709-000000002102}70286128C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x800000000000000067414Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.682{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local49652- 354300x800000000000000067413Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.681{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53490- 354300x800000000000000067412Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.681{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local49504- 23542300x800000000000000032110Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:48.521{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9554DAE834294397B464AB906F5CF15,SHA256=D25A902B788DCF625E5EEF09F83070D885B19FA7D37CC8975DAEA1F4078D221D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000067411Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:48.507{6F5BEE90-3BF4-61E9-9909-000000002102}1721484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000067410Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:48.434{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=95DB405562DE7E1D6959E8AF188AA5C8,SHA256=839C8398F374ED1CC9ED118D80180E01A9A62DBFD145C4727052189F6327340E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000067409Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.680{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local59246- 354300x800000000000000067408Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.680{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local59291- 354300x800000000000000067407Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.679{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local64860- 354300x800000000000000067406Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.678{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local50622- 354300x800000000000000067405Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.677{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53796- 354300x800000000000000067404Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.677{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local60327- 354300x800000000000000067403Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.674{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53423- 354300x800000000000000067402Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.673{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local59844- 354300x800000000000000067401Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.671{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local50559- 354300x800000000000000067400Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.671{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local63156- 22542200x800000000000000067399Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.386{6F5BEE90-1CB8-61E9-7203-000000002102}6636youtube-ui.l.google.com02a00:1450:4001:811::200e;2a00:1450:4001:812::200e;2a00:1450:4001:80f::200e;2a00:1450:4001:810::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000067398Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.384{6F5BEE90-1CB8-61E9-7203-000000002102}6636youtube-ui.l.google.com0142.250.186.110;142.250.186.142;142.250.186.174;172.217.18.110;142.250.185.78;142.250.185.110;142.250.185.142;142.250.185.174;142.250.185.206;142.250.185.238;142.250.181.238;172.217.16.142;216.58.212.174;142.250.74.206;142.250.186.46;142.250.186.78;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000067397Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.384{6F5BEE90-1CB8-61E9-7203-000000002102}6636www.youtube.com0type: 5 youtube-ui.l.google.com;::ffff:142.250.186.78;::ffff:142.250.186.110;::ffff:142.250.186.142;::ffff:142.250.186.174;::ffff:172.217.18.110;::ffff:142.250.185.78;::ffff:142.250.185.110;::ffff:142.250.185.142;::ffff:142.250.185.174;::ffff:142.250.185.206;::ffff:142.250.185.238;::ffff:142.250.181.238;::ffff:172.217.16.142;::ffff:216.58.212.174;::ffff:142.250.74.206;::ffff:142.250.186.46;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000067396Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.382{6F5BEE90-1CB8-61E9-7203-000000002102}6636github.com0140.82.121.3;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000067395Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.380{6F5BEE90-1CB8-61E9-7203-000000002102}6636github.com0::ffff:140.82.121.3;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x800000000000000067394Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:48.159{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3BF4-61E9-9909-000000002102}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067393Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:48.158{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067392Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:48.157{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067391Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:48.157{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067390Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:48.157{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067389Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:48.155{6F5BEE90-18A7-61E9-0500-000000002102}392408C:\Windows\system32\csrss.exe{6F5BEE90-3BF4-61E9-9909-000000002102}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000067388Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:48.155{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3BF4-61E9-9909-000000002102}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000067387Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:48.154{6F5BEE90-3BF4-61E9-9909-000000002102}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000067427Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:49.923{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7468506318E5DFA150DE244374D2285E,SHA256=278F147E6D9DDBA34D338665172C7523A2761CE6EEE8CF1D227C917600A93544,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067426Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:49.921{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FCC312557CAE5A6A0F658DD8C61AF7B0,SHA256=D02A7DA78E8732109228D7897F065C898089D19C3F4270BEC6AC9D2B71F9EDD5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032112Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:49.521{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A171AAF54BB28E820BAEA5140AAD48C3,SHA256=C84BBD1EB3AEB6D608AECD895640C1813C5963F61AC2D357A129D361B35F80F8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000067425Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:49.872{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3BF5-61E9-9A09-000000002102}6072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067424Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:49.870{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067423Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:49.867{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067422Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:49.866{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067421Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:49.866{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067420Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:49.865{6F5BEE90-18A7-61E9-0500-000000002102}392408C:\Windows\system32\csrss.exe{6F5BEE90-3BF5-61E9-9A09-000000002102}6072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000067419Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:49.865{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3BF5-61E9-9A09-000000002102}6072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000067418Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:49.730{6F5BEE90-3BF5-61E9-9A09-000000002102}6072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 22542200x800000000000000067417Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.390{6F5BEE90-1CB8-61E9-7203-000000002102}6636reddit.map.fastly.net0151.101.13.140;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x800000000000000067416Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:47.389{6F5BEE90-1CB8-61E9-7203-000000002102}6636www.reddit.com0type: 5 reddit.map.fastly.net;::ffff:151.101.13.140;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x800000000000000067415Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:49.051{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79A4FD6BEEECB4965294DAFD7D04FBAC,SHA256=8EEAD6FD2E4EC9DD2FA57427D994E3F743F60AD4EA34C0E7EAF4CEFC95B139C1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000032111Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:46.840{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51400-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000067430Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:50.938{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C4A95E5F843A097ED32BB24CEBB300A,SHA256=554AAF2DBD53C16C75B60DCAE99B5343587C67620436E2F3137DFE5045BF134E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032113Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:50.537{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E20B63F08E6240FC4A5D54AE515F7A8E,SHA256=4FBACD2FE11C847AC6EF4507DE5882ABA40712D9AC93CB2EF273B201D79CE3A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067429Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:50.276{6F5BEE90-1CB8-61E9-7203-000000002102}6636ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\3zus1al1.default-release\cache2\doomed\31375MD5=AE1B6F9BAC58442659040D8C21613B80,SHA256=FCA329414FD0A4B9358158DD5A782AE6CECD5715F6F4544628261D26C0CD0E0B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067428Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:50.274{6F5BEE90-1CB8-61E9-7203-000000002102}6636ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\3zus1al1.default-release\cache2\doomed\29681MD5=4072E4E2F9328AF3900A6B5F2D067BA9,SHA256=AD4C79882DFF27B799B2B58F4A2A19B0291029F707C103909E14C3010F6888F2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067431Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:51.952{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B38E417AC617984A1CEF0C04890D0F1E,SHA256=6FF5F4A72336447502D3A4C0185331B7C3631F6257EAD6E04C1FBA76F0AF2580,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032114Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:51.584{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B983DE47F775297E317CBBCFADD46491,SHA256=FA7742D6C7B5C46FAE3CFC2D6E34AD13FC06B15A65F11C417261D85972F1FCD1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067433Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:52.968{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8744A098DAE3A427D506A0D3A5CBC5D8,SHA256=DDF83B6B20D3F28C28CA20B9AC011C994A9B5CE61BC61603039F031C99B9296A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032115Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:52.584{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A990AFCCD73DC0FD1CA0AA6122816B0,SHA256=BF949B26071BB51442F90111B43BE33911F347377989A6347A3D0EC3BB221716,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000067432Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:51.376{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53423-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000067435Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:53.984{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9A34C8DA0C61DA901C4B85F09920800,SHA256=DA77913558112085754A88B1D01C5DAE4F4361E93C1FC127B42F29356B7C74B6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032116Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:53.615{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5B0DEEDF162D7C6E377D12B309C92F7,SHA256=99ED5CE19172BCD798FA1455DDD30E9F09592DD30FB3BA07422E6ACFF5FE29BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067434Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:53.249{6F5BEE90-1CB8-61E9-7203-000000002102}6636ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3zus1al1.default-release\datareporting\glean\db\data.safe.binMD5=ABD028C1CCD8364B789A4AD98AAFB4DF,SHA256=1D447EC9AA6E56F8B9D965E97C2B42E08B8BB0DEC7CCBC9C8F0D76E19DA8F1F3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032118Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:54.662{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=442DAF331557B8B08F5B3E2B33C4D2DF,SHA256=F58F8E6FC54F95793990EC57507A9FC3479A60BFC360118B6C30D5DFFAB93C68,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032117Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:51.847{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51401-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032119Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:55.677{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC030104D02DD4C6D15F278D8694177A,SHA256=883CAA7B460F7C6654C05C52F55FA8ECF72C51DC0544BADD88D6D805B471B348,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067436Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:54.998{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FAC15807823A552CB18C045AAABB20DE,SHA256=F7B641822B925C3958A70E727D8E8817B180A472AFB17C5E95435B0769E53026,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032120Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:56.677{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF80713388407B809D537764D0FBB59D,SHA256=849AC47ABA4F057ED77A46806BAD1F142C1582884B354EFD1203D02CDD587D6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067437Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:56.009{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D29C7D886FEFB06E56A008F40C6B19C,SHA256=5C4D09703CB72644802FE59F4DF0FE4B492FA3B3641A402C8F729F43D800C22E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032121Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:57.693{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26D33E0DBA752C7A7FA58C800CA300F9,SHA256=9AA70AFE5C9854EE5970FDCDE43BF20D12C67C2E4F79AA59218F80A055C444C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067439Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:57.373{6F5BEE90-1CB8-61E9-7203-000000002102}6636ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3zus1al1.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067438Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:57.020{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=165375F43492FC99A3980AB2A7EAC106,SHA256=812859D7182C29A607F1C5FC2475312F926358888DAABDE52D5DCF9206C9A2FC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032122Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:58.709{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6F4146A25E170AAB386256A968F2827B,SHA256=A7C62332322631E50489F51DA17455BB4F028A2AC972FB9D6878FDA6C6B09385,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000067441Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:56.491{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53424-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000067440Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:58.031{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4D32783A809FEC342DE7825450358BA,SHA256=7AB4CFE508E2B57C3944F8F5DEA5CDF3651DAFF5B2C9F65322370374DED7FCF1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032123Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:59.709{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A370A476DC133E8E264EB85955E23881,SHA256=3E8165E65593CCA5D04FD217294997B3B582BBF851C1F749696E22EBB40BB72A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067442Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:39:59.047{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3438A15FDB56828747B85F9F07C0770A,SHA256=F4520562BEEC19F00B93465CFBDCF51317B9D5D5232D09513CD55943E2599B07,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032126Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:00.709{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89CBF9236436529944707BD672D82AB5,SHA256=0876D94FA48B6096EC0998C6A57FF60A154A197E5857FC4E3656341555324492,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067443Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:00.059{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=615127DB57CB56BBF6982A8D987C3756,SHA256=48F7BF2B90559ECD41B6C114E2A7D538825644F8A42B48861D8A0909220F9719,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 13241300x800000000000000032125Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-SetValue2022-01-20 10:40:00.334{CE7C8936-1A7D-61E9-1500-000000002202}1092C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d80dea-0x13377dee) 354300x800000000000000032124Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:39:57.846{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51402-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032127Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:01.725{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=840EAAF26B664BB1CF31E300B5858B83,SHA256=308369E5B6172C296D068D5DBD897B3FDFDE0B77E221DD0BCF1AFDB33C5F5A22,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000067445Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:01.276{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000067444Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:01.120{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE483E361872186B1970A5B70175DD3B,SHA256=8B7B94C46FF8D2CC4B117E5EF6100F967925491208ADE7E85AB2DDE77384326B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032130Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:02.741{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C8B8749C5CB37DEFD993308CAA16C0C,SHA256=A1B295C48926531F9EF1081E1875B7D5A055EA119219C0BE560D3B147DA1CBB4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067446Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:02.129{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A515F4A910E7DADF9FABBD4963234E5D,SHA256=753D04F54CAEF9EDF9636039544624E9BFA31D7231528A5973AC74C96E9BE16F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032129Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:02.397{CE7C8936-1A7C-61E9-1200-000000002202}1000NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=785A17343F8F256902A84D3038E42F71,SHA256=7528EACA67568C17ED629F9CB98141FFBCF03990042A86D204B17BB959940E05,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032128Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:00.033{CE7C8936-1A7D-61E9-1500-000000002202}1092C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal123ntpfalse169.254.169.123-123ntp 23542300x800000000000000032131Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:03.757{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=982C35D5D0D0CF33D8A842507138F082,SHA256=0997990E2659085E6F8F8F586435054088C9033238364DF7989896FE0267A91D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067449Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:03.268{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9103135419ACAB5BEFBB9672593FE3B1,SHA256=441CAFE53D3CF8F1C2D164E3FDD21DBA57212E0CC436C3DBA8C44127F5CD4C04,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000067448Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:01.572{6F5BEE90-18A4-61E9-0100-000000002102}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:d11b:5952:8f62:5d6dwin-dc-tcontreras-attack-range-53.attackrange.local53425-truefe80:0:0:0:d11b:5952:8f62:5d6dwin-dc-tcontreras-attack-range-53.attackrange.local445microsoft-ds 354300x800000000000000067447Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:01.572{6F5BEE90-18A4-61E9-0100-000000002102}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:d11b:5952:8f62:5d6dwin-dc-tcontreras-attack-range-53.attackrange.local53425-truefe80:0:0:0:d11b:5952:8f62:5d6dwin-dc-tcontreras-attack-range-53.attackrange.local445microsoft-ds 23542300x800000000000000032132Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:04.882{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D20F482A07D4413840F39220B6E4E323,SHA256=22532775E288D38A9CC2FDCFE8573CCD98FFA006D9B0A51F77A3C3BCDDDCC9E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067451Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:04.286{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1FCC2D752EDD63C7F57C5DBBC4EF9B0,SHA256=890AB9B005D4A1D23B9841A2367D50FB5533577264829F9D2FA58F26F3E3AAB1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000067450Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:02.497{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53426-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032134Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:05.897{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8ED071C9EAB684FA42C25832C7CD38A,SHA256=2AAAED28B93DB29B1F4C1E20240301E219718FDE0830958036B07C7068C149CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067452Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:05.290{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18C7D8FCBAA3FF40FA2F6309D2D5B3E4,SHA256=780DC5D87C7D3A60BEEBF86ADB950146A581ED86978F9151F52302ADEFCB73C2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000032133Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:02.877{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51403-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032135Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:06.913{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B061134F5A21A0CCAB2FD190F71E94E,SHA256=D8E54671B4F5104A2294A255D01E757E7E98A3A5284D0117B6D60B59A1190D4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067453Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:06.297{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDDFEA59535CA420C494F96A78A69DF5,SHA256=72902229332CB5A057603AC9438F6C6699B58F6B5D4CC05476CDDB5594C19BF0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032136Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:07.930{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F7E6C958271F00F960AFE1F2921FC26,SHA256=168E9D25E54350D8D6ED22066B2963895DA00E17285466AA14FD6CDCFB7D4E59,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000067456Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:07.325{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067455Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:07.325{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000067454Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:07.311{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD5D671C3D032892C897FA86518B1DB4,SHA256=C19D0B1D0B562F4F1294FE2141178E0E3B6098EB390356B3B7983424780F2610,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032137Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:08.946{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93D32AD12B68C8DE4AFD756ED2CB7A52,SHA256=AAE55B639928AE9D56E9DC62C287CD6223E0AA30AC3A254DE541F346DD8DE854,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067525Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.784{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=967B3CDDB8AD5C69037EE681AA72C457,SHA256=5262EAA97BF98B411269414ED3DC7748B9D0456D9AFBAD8D2F7C38F7BEBAE98D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067524Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.744{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AE8345497DF6C427CE684B93B3FF4FB,SHA256=58D54B1F223F45B3F3204DD0BCDB613BCDCAF549C26D59EA587CA15F52E6A01D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000067523Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.510{6F5BEE90-1B14-61E9-F000-000000002102}49284304C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+8ab6b|C:\Windows\System32\combase.dll+8c0b2|C:\Windows\System32\combase.dll+39b43|C:\Windows\System32\combase.dll+8c1cd|C:\Windows\System32\combase.dll+37e8f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000067522Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.510{6F5BEE90-1B14-61E9-F000-000000002102}49284304C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+8ab6b|C:\Windows\System32\combase.dll+8c0b2|C:\Windows\System32\combase.dll+39b43|C:\Windows\System32\combase.dll+8c1cd|C:\Windows\System32\combase.dll+37e8f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000067521Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.494{6F5BEE90-1B14-61E9-F000-000000002102}49283944C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7 10341000x800000000000000067520Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.458{6F5BEE90-1B14-61E9-F100-000000002102}26324372C:\Windows\System32\sihost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fc6e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067519Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.458{6F5BEE90-1B14-61E9-F100-000000002102}26324372C:\Windows\System32\sihost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3fbe5|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067518Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.457{6F5BEE90-1B14-61E9-F100-000000002102}26324372C:\Windows\System32\sihost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3f049|C:\Windows\System32\modernexecserver.dll+3fd2f|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067517Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.457{6F5BEE90-1B14-61E9-F100-000000002102}26324372C:\Windows\System32\sihost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f6a2|C:\Windows\System32\modernexecserver.dll+3fd1e|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067516Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.457{6F5BEE90-1B14-61E9-F100-000000002102}26324372C:\Windows\System32\sihost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fd0b|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067515Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.457{6F5BEE90-1B14-61E9-F100-000000002102}26324372C:\Windows\System32\sihost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3fdee|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067514Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.456{6F5BEE90-1B15-61E9-FA00-000000002102}46325832C:\Windows\Explorer.EXE{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\system32\twinui.pcshell.dll+27c24|C:\Windows\system32\twinui.pcshell.dll+17316|C:\Windows\system32\twinui.pcshell.dll+17671|C:\Windows\system32\twinui.pcshell.dll+176a9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067513Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.456{6F5BEE90-1B15-61E9-FA00-000000002102}46325832C:\Windows\Explorer.EXE{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\system32\twinui.pcshell.dll+27c24|C:\Windows\system32\twinui.pcshell.dll+17316|C:\Windows\system32\twinui.pcshell.dll+17671|C:\Windows\system32\twinui.pcshell.dll+176a9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067512Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.453{6F5BEE90-1B14-61E9-F100-000000002102}2632324C:\Windows\System32\sihost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f400|C:\Windows\System32\modernexecserver.dll+47a8c|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e 10341000x800000000000000067511Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.453{6F5BEE90-1B14-61E9-F100-000000002102}2632324C:\Windows\System32\sihost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+478ab|C:\Windows\System32\modernexecserver.dll+476e0|C:\Windows\System32\modernexecserver.dll+4763b|C:\Windows\System32\modernexecserver.dll+3985d|C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll+1781|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c 10341000x800000000000000067510Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.443{6F5BEE90-1B14-61E9-F000-000000002102}49283944C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\shcore.dll+35576|C:\Windows\System32\shcore.dll+201ef|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca 10341000x800000000000000067509Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.441{6F5BEE90-1B14-61E9-F000-000000002102}49285768C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\windows.storage.dll+b7e5d|C:\Windows\System32\windows.storage.dll+2a3665|C:\Windows\System32\windows.storage.dll+14d543|C:\Windows\System32\windows.storage.dll+14d5ba|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+8ab6b|C:\Windows\System32\combase.dll+8c0b2|C:\Windows\System32\combase.dll+39b43|C:\Windows\System32\combase.dll+8c1cd|C:\Windows\System32\combase.dll+37e8f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000067508Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.441{6F5BEE90-1B14-61E9-F000-000000002102}49285768C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\windows.storage.dll+b7e5d|C:\Windows\System32\windows.storage.dll+2ca892|C:\Windows\System32\windows.storage.dll+e3c15|C:\Windows\System32\windows.storage.dll+14ce26|C:\Windows\System32\windows.storage.dll+2a35c7|C:\Windows\System32\windows.storage.dll+14d543|C:\Windows\System32\windows.storage.dll+14d5ba|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+8ab6b|C:\Windows\System32\combase.dll+8c0b2|C:\Windows\System32\combase.dll+39b43|C:\Windows\System32\combase.dll+8c1cd|C:\Windows\System32\combase.dll+37e8f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346 10341000x800000000000000067507Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.438{6F5BEE90-1B14-61E9-F000-000000002102}49281116C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\shcore.dll+35576|C:\Windows\System32\shcore.dll+201ef|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca 10341000x800000000000000067506Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.433{6F5BEE90-1B14-61E9-F000-000000002102}49285768C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\windows.storage.dll+b7e5d|C:\Windows\System32\windows.storage.dll+df783|C:\Windows\System32\windows.storage.dll+deef1|C:\Windows\System32\windows.storage.dll+dee05|C:\Windows\System32\windows.storage.dll+ded9e|C:\Windows\System32\windows.storage.dll+5bae9|C:\Windows\System32\windows.storage.dll+13a436|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+8ab6b|C:\Windows\System32\combase.dll+8c0b2|C:\Windows\System32\combase.dll+39b43|C:\Windows\System32\combase.dll+8c1cd|C:\Windows\System32\combase.dll+37e8f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346 10341000x800000000000000067505Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.433{6F5BEE90-1B14-61E9-F000-000000002102}49285768C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\windows.storage.dll+b7e5d|C:\Windows\System32\windows.storage.dll+e1f83|C:\Windows\System32\windows.storage.dll+5b960|C:\Windows\System32\windows.storage.dll+5b8b7|C:\Windows\System32\windows.storage.dll+5ba87|C:\Windows\System32\windows.storage.dll+13a436|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+8ab6b|C:\Windows\System32\combase.dll+8c0b2|C:\Windows\System32\combase.dll+39b43|C:\Windows\System32\combase.dll+8c1cd|C:\Windows\System32\combase.dll+37e8f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa 10341000x800000000000000067504Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.433{6F5BEE90-1B14-61E9-F000-000000002102}49285768C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\windows.storage.dll+b7e5d|C:\Windows\System32\windows.storage.dll+e3d17|C:\Windows\System32\windows.storage.dll+13a4f5|C:\Windows\System32\windows.storage.dll+13a418|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+8ab6b|C:\Windows\System32\combase.dll+8c0b2|C:\Windows\System32\combase.dll+39b43|C:\Windows\System32\combase.dll+8c1cd|C:\Windows\System32\combase.dll+37e8f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000067503Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.433{6F5BEE90-1B14-61E9-F000-000000002102}49285768C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\windows.storage.dll+b7e5d|C:\Windows\System32\windows.storage.dll+13a4c9|C:\Windows\System32\windows.storage.dll+13a418|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+8ab6b|C:\Windows\System32\combase.dll+8c0b2|C:\Windows\System32\combase.dll+39b43|C:\Windows\System32\combase.dll+8c1cd|C:\Windows\System32\combase.dll+37e8f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.storage.dll+e506c 10341000x800000000000000067502Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.432{6F5BEE90-1B14-61E9-F000-000000002102}49285768C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\windows.storage.dll+b7e5d|C:\Windows\System32\windows.storage.dll+2a3665|C:\Windows\System32\windows.storage.dll+14d543|C:\Windows\System32\windows.storage.dll+14d5ba|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+8ab6b|C:\Windows\System32\combase.dll+8c0b2|C:\Windows\System32\combase.dll+39b43|C:\Windows\System32\combase.dll+8c1cd|C:\Windows\System32\combase.dll+37e8f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000067501Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.431{6F5BEE90-1B14-61E9-F000-000000002102}49285768C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\windows.storage.dll+b7e5d|C:\Windows\System32\windows.storage.dll+2ca892|C:\Windows\System32\windows.storage.dll+e3c15|C:\Windows\System32\windows.storage.dll+14ce26|C:\Windows\System32\windows.storage.dll+2a35c7|C:\Windows\System32\windows.storage.dll+14d543|C:\Windows\System32\windows.storage.dll+14d5ba|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+8ab6b|C:\Windows\System32\combase.dll+8c0b2|C:\Windows\System32\combase.dll+39b43|C:\Windows\System32\combase.dll+8c1cd|C:\Windows\System32\combase.dll+37e8f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346 10341000x800000000000000067500Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.416{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067499Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.413{6F5BEE90-1B15-61E9-FA00-000000002102}46325360C:\Windows\Explorer.EXE{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba0bc|C:\Windows\System32\TwinUI.dll+ba897|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+37c5f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000067498Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.413{6F5BEE90-1B15-61E9-FA00-000000002102}46325360C:\Windows\Explorer.EXE{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba0bc|C:\Windows\System32\TwinUI.dll+ba897|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+37c5f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000067497Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.413{6F5BEE90-1B15-61E9-FA00-000000002102}46325784C:\Windows\Explorer.EXE{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+1093d6|C:\Windows\System32\TwinUI.dll+82ba7|C:\Windows\System32\TwinUI.dll+bed5e|C:\Windows\System32\TwinUI.dll+bed29|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067496Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.413{6F5BEE90-1B15-61E9-FA00-000000002102}46325784C:\Windows\Explorer.EXE{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+1093d6|C:\Windows\System32\TwinUI.dll+82ba7|C:\Windows\System32\TwinUI.dll+bed5e|C:\Windows\System32\TwinUI.dll+bed29|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067495Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.412{6F5BEE90-1B15-61E9-FA00-000000002102}46325784C:\Windows\Explorer.EXE{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+1093d6|C:\Windows\System32\TwinUI.dll+82ba7|C:\Windows\System32\TwinUI.dll+bed5e|C:\Windows\System32\TwinUI.dll+bed29|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067494Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.412{6F5BEE90-1B15-61E9-FA00-000000002102}46325784C:\Windows\Explorer.EXE{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+1093d6|C:\Windows\System32\TwinUI.dll+82ba7|C:\Windows\System32\TwinUI.dll+bed5e|C:\Windows\System32\TwinUI.dll+bed29|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067493Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.411{6F5BEE90-1B14-61E9-F000-000000002102}49285768C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\windows.storage.dll+b7e5d|C:\Windows\System32\windows.storage.dll+df783|C:\Windows\System32\windows.storage.dll+deef1|C:\Windows\System32\windows.storage.dll+dee05|C:\Windows\System32\windows.storage.dll+ded9e|C:\Windows\System32\windows.storage.dll+5bae9|C:\Windows\System32\windows.storage.dll+13a436|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+8ab6b|C:\Windows\System32\combase.dll+8c0b2|C:\Windows\System32\combase.dll+39b43|C:\Windows\System32\combase.dll+8c1cd|C:\Windows\System32\combase.dll+37e8f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346 10341000x800000000000000067492Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.411{6F5BEE90-1B14-61E9-F000-000000002102}49285768C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\windows.storage.dll+b7e5d|C:\Windows\System32\windows.storage.dll+e1f83|C:\Windows\System32\windows.storage.dll+5b960|C:\Windows\System32\windows.storage.dll+5b8b7|C:\Windows\System32\windows.storage.dll+5ba87|C:\Windows\System32\windows.storage.dll+13a436|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+8ab6b|C:\Windows\System32\combase.dll+8c0b2|C:\Windows\System32\combase.dll+39b43|C:\Windows\System32\combase.dll+8c1cd|C:\Windows\System32\combase.dll+37e8f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa 10341000x800000000000000067491Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.411{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067490Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.411{6F5BEE90-1B14-61E9-F000-000000002102}49285768C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\windows.storage.dll+b7e5d|C:\Windows\System32\windows.storage.dll+e3d17|C:\Windows\System32\windows.storage.dll+13a4f5|C:\Windows\System32\windows.storage.dll+13a418|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+8ab6b|C:\Windows\System32\combase.dll+8c0b2|C:\Windows\System32\combase.dll+39b43|C:\Windows\System32\combase.dll+8c1cd|C:\Windows\System32\combase.dll+37e8f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000067489Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.411{6F5BEE90-1B14-61E9-F000-000000002102}49285768C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\windows.storage.dll+b7e5d|C:\Windows\System32\windows.storage.dll+13a4c9|C:\Windows\System32\windows.storage.dll+13a418|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+8ab6b|C:\Windows\System32\combase.dll+8c0b2|C:\Windows\System32\combase.dll+39b43|C:\Windows\System32\combase.dll+8c1cd|C:\Windows\System32\combase.dll+37e8f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.storage.dll+e506c 10341000x800000000000000067488Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.411{6F5BEE90-1B15-61E9-FA00-000000002102}46325784C:\Windows\Explorer.EXE{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+1093d6|C:\Windows\System32\TwinUI.dll+82ba7|C:\Windows\System32\TwinUI.dll+bed5e|C:\Windows\System32\TwinUI.dll+bed29|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067487Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.411{6F5BEE90-1B15-61E9-FA00-000000002102}46325784C:\Windows\Explorer.EXE{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+1093d6|C:\Windows\System32\TwinUI.dll+82ba7|C:\Windows\System32\TwinUI.dll+bed5e|C:\Windows\System32\TwinUI.dll+bed29|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067486Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.410{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067485Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.410{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067484Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.408{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\windows.storage.dll+b7e5d|C:\Windows\System32\windows.storage.dll+b7fd8|C:\Windows\System32\windows.storage.dll+1a2da9|C:\Windows\System32\windows.storage.dll+1a2c05|C:\Windows\System32\windows.storage.dll+b8d36|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e 10341000x800000000000000067483Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.408{6F5BEE90-1B15-61E9-FA00-000000002102}46325784C:\Windows\Explorer.EXE{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+1093d6|C:\Windows\System32\TwinUI.dll+82ba7|C:\Windows\System32\TwinUI.dll+bed5e|C:\Windows\System32\TwinUI.dll+bed29|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067482Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.401{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067481Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.401{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067480Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.401{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067479Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.401{6F5BEE90-1B15-61E9-FA00-000000002102}46325784C:\Windows\Explorer.EXE{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+1093d6|C:\Windows\System32\TwinUI.dll+82ba7|C:\Windows\System32\TwinUI.dll+bed5e|C:\Windows\System32\TwinUI.dll+bed29|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067478Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.397{6F5BEE90-18A9-61E9-0D00-000000002102}888916C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067477Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.397{6F5BEE90-18A9-61E9-0D00-000000002102}888916C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067476Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.397{6F5BEE90-18A9-61E9-0D00-000000002102}888916C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067475Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.396{6F5BEE90-18A9-61E9-0D00-000000002102}888916C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067474Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.396{6F5BEE90-18A9-61E9-0D00-000000002102}888916C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067473Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.396{6F5BEE90-18A9-61E9-0D00-000000002102}888916C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067472Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.396{6F5BEE90-18A9-61E9-0D00-000000002102}888916C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067471Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.396{6F5BEE90-18A9-61E9-0D00-000000002102}888916C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067470Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.393{6F5BEE90-18A9-61E9-0D00-000000002102}888916C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067469Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.393{6F5BEE90-18A9-61E9-0D00-000000002102}888916C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067468Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.391{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a384|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2064e|C:\Windows\SYSTEM32\ntdll.dll+1e864|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067467Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.390{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2064e|C:\Windows\SYSTEM32\ntdll.dll+1e864|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067466Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.390{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2064e|C:\Windows\SYSTEM32\ntdll.dll+1e864|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067465Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.390{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000067464Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.389{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000067463Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.389{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000067462Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.378{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067461Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.371{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067460Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.371{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067459Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.370{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067458Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.370{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000067457Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.321{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=09D01E3A20B71DA22A1BCC1235DC1E11,SHA256=ED7E2F052B003B8252A0C0CB619F20E875CD88B3537C98A239889F3943D7D349,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032138Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:09.962{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88C510CB08F420135ACED85BBDD528D2,SHA256=234E0ADF2F22AD35C515D5929BB9AD1E4E03F46EB44703160350F36F436335B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067528Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:09.334{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1487EAE96906D2B93F7A03A430A9E2C,SHA256=90B0420E2E76B5AA7DA0DAB87BC4C2CC9B51EE1D14ECF816AB5FED66B8203EE1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000067527Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:07.618{6F5BEE90-18A9-61E9-0D00-000000002102}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:d11b:5952:8f62:5d6dwin-dc-tcontreras-attack-range-53.attackrange.local53427-truefe80:0:0:0:d11b:5952:8f62:5d6dwin-dc-tcontreras-attack-range-53.attackrange.local135epmap 354300x800000000000000067526Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:07.618{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:d11b:5952:8f62:5d6dwin-dc-tcontreras-attack-range-53.attackrange.local53427-truefe80:0:0:0:d11b:5952:8f62:5d6dwin-dc-tcontreras-attack-range-53.attackrange.local135epmap 23542300x800000000000000032140Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:10.977{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8209B141949CADDE94564145DB3C05FD,SHA256=3EC61F79EE6735BBB8C3BA2070A2EEC98515D62A039377D95AD5F550DB1B3F0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067530Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:10.371{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46EAB41564F65B9223A9179664D72ECC,SHA256=79505C9149F09FE4D2A4DDEDD87B9AF090D500456EA37EA7B722C74CD9AB8C85,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000032139Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:08.754{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51404-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000067529Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:08.404{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53428-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032141Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:11.993{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DAE92093A843D58ECE1E827E846F5C1C,SHA256=A0E299EDF6057B80D2B3519A9A658D123CE22360DB5CC13AE7EBE11C8D1C0061,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000067532Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:11.506{6F5BEE90-18A9-61E9-0D00-000000002102}8886304C:\Windows\system32\svchost.exe{6F5BEE90-18AA-61E9-1600-000000002102}1324C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000067531Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:11.384{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E387603F1522AD73D7329BB265BCEB30,SHA256=A7E3541DD791A1D22DA2D84888980AC4CEFF84046C19FE86C862D77E45ABFC8F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067533Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:12.389{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=736F9750288284E216F8FCEA69A04679,SHA256=1D3DEC0A6F06958837AAEE20DAC14E9CB3452D5A80D78DE6319886816522FD3F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067534Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:13.397{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B3B36D9E05B61BC048657FDCBB8292CB,SHA256=02C7384778D41B00024BBFD916CF87CE3CD19691D45BD88086E24D12CECE14EB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032142Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:13.024{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6DF814DBF03CC8D133C9D06E8EF2EC7,SHA256=101FAC5AF3A97E073CD5478C14BE0C6C232463CD28B7B0B8CA14437333B1F4B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067535Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:14.404{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84AC7DF760A514E75484A74FE1DFD5D1,SHA256=46E3B1002FA947FDB6F97B27FE2936DFB962448A5C7A3107B9C425D83C03A8A7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032143Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:14.025{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4358CEAD78D9316CA5C6ABC17FE3A90A,SHA256=C1B6EB366CC8D257A4034A7012FC90D64BD5F1D04F316AFD7A1A6673696ACCE6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067539Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:15.772{6F5BEE90-18B8-61E9-2900-000000002102}2920NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0571bb7ceded66ec2\channels\health\respondent-20220120080932-146MD5=44EE2058E1CF53803DE801177DF9FF30,SHA256=D4B695239EFC7A7D204A7F26661A6155EA831FDC6A54CE0076B22CA3E58183AF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067538Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:15.506{6F5BEE90-18AA-61E9-1100-000000002102}480NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=248401EBD80F4BD22900620A9DAEB8D7,SHA256=9F60371E5BC3336599171C8C8F1B2FDBBE1C6E6B2C8372C5E9988312CF5B263F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067537Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:15.414{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E3BF0368FF97DC5292FF3249E6C2967B,SHA256=A73B0AF91837808E90A4E82BF9E8EE9A6C088CEA4FD8CE33D81C73277018BAD6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000032145Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:13.957{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51405-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032144Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:15.055{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8FAB37E5C3020ABA3E24592F08AB0DB9,SHA256=8E0F841A79800DE61BC51BDC11FA132D012734F3EBE2C4DD0E11D561A23C05FD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000067536Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:13.527{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53429-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000067541Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:16.780{6F5BEE90-18B8-61E9-2900-000000002102}2920NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0571bb7ceded66ec2\channels\health\surveyor-20220120080928-147MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067540Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:16.425{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E98836CB0F03C97AD94D02C7A40B3119,SHA256=40C517B90E0BF3CFF16B499B56A5678502CDC780BF0B1318A48E12907F7FE494,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032146Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:16.087{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1468C061153E83E53D33F63C9E1E1D5,SHA256=A8C29034E88B444B0C8D73D0FFC2BBB61320FE93D92A40CA145651A0518FB4C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067542Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:17.430{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A99F8384A733ED137A848860EDE568D,SHA256=97B7F735CBF48A5DD8C8CB7925E9EECA04BE40CDE5996BC7CAAF9D09BD32F6F4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032148Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:17.383{CE7C8936-1B12-61E9-AB00-000000002202}1912NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9E11AA9F3452DB0F16F9E79CCD407159,SHA256=0B6123CF67044127245D77723D015AECD3385919E1F78356EC114EAF4F576866,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032147Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:17.102{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89F1CB49B1E638C956C9CA5E2C97C167,SHA256=2E5D513A88594842B3EA472B4896413B8611B8A732246FB84F5AB0E6D06F57F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067543Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:18.456{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B21193008C9E9478D8CBF32276F3262,SHA256=3D2C01D62439B4E6669CE17BD9F744D284ADB893E6B03916BEF5CB15BC1B07F7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000032150Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:17.082{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51406-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000032149Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:18.196{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF1497F192F29DA23C9D5DEF6E197E8E,SHA256=911B4668105A39CEDAE53439FCC270E16F5853EC4EE78F168A0020468C3035F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067544Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:19.467{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=466912CEFCEE6478EC7980219CB50358,SHA256=B527877AED12EF598E2134DD7488ABB4F7C1626DE49B9172A90DB7CB060AE77B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032151Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:19.227{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9DA4298110A39E84BECA7D91CD15DA8,SHA256=3361238135B28D205B2CEA9195895EDF88945A9505C0601E588077990FF962D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067547Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:20.675{6F5BEE90-18B8-61E9-2F00-000000002102}3024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9E11AA9F3452DB0F16F9E79CCD407159,SHA256=0B6123CF67044127245D77723D015AECD3385919E1F78356EC114EAF4F576866,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067546Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:20.485{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1A57697FCB969918A53066BA68DF435,SHA256=149E841B6AC60F60EA46E581074939708E5ED2C016676E29DB4F050F852B2FAD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000067545Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:19.435{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53430-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032152Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:20.258{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=669BABEF9DF0550736EFEC3D80A5D872,SHA256=CB8DDDF3EAF8FB5531A61F3122CA29C7AE57F9D464FC0121AFDBA173CA6C30A3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032154Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:19.895{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51407-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032153Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:21.321{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=27FD2ABDE65AD080B01FA3D20B8CA4DD,SHA256=9D2EBD10F1C503196ECB0E45933134553272087090E914CF872B01606FE04B1F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067548Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:21.486{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2BF454D191EC3B58B614DCE67C2184B,SHA256=5B9334D9224F1288B2EBD11920CD945503F915E4AB4C59F94D93A74F8FD09504,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000067550Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:20.959{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53431-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000067549Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:22.509{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E2CB30921A741E69DC86418BB7EB56C1,SHA256=645948BF63D8B436BDE05D6C3588DE23ACEED1099045EB4769A2A525D319FD04,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032155Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:22.540{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C06ED85351CEA34430EAB2DFBEBFC137,SHA256=8DEA7E9FB5240BE28F4A8CC156407167E0629A649A48AD4E629D0ADEEB32308F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032156Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:23.555{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEDEC7DF1643CDFB2C6D0C7770C22ADF,SHA256=203E1AB5FE5CBF7BB01D6485ABA1EA2FDAEAF63B267C83D22BBBEF24A1EC8669,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067551Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:23.524{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18D6B9DE43911C566761AAC2484FA431,SHA256=3EA9FACF8C6C3A5B9C416D1793612131FDE55546DD6A10D532C4BA2A0B4B3015,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032157Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:24.712{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D0ED7914FFBC1E2F1B4D342B6E5306EB,SHA256=1A84447DD8443E98E556D92A890E59C889CAA33455AD8C4B57360E4FA6786ACF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067552Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:24.544{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E7F5CB05D53FCB22B5286455B0C8B57,SHA256=1541472FFE813BB0187D405C27B93C29B8CAB7040C8AF12B70D84C7E7DEA3657,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032158Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:25.727{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A012350F5329BEAA8EE2203FA09AB4D2,SHA256=B3D969CFA33C7A96DC1E9D6055AFA9214926270762C531A09E1D88E38CFD9030,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067553Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:25.559{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F0622DF705F4ED52542DEE4109413558,SHA256=ED84E4047CF38DB66ABF88C057EC78BCF79192FEE2B63CC0C94ADEFE45A3EEBC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032159Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:26.758{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2656DFECE7174DEBA06189B081AF9C4B,SHA256=459BD697B717B89BBFB461CF6277E8FC417DBCC3325FD2EFEBEF2E69037B6A5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067556Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:26.574{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CFF5D8AEE3E1E72EE09BB758C7FC0A14,SHA256=066A8B6B730C436DA7D637D22F4E667E241FD8E8CFC7725E75BDD5C0758F0416,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000067555Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:25.361{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53432-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 13241300x800000000000000067554Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:40:26.155{6F5BEE90-18AA-61E9-1200-000000002102}352C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d80dea-0x229b8c2d) 23542300x800000000000000067557Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:27.585{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21979228565303017495DD70B9D54F5E,SHA256=595E65E3C366120E9C504982153244953687D5A073AED336BECD1642DBBCD6A6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032160Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:27.771{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60B4E0798C95855342EF7541A0FC94D4,SHA256=212FE10AE35779824106C311740657C89EB14E353C19AE5B40C9297B25C91F0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032162Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:28.786{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD2321C6B2026DAEF96AD9AAEEAC4D6B,SHA256=720082F9EE998A5655F095BAFA1D60EAEC190D990C7CB43BE114A7CF7D94C861,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067559Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:28.589{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C4D154131AA09D51054CE349CF9A882,SHA256=7E8AC2BC09CC62D6AB315F8F1A62720BCC4BA62FF767295C78DA3C42B3226730,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000067558Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:26.415{6F5BEE90-18AA-61E9-1200-000000002102}352C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local123ntpfalse20.101.57.9-123ntp 354300x800000000000000032161Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:25.770{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51408-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032163Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:29.787{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F9C6714F73B065DD987C969FD15DC52,SHA256=946DE4C545E52194338873414DCFF2ED1D651FACEADF0BF510C6849ED57C035F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067560Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:29.603{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=669E2C94DF82E15F8B8503A34A20B6CB,SHA256=9A2DEEE3962A2BF28E3F000D66FEB43960B1EB7E3377952240A6C914C75AAB88,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067566Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:30.685{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFAEFD6C74FE336FDD0BC5CB4CA0AADE,SHA256=BFD5D9003EEAB4EEC9D4A7657BE0C35C5B806ED8F0F87E14B4197462AB767D29,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 13241300x800000000000000067565Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:40:30.483{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\CFE4E044-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_CFE4E044-0000-0000-0000-100000000000.XML 13241300x800000000000000067564Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:40:30.477{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\76A513A4-E79F-4535-AED3-A12F831228A1\Config SourceDWORD (0x00000001) 13241300x800000000000000067563Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:40:30.477{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\76A513A4-E79F-4535-AED3-A12F831228A1\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_76A513A4-E79F-4535-AED3-A12F831228A1.XML 10341000x800000000000000067562Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:30.461{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067561Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:30.460{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000067573Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:31.698{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C78385AC67EA5241752B834FABFA900,SHA256=3026E28AFD992338273A7980C96E909A3D2772D9FA0AFCC9101226022BF1FE13,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032164Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:31.005{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C0555EA6033176D6B95CBB9D7F08C9B7,SHA256=83ECF054AC2F32C032746A39502DD904A1D475661D76907EFDB3B9604A1028FA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000067572Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:30.497{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53433-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000067571Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:31.350{6F5BEE90-18A7-61E9-0B00-000000002102}608660C:\Windows\system32\lsass.exe{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067570Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:31.340{6F5BEE90-18A7-61E9-0B00-000000002102}608660C:\Windows\system32\lsass.exe{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067569Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:31.340{6F5BEE90-18A7-61E9-0B00-000000002102}608660C:\Windows\system32\lsass.exe{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000067568Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:31.209{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=82A15A27E73EAEA43477FE93B0D09239,SHA256=4E702EC6D2F11DFD6E8DF9F75EFFBB19894596377BC49EBA806F20782229118D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067567Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:31.207{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=E099A9CE19DDAC7415911FB2B94051F3,SHA256=7B7C29671AD33F7657F16ABECCE1144E5EE06EA34FEE9E2004DB7AF1EDAEFFE0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067586Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:32.724{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9558CD730CB844C4BA52F5735E119664,SHA256=D3E9A7F238B0AB60F1E636F4472D3423D9DBDE418A91B194E757DEFE727A227B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032165Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:32.099{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A72422F15FB2F430AC1F62D1018B7886,SHA256=D8B00DB0DF3929EFE19E7DA382D4EDB76D97242D66EE94BC57E0BFEC69AFCFDD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000067585Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:31.618{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53435-false10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local389ldap 354300x800000000000000067584Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:31.618{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53435-false10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local389ldap 354300x800000000000000067583Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:30.777{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetruea00:10e:f041:83fc:c840:59f0:c8b:ffff-59245-truee000:fc:0:0:0:0:0:0-5355llmnr 354300x800000000000000067582Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:30.777{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetruefe80:0:0:0:d11b:5952:8f62:5d6dwin-dc-tcontreras-attack-range-53.attackrange.local59245-trueff02:0:0:0:0:0:1:3-5355llmnr 354300x800000000000000067581Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:30.753{6F5BEE90-18A9-61E9-0D00-000000002102}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:d11b:5952:8f62:5d6dwin-dc-tcontreras-attack-range-53.attackrange.local53434-truefe80:0:0:0:d11b:5952:8f62:5d6dwin-dc-tcontreras-attack-range-53.attackrange.local135epmap 354300x800000000000000067580Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:30.753{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:d11b:5952:8f62:5d6dwin-dc-tcontreras-attack-range-53.attackrange.local53434-truefe80:0:0:0:d11b:5952:8f62:5d6dwin-dc-tcontreras-attack-range-53.attackrange.local135epmap 23542300x800000000000000067579Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:32.420{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=090C297E180ABC8933E5443BF1B77A2E,SHA256=42A16C1AEA7622805B96CB9FDC485DE375542F859EDE39E9F3398A38A50107A7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067578Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:32.418{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=29D13978B6B4C96FF4C73933007E52FD,SHA256=EA2B735A00A55DBA28A878BDB43BF5A430C57303122BDB8FD7916B707628B687,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000067577Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:32.331{6F5BEE90-18A9-61E9-0D00-000000002102}8886304C:\Windows\system32\svchost.exe{6F5BEE90-18AA-61E9-1600-000000002102}1324C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067576Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:32.205{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067575Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:32.188{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067574Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:32.188{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000067619Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.959{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6FF23C5DE8AF17FA6C2278BBAADD288B,SHA256=08B9C3170D09D1BA911909FDC37BB11AF5872E51EC38C2D0FE8CDA01CDD927AC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000067618Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.779{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000067617Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.779{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000067616Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.778{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000067615Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.777{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000067614Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.777{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000067613Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.777{6F5BEE90-1B14-61E9-F100-000000002102}26325940C:\Windows\System32\sihost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+37dac|C:\Windows\System32\modernexecserver.dll+37d4f|C:\Windows\System32\modernexecserver.dll+375a6|C:\Windows\System32\modernexecserver.dll+1a1c4|C:\Windows\System32\modernexecserver.dll+3191d|C:\Windows\System32\modernexecserver.dll+32871|C:\Windows\System32\modernexecserver.dll+3278f|C:\Windows\SYSTEM32\ntdll.dll+2064e|C:\Windows\SYSTEM32\ntdll.dll+1e864|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x800000000000000032167Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:31.798{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51409-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032166Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:33.114{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=590BDA4F192D34589D59D0621395C096,SHA256=8ADD1CF0B5767D10A62EF734909E8368B8412134B4521FFED840263ACF82CFA3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000067612Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.716{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000067611Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.716{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000067610Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.715{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000067609Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.715{6F5BEE90-18B8-61E9-2B00-000000002102}29766272C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\tileobjserver.dll+bce2|c:\windows\system32\tileobjserver.dll+26da2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e 10341000x800000000000000067608Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.715{6F5BEE90-18B8-61E9-2B00-000000002102}29766272C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|c:\windows\system32\tileobjserver.dll+bc8f|c:\windows\system32\tileobjserver.dll+26da2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca 10341000x800000000000000067607Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.436{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067606Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.435{6F5BEE90-1B15-61E9-FA00-000000002102}46325832C:\Windows\Explorer.EXE{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\system32\twinui.pcshell.dll+27c24|C:\Windows\system32\twinui.pcshell.dll+17316|C:\Windows\system32\twinui.pcshell.dll+17671|C:\Windows\system32\twinui.pcshell.dll+176a9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067605Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.435{6F5BEE90-1B15-61E9-FA00-000000002102}46325832C:\Windows\Explorer.EXE{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\system32\twinui.pcshell.dll+27c24|C:\Windows\system32\twinui.pcshell.dll+17316|C:\Windows\system32\twinui.pcshell.dll+17671|C:\Windows\system32\twinui.pcshell.dll+176a9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067604Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.433{6F5BEE90-1B15-61E9-FA00-000000002102}46325360C:\Windows\Explorer.EXE{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba0bc|C:\Windows\System32\TwinUI.dll+ba897|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+37c5f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000067603Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.433{6F5BEE90-1B15-61E9-FA00-000000002102}46325360C:\Windows\Explorer.EXE{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba0bc|C:\Windows\System32\TwinUI.dll+ba897|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+37c5f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000067602Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.433{6F5BEE90-1B14-61E9-F100-000000002102}26324372C:\Windows\System32\sihost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fc6e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067601Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.432{6F5BEE90-1B14-61E9-F100-000000002102}26324372C:\Windows\System32\sihost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3fbe5|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067600Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.432{6F5BEE90-1B14-61E9-F100-000000002102}26324372C:\Windows\System32\sihost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3f049|C:\Windows\System32\modernexecserver.dll+3fd2f|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067599Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.431{6F5BEE90-1B14-61E9-F100-000000002102}26324372C:\Windows\System32\sihost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f6a2|C:\Windows\System32\modernexecserver.dll+3fd1e|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067598Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.431{6F5BEE90-1B14-61E9-F100-000000002102}26324372C:\Windows\System32\sihost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fd0b|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067597Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.431{6F5BEE90-1B14-61E9-F100-000000002102}26324372C:\Windows\System32\sihost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3fdee|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067596Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.430{6F5BEE90-1B14-61E9-F100-000000002102}26325976C:\Windows\System32\sihost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f400|C:\Windows\System32\modernexecserver.dll+47a8c|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e 10341000x800000000000000067595Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.429{6F5BEE90-1B14-61E9-F100-000000002102}26325976C:\Windows\System32\sihost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+478ab|C:\Windows\System32\modernexecserver.dll+476e0|C:\Windows\System32\modernexecserver.dll+4763b|C:\Windows\System32\modernexecserver.dll+3985d|C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll+1781|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c 10341000x800000000000000067594Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.428{6F5BEE90-1B14-61E9-F100-000000002102}26324372C:\Windows\System32\sihost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fc6e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067593Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.427{6F5BEE90-1B14-61E9-F100-000000002102}26324372C:\Windows\System32\sihost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3fbe5|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067592Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.426{6F5BEE90-1B14-61E9-F100-000000002102}26324372C:\Windows\System32\sihost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3f049|C:\Windows\System32\modernexecserver.dll+3fd2f|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067591Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.426{6F5BEE90-1B14-61E9-F100-000000002102}26324372C:\Windows\System32\sihost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f6a2|C:\Windows\System32\modernexecserver.dll+3fd1e|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067590Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.426{6F5BEE90-1B14-61E9-F100-000000002102}26324372C:\Windows\System32\sihost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fd0b|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067589Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.426{6F5BEE90-1B14-61E9-F100-000000002102}26324372C:\Windows\System32\sihost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3fdee|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067588Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.425{6F5BEE90-1B14-61E9-F100-000000002102}26325976C:\Windows\System32\sihost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f400|C:\Windows\System32\modernexecserver.dll+47a8c|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e 10341000x800000000000000067587Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:33.424{6F5BEE90-1B14-61E9-F100-000000002102}26325976C:\Windows\System32\sihost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+478ab|C:\Windows\System32\modernexecserver.dll+476e0|C:\Windows\System32\modernexecserver.dll+4763b|C:\Windows\System32\modernexecserver.dll+3985d|C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll+1781|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c 23542300x800000000000000067622Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:34.792{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=246C55B7263C1F6ABB5CE33C73F575CD,SHA256=C2DA33166A173F8CAA7519E3D18B0D3F1CA78C705D3B000F331BD4DA46A6D6E3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032168Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:34.114{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D0E69F1DFB689630DAAEC71CE394BF01,SHA256=03051872C400B9648503B1F89D7C09A37F45B1C6E0015E9C9C9DA745B7CF9E3B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000067621Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:32.475{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53436-false10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local389ldap 354300x800000000000000067620Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:32.473{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53436-false10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local389ldap 23542300x800000000000000067623Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:35.812{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=644B2D7BDA3004731D3DBA30428BFD97,SHA256=FD94F91B15770C057F7B83464F4462850E6ACC55899A514A3EE1B810CD03DE6C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032169Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:35.130{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BEC53F24307AFAF7D1B0F7E12CC0E5B,SHA256=01D29A6B58F8BFF0C2C89600D896A52686598B10C7F22E83E2DBF18B93F5561C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067624Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:36.818{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=909C65D7B8554DAB3FF312E86151FD2A,SHA256=5A1B8FCD295868DB831E09188442ED9D1687B7DDB362C201ACE1794EF0A75F77,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032170Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:36.146{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B61CE319FB1D5C62B285A970B47ECC4,SHA256=B29FA350A2E804701C57392B4AA2BF70A8DC43D0AB974EBC7B0C4F05D080CD15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067626Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:37.821{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6B816A510C079BEA8D69B23F8E10490,SHA256=3D9432D4934FA4E510C45A2DB321768DD00896764CF75E024C8375DE59193A22,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032172Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:37.181{CE7C8936-1A7D-61E9-2200-000000002202}1212NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0b4c8a78fb3fad9c4\channels\health\respondent-20220120081703-139MD5=48D9DB22D5DA72E1508DB4774F89CD54,SHA256=47231F73915EFCF046725A41CCC183BD3625BDF28EF9197BB172C87CF7B7A72C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032171Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:37.148{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B7039D79BAD4E64D327D6E782AF5C17B,SHA256=B8AB647F07375C3E44F97E1549DE898D573CBFDDFCC2078895600198A34908CE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000067625Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:36.452{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53437-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000067627Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:38.827{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=145ED2DF732B900557657ADC0F33E1FD,SHA256=D4A3A103D25E2A52DC2269E45D6263B667223DE4B75CDCC577B6F446E9726166,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032174Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:38.190{CE7C8936-1A7D-61E9-2200-000000002202}1212NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0b4c8a78fb3fad9c4\channels\health\surveyor-20220120081701-140MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032173Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:38.158{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5524B81845EB1627A582FCFFF5973C33,SHA256=33888347FF28D10985883DF6BC14B258B552E92A0092E861992F806F13D88B96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067628Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:39.859{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B05064ECF6612750FED7A4DBB01ED2B,SHA256=88D6A3F860D4DD8FFFCB2144552506DC4AF07C42DDFF91F4FF0136E3858D2319,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000032190Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:37.763{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51410-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000032189Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:39.830{CE7C8936-3C27-61E9-1806-000000002202}2624692C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032188Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:39.674{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3C27-61E9-1806-000000002202}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032187Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:39.674{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032186Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:39.674{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032185Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:39.674{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032184Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:39.674{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032183Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:39.674{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032182Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:39.674{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032181Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:39.674{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032180Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:39.674{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032179Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:39.674{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032178Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:39.674{CE7C8936-1A7C-61E9-0500-000000002202}388504C:\Windows\system32\csrss.exe{CE7C8936-3C27-61E9-1806-000000002202}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032177Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:39.674{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3C27-61E9-1806-000000002202}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032176Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:39.675{CE7C8936-3C27-61E9-1806-000000002202}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032175Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:39.174{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=09B14C8A837A33E87B9B5B4DCDC50ACC,SHA256=D692EC4E5B9C2CB7936E336E1BAE7D04820C6860B2F2ECF911E505B997CF4346,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067632Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:40.869{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BBAE8BB974F166406887D1D756EC9C89,SHA256=9AD54550AC35EA430F15133D4E4C2A15D2696A459D4090E2F081396FC9B324A0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000032219Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.971{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3C28-61E9-1A06-000000002202}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032218Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.971{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032217Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.971{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032216Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.971{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032215Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.971{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032214Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.971{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032213Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.971{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032212Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.971{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032211Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.971{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032210Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.971{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032209Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.971{CE7C8936-1A7C-61E9-0500-000000002202}388504C:\Windows\system32\csrss.exe{CE7C8936-3C28-61E9-1A06-000000002202}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032208Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.971{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3C28-61E9-1A06-000000002202}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032207Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.971{CE7C8936-3C28-61E9-1A06-000000002202}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032206Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.924{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FF21FE3E7307C6238BB58022EE00A19D,SHA256=160F42547B051EBA5A527C4A73B0094290E6806BA0F0D807ACE6AB26910431A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032205Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.924{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DE3DDD97D2A1059CD9B7BB4F1CED44B8,SHA256=E1BF7D4F273F7A14808D7FA7C66105577B60BBCCA7E3D47DD9A98B0B1E841951,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032204Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.299{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3C28-61E9-1906-000000002202}2504C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032203Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.299{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032202Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.299{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032201Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.299{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032200Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.299{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032199Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.299{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032198Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.299{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032197Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.299{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032196Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.299{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032195Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.299{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032194Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.299{CE7C8936-1A7C-61E9-0500-000000002202}388504C:\Windows\system32\csrss.exe{CE7C8936-3C28-61E9-1906-000000002202}2504C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032193Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.299{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3C28-61E9-1906-000000002202}2504C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032192Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.300{CE7C8936-3C28-61E9-1906-000000002202}2504C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032191Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:40.189{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77BE120FF9462CC6E7E002E275347099,SHA256=CB3BBD32EADF485CDFECCA072BF9E5DB31CBB298B87B7068E30C88FEB7C7DCDB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000067631Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:40.509{6F5BEE90-1B15-61E9-FA00-000000002102}46325324C:\Windows\Explorer.EXE{6F5BEE90-1CB8-61E9-7203-000000002102}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+55a20|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9824|UNKNOWN(FFFFF803E7C6BFF8)|UNKNOWN(FFFFFF171F0A5B48)|UNKNOWN(FFFFFF171F0A5CC7)|UNKNOWN(FFFFFF171F0A0351)|UNKNOWN(FFFFFF171F0A1D1A)|UNKNOWN(FFFFFF171F09FFD6)|UNKNOWN(FFFFF803E7983503)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5928b|C:\Windows\System32\SHELL32.dll+dac4a|C:\Windows\System32\SHCORE.dll+33fad 10341000x800000000000000067630Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:40.509{6F5BEE90-1B15-61E9-FA00-000000002102}46325324C:\Windows\Explorer.EXE{6F5BEE90-1CB8-61E9-7203-000000002102}6636C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+55501|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9824|UNKNOWN(FFFFF803E7C6BFF8)|UNKNOWN(FFFFFF171F0A5B48)|UNKNOWN(FFFFFF171F0A5CC7)|UNKNOWN(FFFFFF171F0A0351)|UNKNOWN(FFFFFF171F0A1D1A)|UNKNOWN(FFFFFF171F09FFD6)|UNKNOWN(FFFFF803E7983503)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5928b|C:\Windows\System32\SHELL32.dll+dac4a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000067629Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:40.508{6F5BEE90-1CB8-61E9-7203-000000002102}6636ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RF8ac18b.TMPMD5=E555C3DF986D026CE18D3C1413D29B2C,SHA256=DD1D6F0A377DA9E4002772F99C862E4322373FCF01ABAC22B4A1D1EC192A0C13,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067633Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:41.886{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A377060E8C76662772F8AB7AD8324CF8,SHA256=DDFB2631AE1829931F627EB78172F3D304506A584241A26DA7C6AD72A97CC17A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032220Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:41.439{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C49C4F13F69BED2614ACB5952ACEBFB9,SHA256=DA39336B420BF1F9700EC9BE3CAA5C9828C374369BDC61923AA002C6F7791EDC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067643Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:42.927{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CFBBD95EFC6880311A83088C02F33EE2,SHA256=552FFD70C85887CAF07DCC0DC61AFA05259B26BFEFBCED5EAD3B011672315156,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000032250Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.861{CE7C8936-3C2A-61E9-1C06-000000002202}36322436C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032249Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.721{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3C2A-61E9-1C06-000000002202}3632C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032248Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.721{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032247Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.721{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032246Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.721{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032245Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.721{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032244Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.721{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032243Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.721{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032242Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.721{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032241Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.721{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032240Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.721{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032239Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.721{CE7C8936-1A7C-61E9-0500-000000002202}388504C:\Windows\system32\csrss.exe{CE7C8936-3C2A-61E9-1C06-000000002202}3632C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032238Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.721{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3C2A-61E9-1C06-000000002202}3632C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032237Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.722{CE7C8936-3C2A-61E9-1C06-000000002202}3632C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032236Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.674{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DBC2A8D4FFD470B63B25F8117129E6FE,SHA256=1ACBBEF7DB5E5B442E159598FCACFFAEB65A56903489FF36F349856C4CF5FD9F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000067642Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:42.829{6F5BEE90-3C2A-61E9-9B09-000000002102}65486828C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067641Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:42.594{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3C2A-61E9-9B09-000000002102}6548C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067640Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:42.592{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067639Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:42.592{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067638Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:42.592{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067637Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:42.592{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067636Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:42.591{6F5BEE90-18A7-61E9-0500-000000002102}392508C:\Windows\system32\csrss.exe{6F5BEE90-3C2A-61E9-9B09-000000002102}6548C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000067635Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:42.591{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3C2A-61E9-9B09-000000002102}6548C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000067634Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:42.448{6F5BEE90-3C2A-61E9-9B09-000000002102}6548C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032235Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.268{CE7C8936-3C2A-61E9-1B06-000000002202}16802492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000032234Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.205{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FF21FE3E7307C6238BB58022EE00A19D,SHA256=160F42547B051EBA5A527C4A73B0094290E6806BA0F0D807ACE6AB26910431A5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032233Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.127{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3C2A-61E9-1B06-000000002202}1680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032232Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.127{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032231Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.127{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032230Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.127{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032229Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.127{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032228Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.127{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032227Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.127{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032226Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.127{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032225Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.127{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032224Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.127{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032223Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.127{CE7C8936-1A7C-61E9-0500-000000002202}388504C:\Windows\system32\csrss.exe{CE7C8936-3C2A-61E9-1B06-000000002202}1680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032222Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.127{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3C2A-61E9-1B06-000000002202}1680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032221Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:42.128{CE7C8936-3C2A-61E9-1B06-000000002202}1680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032279Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.924{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3C2B-61E9-1E06-000000002202}632C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032278Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.924{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032277Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.924{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032276Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.924{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032275Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.924{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032274Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.924{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032273Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.924{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032272Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.924{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032271Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.924{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032270Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.924{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032269Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.924{CE7C8936-1A7C-61E9-0500-000000002202}388404C:\Windows\system32\csrss.exe{CE7C8936-3C2B-61E9-1E06-000000002202}632C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032268Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.924{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3C2B-61E9-1E06-000000002202}632C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032267Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.926{CE7C8936-3C2B-61E9-1E06-000000002202}632C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032266Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.924{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9883293655D7025ADE60233946B4882,SHA256=885814F440F63C6103B859334278B63664E715F8A06C4CACAEF1D562EBD165BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067655Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:43.948{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FDEC6133D709D8F898743FAF8EB31AA9,SHA256=BE4F83B61441C3C118A5456AF199776374A2FCDF73E6F03679A411661DE3A857,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000067654Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:42.461{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53438-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000067653Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:43.461{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5CF9DC478F662DA7E2580915B1BEB556,SHA256=1FCAA9EE8CD3E8050D7C5231D32D928E7F11C8A43E606BCBE3A778F29484813A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067652Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:43.460{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=090C297E180ABC8933E5443BF1B77A2E,SHA256=42A16C1AEA7622805B96CB9FDC485DE375542F859EDE39E9F3398A38A50107A7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000067651Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:43.324{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3C2B-61E9-9C09-000000002102}784C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067650Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:43.320{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067649Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:43.319{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067648Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:43.319{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067647Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:43.319{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067646Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:43.318{6F5BEE90-18A7-61E9-0500-000000002102}392368C:\Windows\system32\csrss.exe{6F5BEE90-3C2B-61E9-9C09-000000002102}784C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000067645Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:43.318{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3C2B-61E9-9C09-000000002102}784C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000067644Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:43.317{6F5BEE90-3C2B-61E9-9C09-000000002102}784C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032265Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.768{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=29714C4A53113F9C646CECA7240A44E2,SHA256=3F195287DA2FD6B7A3EC8AFC2BD07B1679CFD1D63226DD82C764168BA542439A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032264Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.533{CE7C8936-3C2B-61E9-1D06-000000002202}25762780C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032263Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.392{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3C2B-61E9-1D06-000000002202}2576C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032262Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.392{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032261Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.392{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032260Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.392{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032259Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.392{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032258Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.392{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032257Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.392{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032256Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.392{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032255Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.392{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032254Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.392{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032253Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.392{CE7C8936-1A7C-61E9-0500-000000002202}388504C:\Windows\system32\csrss.exe{CE7C8936-3C2B-61E9-1D06-000000002202}2576C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032252Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.392{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3C2B-61E9-1D06-000000002202}2576C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032251Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.393{CE7C8936-3C2B-61E9-1D06-000000002202}2576C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000067658Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:44.960{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C201B849944D196AD475470902CD8652,SHA256=10C1F018AA626F11A55A02BC58A71215897E262C784BCF5D5AE5DA5848BDA2F4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000067657Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:43.562{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53439-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local389ldap 354300x800000000000000067656Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:43.562{6F5BEE90-18B8-61E9-2700-000000002102}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53439-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local389ldap 23542300x800000000000000067668Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:45.977{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32AFF2B02AB44F0B88592204F730E11B,SHA256=868F84500278AF59117BC8EE83FE2845769BA5A1D0BEC4144F4FB7DDE392A90E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000067667Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:45.922{6F5BEE90-3C2D-61E9-9D09-000000002102}58681340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067666Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:45.651{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3C2D-61E9-9D09-000000002102}5868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067665Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:45.648{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067664Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:45.648{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067663Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:45.648{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067662Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:45.648{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067661Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:45.647{6F5BEE90-18A7-61E9-0500-000000002102}392408C:\Windows\system32\csrss.exe{6F5BEE90-3C2D-61E9-9D09-000000002102}5868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000067660Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:45.647{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3C2D-61E9-9D09-000000002102}5868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000067659Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:45.646{6F5BEE90-3C2D-61E9-9D09-000000002102}5868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032281Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:45.127{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6C89B7BD329703730001600E0CB205C,SHA256=92B77CFD15EDB42CD3CF76A2B41BBF12416EF6B70503EBAFC2AD3BFFF85C0096,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032280Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:45.127{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=05FFC44DF053C63411E6092024CE2B8F,SHA256=54C84DCD4ABA90D1ED47751FCBB86DBD2A0686A10CD8FABD3A866022E2AD0D2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067678Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:46.985{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE31D48138BA8E985A8CCC674898BD53,SHA256=5515820C6B74C96AF0A5F5C738945E5FB8A1F73A6EA80E8B281E078A176FDA90,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000032283Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:43.810{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51411-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032282Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:46.143{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33426C3E2664E7FAC8067277D6FBE82E,SHA256=02C45808914691862739A5B6CC1249FCD2877085F5C0BC2402168CCB399D5C2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067677Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:46.668{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5CF9DC478F662DA7E2580915B1BEB556,SHA256=1FCAA9EE8CD3E8050D7C5231D32D928E7F11C8A43E606BCBE3A778F29484813A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000067676Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:46.228{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3C2E-61E9-9E09-000000002102}6084C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067675Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:46.225{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067674Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:46.225{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067673Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:46.225{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067672Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:46.225{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067671Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:46.224{6F5BEE90-18A7-61E9-0500-000000002102}392368C:\Windows\system32\csrss.exe{6F5BEE90-3C2E-61E9-9E09-000000002102}6084C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000067670Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:46.224{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3C2E-61E9-9E09-000000002102}6084C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000067669Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:46.223{6F5BEE90-3C2E-61E9-9E09-000000002102}6084C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032284Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:47.158{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2DF4B6BA771A163B9D354D5B42ED02A,SHA256=2CF309B4E3AB03D8D2B94E1C69357AED30E905AF67DF183B0718980A7467D5DF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000067695Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:47.818{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3C2F-61E9-A009-000000002102}4192C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067694Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:47.815{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067693Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:47.815{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067692Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:47.815{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067691Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:47.815{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067690Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:47.815{6F5BEE90-18A7-61E9-0500-000000002102}392508C:\Windows\system32\csrss.exe{6F5BEE90-3C2F-61E9-A009-000000002102}4192C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000067689Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:47.814{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3C2F-61E9-A009-000000002102}4192C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000067688Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:47.813{6F5BEE90-3C2F-61E9-A009-000000002102}4192C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000067687Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:47.658{6F5BEE90-3C2F-61E9-9F09-000000002102}60724652C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067686Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:47.243{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3C2F-61E9-9F09-000000002102}6072C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067685Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:47.242{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067684Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:47.241{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067683Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:47.241{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067682Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:47.241{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067681Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:47.239{6F5BEE90-18A7-61E9-0500-000000002102}392368C:\Windows\system32\csrss.exe{6F5BEE90-3C2F-61E9-9F09-000000002102}6072C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000067680Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:47.239{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3C2F-61E9-9F09-000000002102}6072C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000067679Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:47.239{6F5BEE90-3C2F-61E9-9F09-000000002102}6072C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032285Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:48.173{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58B1881BC82F946889BA43E1559D9844,SHA256=A2DCF14F7CEA8FC38C3996AD9B59BA04DB6B1D7F3712A02D4368EB4182B9EF7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067698Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:48.249{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1D174A41DB80F7496F962958730AB503,SHA256=027465A7C8093C03BFEB8971D1557EA9181C5EF13BE7673807A78E1ED99720F1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000067697Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:48.162{6F5BEE90-3C2F-61E9-A009-000000002102}41926092C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000067696Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:48.051{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E455938B6F60E9588A8AAA2DDB7E2C8,SHA256=00B52B7D8AC2181BE8C498C0DAB355F52684C0C83BC5D0014C0514A8C29C63A0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032286Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:49.189{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A5A0F212B31A237EA79D386FA89F34C,SHA256=60EAA8DBA09D54C2D196BC5D9A5A158F606998E418F2C461C8D4A06F62B960DB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000067708Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:48.338{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53440-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000067707Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:49.741{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3C31-61E9-A109-000000002102}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067706Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:49.736{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067705Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:49.736{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067704Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:49.734{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067703Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:49.734{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067702Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:49.733{6F5BEE90-18A7-61E9-0500-000000002102}392368C:\Windows\system32\csrss.exe{6F5BEE90-3C31-61E9-A109-000000002102}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000067701Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:49.733{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3C31-61E9-A109-000000002102}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000067700Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:49.732{6F5BEE90-3C31-61E9-A109-000000002102}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000067699Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:49.069{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC6CFC1756F63FC563457950A3F81722,SHA256=1A277A5150C29C3FCE15C9760E52840D4558EC224BAB7D5774DC647BB2149839,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067710Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:50.751{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=117BEDCB1A3E5D69510FDE3944EA6AE1,SHA256=3B02422BDACD5F0F39AB3FCF9635BFAC76B86E923AC25F2C11A676402FE69452,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067709Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:50.107{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9AF6A545E22042F1DAA00C1B29902696,SHA256=750283C5F5BD1929C577FC6681EF5C5030F3581080759002D13A2D9BAB9809A8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000032288Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:48.950{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51412-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032287Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:50.220{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F483EF94704C929393B14C123F445520,SHA256=3DD121617604E7F097F090512D7A6F9047A74844FF36502445614E7184C38A55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032289Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:51.236{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE1553AEC785EE6E119DDB3AED7E96D4,SHA256=EC3690CCBC4D8562D444F1E22E61F6C2E2855B9B70B94F054B3CB978C89E81A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067711Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:51.130{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8166F6873C3B58DBE5E152F03D16A64,SHA256=8431B014D39B2667C8A4E17F35E5BD05BDAD084EB69F4601604C8F76E17ABACF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032290Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:52.267{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=07CF67DA6BF3BD53D944908FC2C71A50,SHA256=7166E759407A9851FF406D09E251A39F2EC024A0F27FFC636255ED948FE38909,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067712Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:52.153{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=27B18484A7FFB68F26FE77BD49814ECC,SHA256=7746595751CCA3A8AED6F702314D4B6D057CB002E1482DE24707F86A631A6997,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032291Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:53.298{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=300CA9AB0183C2AE9EB71444054DB673,SHA256=7F2FF0F136E6C7B548E40AE480F9248D1F88E27DF02DA8D1CC2B73E8DCC7F948,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067713Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:53.157{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2394F9C65EED21F1AB2F654C357EC69,SHA256=B3A112471CA966293974E90E0E0856C16D3A2346E0522B1844619CE6CDE1C1BB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067714Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:54.197{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E362CCE5F91EC843C52997C1FE8B749B,SHA256=78AF6B1451DA0CFE9607BA7E6A5C7723A81D3E97B8A86EF073D6D3462E76C968,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032292Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:54.314{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B04A1740425562EDCE96DC461844B1B,SHA256=91073FD948417B0A89A2DA6E31FEC7B323E267C691324CFB0AAE89D443C796D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032293Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:55.329{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=37A06878825FE86287481FA07449E225,SHA256=0541C95F358BA9CB1BDB090036D06545CFE0F3B3054CD2659CB10162E1E75F3A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000067716Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:54.310{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53441-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000067715Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:55.205{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6304030629F232B6FADC86732C1CE885,SHA256=88FB3EED3015F4C5008223B3B3FC992652BFB87AB3B76E6F146444C99F381284,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032294Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:56.361{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=519C0726D245A005273C99807BA6E6D9,SHA256=263EF0511AE1F5174D80F50EF40F3A73A64CDC311215D4C3849FF7F0CE7A66E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067717Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:56.222{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58967ACDD49FBFC4FA4F2C497900204C,SHA256=B55780F432809D8C7C1E8452EA15524EAD8CD0749C29D6524C11ED07D817A9E9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000032296Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:54.903{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51413-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032295Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:57.376{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DAD67AE3FD39AACADF85F059B5751970,SHA256=6D08C60F38F33676DBE3BAA295EBE9EC16E062017CFA155696FB0F0DC8395B7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067718Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:57.229{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EAAA26DC4F96D7222BA65E3F39C342F3,SHA256=66AD643D8F7CD227D78E4FE476445F0C26613B0F1914A3BD38E2C4D0744C473B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067719Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:58.238{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF629759143D2B69569BFD479CBE798A,SHA256=E64B5C11A8B04D85DAEEB146A01E84A656DEEA2065059714D6E0D069A91FFDB2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032297Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:58.392{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE5150DA0C1EB9598321A26A1743006D,SHA256=E0BD017664A0F8ADA155F8C8188B6999B30C977AF0592DA78A5E7AB16CFC1A56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067720Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:59.362{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A6F479084E331F895467B8296B4E04B,SHA256=F3E181FA6BBDDE125D71714DB484A69D0CBD90D305F876C31EDDDD211EBEE51F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032298Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:40:59.408{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6FA4C6D7D9619E5851C23C152AB4AB8,SHA256=94466B195F4CABBA556CF767119DB64827BBB9457AC36FF653F94EEEBD1E4312,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000067722Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:40:59.508{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53442-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000067721Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:00.392{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E12239475577DDEC0DA8AD8EAA30256A,SHA256=CE7446F5930E8CFB2E1792D57D3496AF9797DACEA635B9C926C2F00743BB9DD8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032299Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:00.423{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91E3ECA3972840D65F5CB3DB1E9E8B83,SHA256=72E5BEA91E6F8CB1BB224BC20935A9547575D4F912205287BEFB6946B7854110,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067723Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:01.403{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=313179DC8E4CDDC4461862AA71C4D651,SHA256=6723CFED104366EC976EBDBDE1EDB76DA76EBDEAB1E1F928CCCCB37FF603E357,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032300Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:01.439{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=02963BF70A99BE5947DDCAEF85CDA165,SHA256=1A0CDBCD93E497B06964F9F82A1ED20F200730A9BF122BA5DCED80D354DE1D3A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032303Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:00.871{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51414-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032302Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:02.454{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6207F6D37D0BE60EADF30AEBD1BAB23A,SHA256=D51ADF539AF2504C67FB6B3A9C91E8D98FD3F36068D02CD4055E9D6E9952B29C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067724Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:02.423{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=38B106739D2F0FF3E24C966B55AF5B55,SHA256=28BAF891D166C0268EEA97D74CD6D48D83D9BBC0D212C996CFE54FD77033ADFC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032301Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:02.408{CE7C8936-1A7C-61E9-1200-000000002202}1000NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=D926983A4AC74ADFF424669A0CC32AB1,SHA256=54AF67AC3FED57D57E7C256F820A3B2735E65A3E5408CEA7E202B61705AA5AC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032304Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:03.454{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DEEE9B507AF80B5787546D3FADB6B276,SHA256=38A6BFCE72ACB0E8EF01F21244F71EDC9ADEDE738AA680B112C03726C1B88C69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067725Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:03.438{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A641B1226AC0439211B46C7F8FE573C2,SHA256=45806EB747C371DC0A8D543A5C6828576942F52993420C338D89618FCB1EBB7C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032305Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:04.470{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=38C7EA1280A15D1835FAD8F51C12ED58,SHA256=6882BD593FCEC4B4060C5A4EBEF1141F6DC01431041AC27550F26DC25CB82C25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067726Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:04.473{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4BA326AA31DC50680F111BD15026A5D3,SHA256=11FBA646E6146B8B105F4F4A91E02CF8C0E392EF5E184C74D9273063EDE1C9A8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032306Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:05.486{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E4C6CCFF913BBF342EEB4990B878C9D,SHA256=22F03B173B55CDCF4C167B656E75A77ECDFDC91CEB0BE50165A7A897D166E8E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067727Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:05.489{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA76685DE13CA1DBD6CDC6C67DF03438,SHA256=198E90B854D254C29F787DDE1623CA8887ACEC4DB00B8B06B76CED5E439C4352,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067728Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:06.501{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0F3BB779B5D03BC0E7850824FA5C27A,SHA256=808838E5840C5D9DD19CA6DAA7FCEE4A816C4EDAE5615706C75F4A08789A9301,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032307Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:06.501{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86AAE6D2BB604E099B6D1418DE49F63D,SHA256=A61049F8A6056989CB9F6D48F36E91339207D41A92462D9FE5DB38F66177B430,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067730Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:07.521{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C0CCAEE5B6DEE02351ADECD5C387A77,SHA256=BD2E1AD1B0B50DE2D878420C9711A371779B9828D8F7CD57C03A6ABFBBEA10F7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000032309Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:05.903{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51415-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032308Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:07.517{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A704C9EC2AA49A3FE9946D9DD94E72AE,SHA256=E6EE2D86AD5CD2F220F02C2B33E981A6B33CC807AE5B8FE360CAAB86CB1DC3B5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000067729Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:05.433{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53443-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000067731Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:08.541{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8CD8C4B154FAB307489098B32064CE22,SHA256=708E5E58F2D8A2972C87CD7E82B192734B226571CB62443AAD6FAD8FD48B74EF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032310Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:08.521{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8BD2A5C41B5BC45BDF0BA19B4441922,SHA256=07EB9115FEEB6BA5120DA8C9DA8E3FD12FF826DCBE41CA718AA4020F5064D559,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067732Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:09.608{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=29F7215110EE011E3B8008D7605105DA,SHA256=3FDC7B1609620611066FC355312F69FC690CBF4694BA18F548BE7247E5CAE513,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032311Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:09.537{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7942CE140EC82D221B9ABA869C8CE62C,SHA256=C299778F05DED72B728F9A75AB9D9FB74A99BE11F997E647590B1AFF9AD2C57F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067733Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:10.640{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=403842CD3A3764427B8CEF995B39BD9A,SHA256=9B19772DD3CACE9EE2256BABD6887482A1E43461861E687968E715531A71BFB8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032312Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:10.553{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=565BC9EFEBDDF9090ECBB956D3D22F6B,SHA256=E3A421F24FC34F72DB5F69DFA5467243DACC9722F08939F31395A1E54687002D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067734Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:11.651{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C96405E8B3B975D936A8C3F150125A1B,SHA256=88E2A890A48F0F7201ABAE0198284743EC1F6536AD601DE58EE4460F8206A661,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032313Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:11.568{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F90415C950E37FCA6BADCD0609ECCE6C,SHA256=12EA9C3C6DAEACDC1213A71E790675E1483F2D7817E11338C3440A3828938E64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067736Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:12.664{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=463DCDF3D83F28E9A3BCDDDD0A0DFFE7,SHA256=F8F72FA428CAEBA7B27015887B95346AE0E76808FE04431E8CC8525EE756AFA0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032314Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:12.584{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB2CCC1505AD980A27ED6CA7AE4FB7F1,SHA256=DB2B1379C3AE5F47A74C04BABA33AAA0A6FF37D6911010067E909588C05DE72E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000067735Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:10.469{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53444-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032315Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:13.599{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF192769E291ACC5E30E87BB4DE2CDFA,SHA256=080484638A21CF3EC6298CBF8149CFD97CFB035F9E24B793ADFADAF7626EB312,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067737Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:13.670{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45F11DFC14FA3E2D9F9F6F9CF467849A,SHA256=F6DD1B345A3406FB7DF186E96F2328AFC72CA2BD919B90EF0A9FE96BCB456F5C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067738Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:14.685{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8611F1180E19D8EF28D253C67A36E158,SHA256=A4D6740DBA089679C4FD2631F6B63406F29ACF3091DF434DFDF84E8284007604,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032317Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:14.615{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFB22914F106691271D94EA7CD7607C7,SHA256=45F1A7AEF0A95F5D476E8A78B216EA6982B9DEC668691F3CD4CC00E332D539E6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032316Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:11.829{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51416-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000067740Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:15.717{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4AA58202A3A653329C34F59190DBFAFB,SHA256=068CB4192A768E291048AC5EECD9E503577281DF33B39A52E0F35BCDA2E363E0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032318Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:15.631{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F77E56DDEDD3F484248B339EAEE4CE0,SHA256=492B79B119611D8E4DBE54F8E1C6BCE244AE89B79FFD72E4A37F04B153A24B8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067739Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:15.508{6F5BEE90-18AA-61E9-1100-000000002102}480NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=B3EA07BE6705898B49F58304501FB4C0,SHA256=19AF6C91B4A47E49788BB269AC524BBA5077FF6499B0A5CE00E1318F01921A7B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067741Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:16.744{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F1BE67AC178CF4184AD8A402CBEB89EC,SHA256=1DA27ABEDBEE6F7B626A0E4E713F49269C11FD719966CE7BAB4804407EEADD24,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032319Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:16.646{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A06C787CC7980BBF876C054D97E84A90,SHA256=F8BDD7E0CA48E03124BB4D850D94BE798AE465C667F09F3EF9B26E4B0F93ECED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032321Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:17.662{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=964AA1E983DBE3E798C7E9D3FB5274D8,SHA256=882BFC37D0E285913FDA21D31960AF9A4EEBE643D369B2BE60CF006473CFDB73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067743Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:17.756{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9219C19A4EC3A57564C443FEFCB1EB7E,SHA256=BEB2C9532F642949146C83D5A0EAB7CFBDEF2252FC04C9F2D60FE22678490362,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067742Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:17.315{6F5BEE90-18B8-61E9-2900-000000002102}2920NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0571bb7ceded66ec2\channels\health\respondent-20220120080932-147MD5=44EE2058E1CF53803DE801177DF9FF30,SHA256=D4B695239EFC7A7D204A7F26661A6155EA831FDC6A54CE0076B22CA3E58183AF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032320Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:17.412{CE7C8936-1B12-61E9-AB00-000000002202}1912NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9E11AA9F3452DB0F16F9E79CCD407159,SHA256=0B6123CF67044127245D77723D015AECD3385919E1F78356EC114EAF4F576866,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067746Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:18.771{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB58AFDA231C21569ECD622A635E085C,SHA256=C7AE5E3261AFB801D5FC53AB6A36B97CE97528254F972EC9DD3251BE2FB3040D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032322Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:18.662{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E57628B2A9A08445B9CBE7BE2F36D11,SHA256=AD4C43249FB1949365653AA810BD29C31CDA57FCC4D3FB91254607FC686AC604,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067745Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:18.332{6F5BEE90-18B8-61E9-2900-000000002102}2920NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0571bb7ceded66ec2\channels\health\surveyor-20220120080928-148MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000067744Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:16.430{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53445-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000067747Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:19.792{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=194ECF78BA8044B23C06B23FF1F76300,SHA256=6874363A03E360A279FB3F414D94705910697A92FAD3A0B6B2D0C2D32FAF9E30,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032325Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:19.678{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDF58769D6FD2BE90F64D0420E9D4803,SHA256=986E1AFB85000B6B846944AE460B97C9B4C2C4626DCBB8CD3501DF469E1C2CD7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032324Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:17.110{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51418-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 354300x800000000000000032323Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:16.969{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51417-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000067749Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:20.829{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9C1852BC6D97902A03FE57223987B29,SHA256=ECE6844F402A1D29C5A66A42FF32FD25BEFC3BC2CE684340FF3FDA0417B234D6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032326Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:20.678{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94DE528FF993D55B31673B01A88B152A,SHA256=D9FEAACA26550D27D6DA278CB8A0345D75EF991D8B2FA5C6BC49B16494F3596A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067748Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:20.703{6F5BEE90-18B8-61E9-2F00-000000002102}3024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9E11AA9F3452DB0F16F9E79CCD407159,SHA256=0B6123CF67044127245D77723D015AECD3385919E1F78356EC114EAF4F576866,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067750Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:21.834{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD4355044734EE09D8BC5A2B8B9B1405,SHA256=B340004C451D78674B7FF76C69ABB701EBB53C30A56EFAE28D09EB55010B65D6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032327Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:21.693{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5594BD4A91CCD532E5E43F23626DD6DB,SHA256=99A8B42F03C35BC8A6CDF9D9D3B1D206100C36AF200164DDAD62DC0E42FCA5FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067752Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:22.854{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F99EB71AD4EEFF4AC5954B51A9526FB7,SHA256=8EEFDEE8F206EB68C012FE000F149C668B991342A43F75E307F901EB676F0147,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032328Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:22.709{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82C3CD3F987C93D742ED276CB1F175EE,SHA256=495CE9D27C19E935EDBD14899E3A81421EE7B50C9461E73B5A7B1AE744F65454,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000067751Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:20.981{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53446-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000067754Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:23.876{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8208492D0401B8A9E0E8A1331CCC75B4,SHA256=A10B13E67CDF04BB8A90DD9B8BAEEB73F8FFB97D4EEF148A9303DC587E520555,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032329Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:23.724{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FDDE0E084D3C0D7323BFDA905BE9E2BA,SHA256=BC1ECA316F16329A0A1F3B2D2473E3A55106966578945E47A4856EEADDE19C7F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000067753Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:21.482{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53447-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000067755Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:24.893{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9DA3DB3ECAF6F6E3869331C2C3352A08,SHA256=DD4B3008F078BA07FE8CA387C9D89DF4EF6E88D850070DC0AB7AA94E70502339,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032331Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:24.740{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC49370AF0CD499064CC0CA2422A82E5,SHA256=19A1E2819C690252D85AFCE58494552E371F9DC194574F8766192E3A311A905F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032330Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:22.923{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51419-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032332Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:25.756{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2254F6DB9EE141AD3A421615B9EB2353,SHA256=92952545184361AB0E4CF109EE6B3E1E0267E11A8D85AE2160D263452D5494A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067756Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:25.904{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13DC4D63532CF34494EC5117707385BE,SHA256=5283A57CCA163D87FACD2A820DB598B958A14A2498F52F74D3CDB8B13A432656,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032333Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:26.771{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=467446EAFD45247631FD7E3850467CA9,SHA256=21A2367967E321B8C8A0FDC4AF3F0C23554396D4F1FB01181ADF7322EC4CF0C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067757Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:26.912{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9455DE1B67DB9DAB97E313CA869E5F45,SHA256=03E6EEA07834F8B1BD9C6461FBB285F52FD58E8EC1FCD3F9B3A8D23F8AECCDCA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032334Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:27.787{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8E0F1D1E41C0DAE4B1893AB88E02261,SHA256=BE9DD90D71ACCF1596C5838E917DA913D4E455F1DA456981A889384B438EF804,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067758Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:27.930{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=286620C4B2C351753F5E4492A4288E32,SHA256=7957A3570C5E94A026C092F4DCC4C3A8635843055A0F70E5E5B6D1E04D228F57,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067760Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:28.950{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=69AAB2FAE5BCABBCE6A17091F54059EC,SHA256=37163CCA7964EA5E4D0500F1B878A9697AF06D72A59ABBEB2A398FE8E5D63ED3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032335Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:28.943{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4FB666A78DE7600A404297C08447A84,SHA256=2DD567077B106D4B86141D1E712D2D3CBDD4E3385295B70201EE1E4ABFDAA22E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000067759Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:27.382{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53448-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000067761Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:29.974{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD356532E11FDDE903461CD684C0E201,SHA256=3B49F2E4882DAFBCDC0CF28FFDBF2CD02DA51CA4D76AB69ACB017C6232CE5C80,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000032336Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:27.938{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51420-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000067762Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:30.994{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2AD4F6473BF8F7CE2F2B6E971C75DD6,SHA256=EAC1625E31BD03E4F1559AEB744A3059C7F867E87F5445496C1CC317CE299C78,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032337Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:30.037{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A06D2D1795ACD909544C0B017E81F9F5,SHA256=4F121FB3D7502F692E475D8BAAC92871ABB1BC6AABB5F2B17E8926B13CA0533C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032338Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:31.052{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44BAABE691373A4D1E41A22C5D998850,SHA256=69720DED7EF0D8A4110E0585B97DC2A7B227021B364BD8411F238698F0B0ECDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067763Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:32.003{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A7196111FB0AA0146BB95F7A14C7D95,SHA256=5027F0A264148D83D8686268EFD07DB0B1B205858B634B5FC7BFFEBF96BAD45B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032339Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:32.083{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFAB2DF4C39A71EC2DC9D9A8F917B85D,SHA256=84D7A6986F3517A38CF6C829913EA3D5D1904591F1DBD3B7532263693A5EE727,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032340Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:33.099{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2029B4BE8803B6FAEF8F0435CCD58D1B,SHA256=9BFE4F93D5B11AB54DAEBAAACA419CD1846638500622495C8D02F651C5989898,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067764Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:33.026{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D6386C744EB7E31B4868A41B281C78A,SHA256=0E6BF59DE27E4865F3226BDEB3441E4BC6C4F881CC130EED9E7A2C9638192888,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032341Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:34.115{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F97A2CCB6B52AC3DD7B310C726CF1F85,SHA256=86A9BFD0333F1272794A53A328CB785045555B594A51A8F98183F2B42DB40914,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000067766Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:33.392{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53449-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000067765Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:34.061{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=027037CD1835791E9A5479E25318DFE9,SHA256=CEA4E39F679F7B88AC7F6FE8E1EBBD92F3B564C38E1278F72BB95B7B9AD796EC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000032343Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:33.828{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51421-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032342Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:35.146{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=788B3367E45D6F1348D7AE2F3353F44E,SHA256=E7679EBAAA21D16F09664732CEEFB6EEE362AA0105F07F64E6FC09368B47B63E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067767Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:35.077{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48ABFAAD5BBB1D6708EBA26223126FD6,SHA256=3BA7573A1B9EBDCB0AA8AA6C33168D363B2970A4CD4E0CE80111D196E21534D8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032344Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:36.177{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEBBCD15341DE60278BA03D927936E89,SHA256=B0D75C65001492A84BA48EE142407D114AE4A98479B1BBD427861B93BF4E4B87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067768Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:36.099{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7898C2DEEDDEB6BBCA323043D9ADB9C5,SHA256=A44F48992801E6AF0B86A34FF823C68D5F3F1B954C67F5EDE42B6E1634BEC44D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032345Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:37.193{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54AC5DB7529E2EDEA3452FF620330275,SHA256=96E05E83C275F0CCDE7B053195202948B036E75EEEFE063726AA580320B7EAFC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000067770Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:37.599{6F5BEE90-1CB8-61E9-7203-000000002102}6636C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3zus1al1.default-release\SiteSecurityServiceState.txt2022-01-20 10:41:37.599 23542300x800000000000000067769Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:37.198{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2CD28931F0E390E4B24235616673D3F,SHA256=76958C9A8D2C3D4F99A091C8DDC7F14A31D49A710DC6103BB00654485AC58028,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067771Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:38.210{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20BA8F9FFBA24995DAA265B84B064702,SHA256=2F454CA366E7F2A9249552A8B6D1E14848BC5E655D2C84F00B98DF2592027468,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032347Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:38.712{CE7C8936-1A7D-61E9-2200-000000002202}1212NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0b4c8a78fb3fad9c4\channels\health\respondent-20220120081703-140MD5=48D9DB22D5DA72E1508DB4774F89CD54,SHA256=47231F73915EFCF046725A41CCC183BD3625BDF28EF9197BB172C87CF7B7A72C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032346Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:38.225{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=95C33D6C32CAECF263EC9C669E218BA7,SHA256=1E1A244B078F3D87AFA6CB7E71BB5C1D1F6E65CCB3925DA6884B380F01272217,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067772Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:39.213{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B04BDA109D60ECADA49C2B0F85235FD,SHA256=9BBE6AA2913F432B62B83CD7C6ED001686B757D4D6DB69FAADB3D3CFDE039B9F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000032363Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:39.832{CE7C8936-3C63-61E9-1F06-000000002202}13881276C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000032362Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:39.726{CE7C8936-1A7D-61E9-2200-000000002202}1212NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0b4c8a78fb3fad9c4\channels\health\surveyor-20220120081701-141MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032361Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:39.678{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3C63-61E9-1F06-000000002202}1388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032360Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:39.678{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032359Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:39.678{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032358Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:39.678{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032357Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:39.678{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032356Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:39.678{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032355Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:39.678{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032354Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:39.678{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032353Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:39.678{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032352Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:39.678{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032351Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:39.678{CE7C8936-1A7C-61E9-0500-000000002202}388940C:\Windows\system32\csrss.exe{CE7C8936-3C63-61E9-1F06-000000002202}1388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032350Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:39.678{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3C63-61E9-1F06-000000002202}1388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032349Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:39.679{CE7C8936-3C63-61E9-1F06-000000002202}1388C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032348Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:39.241{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8559241B6AB7900A8666FD38AA8E0181,SHA256=8A4D41C2712517F33A95842A5AF4ADF658C3A3FD8A81FC766FC1CE673BB9C5EA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000067775Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:39.369{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53450-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000067774Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:40.487{6F5BEE90-1CB8-61E9-7203-000000002102}6636ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3zus1al1.default-release\datareporting\aborted-session-pingMD5=1913BD8FD3F553500B83109E0E918AE2,SHA256=786B2C06121075F5DE5AF79CA47B507D338B5D0265C95C401A35EFB0BC856459,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067773Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:40.231{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=438677EE1E0434D1B781078CF7B74BAC,SHA256=D64DFE329B5025777C957AE94F605FCFBDBF22880030D4DE77DE63D9A9F60C49,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032379Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:40.740{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=61AA4134231F8BCCFD526F4C9A1C94E4,SHA256=045EBDC9BC29E027D53EE640ACA4381C55BDC8571B74D60F4491E2684B26F6EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032378Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:40.740{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=24243C66F3CD4721D49825BE1AD1A875,SHA256=030227B683EF8D84FBF8CAA8BCB186241897EC925A597DA45E81D8DC472BA452,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032377Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:40.365{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3C64-61E9-2006-000000002202}968C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032376Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:40.365{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032375Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:40.365{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032374Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:40.365{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032373Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:40.365{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032372Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:40.365{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032371Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:40.365{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032370Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:40.365{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032369Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:40.365{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032368Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:40.365{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032367Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:40.365{CE7C8936-1A7C-61E9-0500-000000002202}388504C:\Windows\system32\csrss.exe{CE7C8936-3C64-61E9-2006-000000002202}968C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032366Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:40.365{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3C64-61E9-2006-000000002202}968C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032365Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:40.366{CE7C8936-3C64-61E9-2006-000000002202}968C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032364Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:40.256{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48D72CABD6153A5EF2F5108ABC4F423F,SHA256=AD2A41E118A4F481BCF4CC0A7C22B8D2B6300F302F95A41F04118F8838DE10F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067813Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.612{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB39ED8D9E14D8C93FF87A1F29A7985E,SHA256=C3D2EE81B8C5C8D8CF941F47B884BFF1C2E5BA14182CEF42C12E5A7F62959A51,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000032394Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:39.827{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51422-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032393Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:41.381{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9B08B65D80E6CBF0E3B13DD08AD9024,SHA256=4EC06BB858E3EA01403DD549BDE0E1A67E9C568FAFE95500A14775B9D0BF9D1A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000067812Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.306{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067811Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.306{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067810Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.306{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067809Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.306{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067808Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.306{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067807Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.306{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067806Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.306{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067805Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.303{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067804Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.303{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067803Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.303{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067802Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.302{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067801Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.302{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067800Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.302{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067799Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.301{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067798Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.301{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067797Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.301{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067796Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.301{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067795Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.301{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067794Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.301{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067793Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.301{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067792Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.301{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067791Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.301{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067790Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.300{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067789Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.300{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067788Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.299{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067787Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.299{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067786Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.299{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067785Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.298{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067784Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.298{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067783Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.298{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067782Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.298{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067781Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.298{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067780Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.297{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067779Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.297{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067778Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.297{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067777Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.297{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067776Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:41.297{6F5BEE90-18A9-61E9-0D00-000000002102}888908C:\Windows\system32\svchost.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032392Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:41.037{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3C65-61E9-2106-000000002202}288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032391Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:41.037{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032390Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:41.037{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032389Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:41.037{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032388Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:41.037{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032387Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:41.037{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032386Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:41.037{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032385Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:41.037{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032384Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:41.037{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032383Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:41.037{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032382Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:41.037{CE7C8936-1A7C-61E9-0500-000000002202}388404C:\Windows\system32\csrss.exe{CE7C8936-3C65-61E9-2106-000000002202}288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032381Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:41.037{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3C65-61E9-2106-000000002202}288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032380Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:41.038{CE7C8936-3C65-61E9-2106-000000002202}288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000067823Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:42.877{6F5BEE90-3C66-61E9-A209-000000002102}58446444C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000067822Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:42.638{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19A2EA2FBB1488C226F3023622B48047,SHA256=EC781CD8886FA0C2E8D89AE342ABC38EBAFBD9CD3E21DBF6A078609D399CD147,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000032424Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.912{CE7C8936-3C66-61E9-2306-000000002202}8816C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032423Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.787{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3C66-61E9-2306-000000002202}8C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032422Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.787{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032421Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.787{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032420Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.787{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032419Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.787{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032418Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.787{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032417Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.787{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032416Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.787{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032415Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.787{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032414Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.787{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032413Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.787{CE7C8936-1A7C-61E9-0500-000000002202}388940C:\Windows\system32\csrss.exe{CE7C8936-3C66-61E9-2306-000000002202}8C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032412Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.787{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3C66-61E9-2306-000000002202}8C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032411Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.788{CE7C8936-3C66-61E9-2306-000000002202}8C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032410Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.428{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22999C5CA030FC9B89533F77DAB8EB86,SHA256=8A1126AA1E01957C3582B29C3872BF6FD66BB25F0D2719D86480ED6A3F4E90F6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000067821Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:42.463{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3C66-61E9-A209-000000002102}5844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067820Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:42.456{6F5BEE90-18A7-61E9-0500-000000002102}392408C:\Windows\system32\csrss.exe{6F5BEE90-3C66-61E9-A209-000000002102}5844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000067819Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:42.457{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067818Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:42.456{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067817Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:42.456{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067816Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:42.456{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067815Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:42.455{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3C66-61E9-A209-000000002102}5844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000067814Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:42.453{6F5BEE90-3C66-61E9-A209-000000002102}5844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032409Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.272{CE7C8936-3C66-61E9-2206-000000002202}20883544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000032408Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.256{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=61AA4134231F8BCCFD526F4C9A1C94E4,SHA256=045EBDC9BC29E027D53EE640ACA4381C55BDC8571B74D60F4491E2684B26F6EF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000032407Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.115{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3C66-61E9-2206-000000002202}2088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032406Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.115{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032405Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.115{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032404Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.115{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032403Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.115{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032402Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.115{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032401Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.115{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032400Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.115{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032399Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.115{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032398Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.115{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032397Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.115{CE7C8936-1A7C-61E9-0500-000000002202}388404C:\Windows\system32\csrss.exe{CE7C8936-3C66-61E9-2206-000000002202}2088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032396Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.115{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3C66-61E9-2206-000000002202}2088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032395Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:42.116{CE7C8936-3C66-61E9-2206-000000002202}2088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032439Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:43.803{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8899EAABE2A776E63E9829838B8D5689,SHA256=7C2CE52DF417A3539F90D9D69C44FF67898DFB7BE23F577CE17C02F77F6765F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032438Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:43.662{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E38C04F63C4B5209A1BE12B3DD4321E,SHA256=432C374B3665973127B18C4A9BA4A126392E404502DBC648D053001CD79ED5EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067834Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:43.654{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F251AFE9FB1CE88251A19C7C06EB2BD1,SHA256=D696390C97E4BEC739CE12C2CBE172C776E5EF7E3A2A76AB7A2E2ED2C1309714,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067833Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:43.479{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=95CE4276CDC012559ACABA28C186A291,SHA256=376866B502FE3CCB8E4368A489E1F5D459B8DEECB9C402FA59F7B09850F5901A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067832Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:43.476{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=28655D228D267A011A0C89D3902F4E81,SHA256=CDF543763E3C9658E62205ADD62007CA3A9190D1EFD3618E3E9E768978D6B86A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000067831Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:43.319{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3C67-61E9-A309-000000002102}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067830Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:43.313{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067829Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:43.313{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067828Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:43.313{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067827Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:43.313{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067826Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:43.313{6F5BEE90-18A7-61E9-0500-000000002102}392508C:\Windows\system32\csrss.exe{6F5BEE90-3C67-61E9-A309-000000002102}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000067825Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:43.313{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3C67-61E9-A309-000000002102}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000067824Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:43.311{6F5BEE90-3C67-61E9-A309-000000002102}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000032437Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:43.459{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3C67-61E9-2406-000000002202}4084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032436Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:43.459{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032435Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:43.459{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032434Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:43.459{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032433Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:43.459{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032432Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:43.459{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032431Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:43.459{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032430Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:43.459{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032429Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:43.459{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032428Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:43.459{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032427Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:43.459{CE7C8936-1A7C-61E9-0500-000000002202}388940C:\Windows\system32\csrss.exe{CE7C8936-3C67-61E9-2406-000000002202}4084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032426Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:43.459{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3C67-61E9-2406-000000002202}4084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032425Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:43.460{CE7C8936-3C67-61E9-2406-000000002202}4084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032454Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:44.787{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B9E4F49242A1A57D8023EDA38F8E8CDC,SHA256=B900D1B2EBDCBB7C5181BD9B278822A6E11709639C71A4591005A83173FB34B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067837Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:44.669{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8855E8C0909E7545F545EDC3ED74AEED,SHA256=2DA7FACB7AD2876232550D5159762E35B0E3AE0890B7739C200EB96AFB155F23,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000032453Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:44.272{CE7C8936-3C68-61E9-2506-000000002202}9523404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032452Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:44.131{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3C68-61E9-2506-000000002202}952C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032451Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:44.131{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032450Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:44.131{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032449Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:44.131{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032448Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:44.131{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032447Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:44.131{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032446Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:44.131{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032445Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:44.131{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032444Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:44.131{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032443Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:44.131{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000032442Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:44.131{CE7C8936-1A7C-61E9-0500-000000002202}388404C:\Windows\system32\csrss.exe{CE7C8936-3C68-61E9-2506-000000002202}952C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000032441Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:44.131{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3C68-61E9-2506-000000002202}952C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000032440Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:44.132{CE7C8936-3C68-61E9-2506-000000002202}952C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000067836Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:43.563{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53451-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local389ldap 354300x800000000000000067835Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:43.563{6F5BEE90-18B8-61E9-2700-000000002102}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53451-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local389ldap 23542300x800000000000000067847Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:45.685{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5ECADD234EA15D9B7D51F50B6B765E5F,SHA256=E23CEC7D6E135345CBDC4B97EF4CEE4AD33D0A536D8936A3FB64B5CFAEDD85A9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000067846Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:45.683{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3C69-61E9-A409-000000002102}4492C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067845Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:45.665{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067844Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:45.665{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067843Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:45.665{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067842Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:45.665{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067841Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:45.665{6F5BEE90-18A7-61E9-0500-000000002102}392368C:\Windows\system32\csrss.exe{6F5BEE90-3C69-61E9-A409-000000002102}4492C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 23542300x800000000000000032456Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:45.803{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DCC0753077A899F7DC859085EA648C0B,SHA256=A9623326B004E5650855897FEA0F2330E0BA1DE206BFF34D9321F788EB303FB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032455Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:45.131{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5350297758FF8F157345887731A5296F,SHA256=4E8B1C2E32F9EFDDF861CA28741EBFB038710CBA69900BB78042DC24CC914730,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000067840Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:45.665{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3C69-61E9-A409-000000002102}4492C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000067839Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:45.664{6F5BEE90-3C69-61E9-A409-000000002102}4492C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000067838Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:44.481{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53452-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000067858Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:46.689{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C567D9042105DD2BBAAACE9A9CE86A0B,SHA256=8450CC9477C9144456ACA407D2624E7CBAFDB9DF44DD8D3DC0846E9F683612BD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032458Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:46.834{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FAFCBFF8C1E530A49F7A161C8929705,SHA256=9147E542BA2DD2F813EA4E099BBAF84A2A7783B7A5AD687C1CDB6F8DBA99EE3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067857Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:46.669{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=95CE4276CDC012559ACABA28C186A291,SHA256=376866B502FE3CCB8E4368A489E1F5D459B8DEECB9C402FA59F7B09850F5901A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000067856Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:46.569{6F5BEE90-3C6A-61E9-A509-000000002102}50321924C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067855Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:46.253{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3C6A-61E9-A509-000000002102}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067854Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:46.249{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067853Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:46.245{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067852Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:46.245{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067851Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:46.245{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067850Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:46.243{6F5BEE90-18A7-61E9-0500-000000002102}392408C:\Windows\system32\csrss.exe{6F5BEE90-3C6A-61E9-A509-000000002102}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000067849Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:46.243{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3C6A-61E9-A509-000000002102}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000067848Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:46.242{6F5BEE90-3C6A-61E9-A509-000000002102}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000032457Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:44.876{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51423-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032459Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:47.861{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB6CC342D0CE2456C2F5877275F21973,SHA256=54F9C25820EE0CB010E55AAB4F2617AA11BAAAB3DD59A2F0059CB5F021F37DE5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000067876Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:47.763{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3C6B-61E9-A709-000000002102}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067875Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:47.763{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067874Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:47.763{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067873Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:47.763{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067872Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:47.763{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067871Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:47.763{6F5BEE90-18A7-61E9-0500-000000002102}392508C:\Windows\system32\csrss.exe{6F5BEE90-3C6B-61E9-A709-000000002102}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000067870Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:47.763{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3C6B-61E9-A709-000000002102}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000067869Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:47.764{6F5BEE90-3C6B-61E9-A709-000000002102}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000067868Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:47.710{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6463EBDD54B1BDDA371DAFBD8E24B683,SHA256=9D945C1B001F9AF85AFBE822544BA96B5F3DCD0FBCD7CD53D146914F2D4187AA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000067867Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:47.315{6F5BEE90-3C6B-61E9-A609-000000002102}8441340C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067866Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:47.099{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3C6B-61E9-A609-000000002102}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067865Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:47.098{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067864Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:47.098{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067863Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:47.097{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067862Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:47.097{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067861Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:47.097{6F5BEE90-18A7-61E9-0500-000000002102}392508C:\Windows\system32\csrss.exe{6F5BEE90-3C6B-61E9-A609-000000002102}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000067860Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:47.097{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3C6B-61E9-A609-000000002102}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000067859Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:47.096{6F5BEE90-3C6B-61E9-A609-000000002102}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000032460Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:48.877{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D0091DF85725C3CFC384589BF65B3D6,SHA256=27BA94052BAAE7653C7A420F4317CAD4C27271E992C7D548E26A1C678CB62B50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067879Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:48.733{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=733EB61CE2FDE045634A41F008517D44,SHA256=7FE1FF14365B589CF75E57910F5B63BD5642963E801ECC28B412FEDF884337FE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067878Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:48.097{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=49049097A36D71BBBA32BA754129B6AC,SHA256=32A7BE6C549387347C1D3C75E12478F53FDE6D5ED467727C9237EF6030E2A42D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000067877Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:48.034{6F5BEE90-3C6B-61E9-A709-000000002102}24402884C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000067888Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:49.766{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0A1A269D50D4D14DCE365BE680FBE52,SHA256=C3D198F47D5C856040742D6098ACAC856D9CCDF11758FDA75E8C927B36D32895,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032461Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:49.892{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8CDEBFABA2C4991CDFD382286D5EBFE3,SHA256=555404E0F69602F7F664B117373054CB68188C15363976D01FC805266E1BABEE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000067887Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:49.734{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3C6D-61E9-A809-000000002102}7160C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067886Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:49.731{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067885Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:49.731{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067884Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:49.731{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067883Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:49.731{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000067882Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:49.731{6F5BEE90-18A7-61E9-0500-000000002102}392368C:\Windows\system32\csrss.exe{6F5BEE90-3C6D-61E9-A809-000000002102}7160C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000067881Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:49.730{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3C6D-61E9-A809-000000002102}7160C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000067880Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:49.729{6F5BEE90-3C6D-61E9-A809-000000002102}7160C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000067893Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:50.799{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=63DC2B1372D914620B95F702E8B92394,SHA256=067232AE01C0D74AA57B913B389543D02CBC277486C51749D577B712AC8F19DD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032462Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:50.924{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4F348713D7F0925AC4936C2BFCE5C79,SHA256=D25DB0FA0B856F5AA25372113B10DFCDC9781A109DC6B1ECCF02856AE55CF8FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067892Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:50.733{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0C08A2EA98F7905C57B9F06F3FA8D55A,SHA256=50FFD4FBB9456751DD28DC6B61507F198B4BE4D5CB6F630C234ED6A4F096E607,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000067891Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:49.520{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53453-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000067890Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:50.215{6F5BEE90-1CB8-61E9-7203-000000002102}6636ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3zus1al1.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=872888C183447CE7CCE64E6512953D16,SHA256=54D6C039FEBA7D74D63FA203FD8046D6508C371C4F75FA8605303BAAF8966F75,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067889Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:50.215{6F5BEE90-1CB8-61E9-7203-000000002102}6636ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3zus1al1.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032463Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:51.939{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=654022B283EC8A606BE6590285686C83,SHA256=4525706135527D341ED18D0C5C88374FDD25A03C249B9731DB8F6692D0A187BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067894Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:51.832{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B26C63BF81CB50DC592F9A4751EEF2CD,SHA256=782ECE0F165A5EF7B38CFB53F293574E4EB910FCBC5C05ABB03B8EE9000FDBB2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032464Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:52.955{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3955E643B16442CD178295D656B9D408,SHA256=037E3D25CAEB402BEC1E34BAB5C7C740CFE5B52F71DF07DBFB0D7CBCB6936B39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067895Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:52.852{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=59EADCF3F78D6A10087ADEE25A35BB04,SHA256=D0026FA06522927665E1AAA95FDB20604D8C4D8414DDEB26EA3ED9BDD08AB166,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067896Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:53.858{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B1C00F158FF0C992A0E64ACB8D40C6B,SHA256=E1B55AB0B36FE10E27F6F46DE07F398C5AB20A5D96A448928FE00579E89A3BE7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032466Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:53.971{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7483F0368E84992FBCA75B99242FFB5A,SHA256=2BCB6C3B98E91847C3DAB31617B221F951829911DD435C2EF68C00A7E6860448,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000032465Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:50.840{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51424-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000067897Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:54.889{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A01A8150803061EBB3F4D8FBB25652FA,SHA256=DD9D7098452730D883E71011D4D3D238A78F35AE3AE3730BEB4BDB15838A7FCC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032467Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:54.986{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E40B7CCC5E823AD7F9B50FD2897E2C00,SHA256=9F8B7C4EB42059D3B6BD4532FCC74F3E47F8384E52A6C529AB1F6A397A132D8A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067898Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:55.920{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7BB6479A56FC0D5EE96BC246B7A5F350,SHA256=D3B46B2D7AAC94E6BAB21BBAD2864AC18148F47DEE785CA0F40F5A5CDEFBA757,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067899Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:56.957{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=606D05667AACC0FC78428CBB00CAAC61,SHA256=DB5043EFD34FE1A2D44B99DB464D69BF9F1FA468BFAF0F83A9CFAEF65A5666BC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032468Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:56.017{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68F6FBCA0174EA2B375F6B131155E7A1,SHA256=5BAA003F5B643D21C37D2EBC3C47762D5E453FF8F656DBD19C043EFF6941ED24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067901Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:57.987{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82612466D7167818B1BE0A4F47726DF5,SHA256=31F2A53FD027206B420C750D8F3D056814E73074E7F195DDDCDE5338AF20CAEF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000067900Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:55.480{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53454-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032469Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:57.049{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4DADFCD5A64B321A17AA0C6EFFE07F1,SHA256=29FB3F3E1744C05FD19D84515A065E410EBBF4AC35C623B52A89A8827288465F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067902Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:58.988{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C2D9CE47DA887ACF9D748082167B2E3,SHA256=BBC982FFF63EA7115C2A502990026DA89684D3D4A692A484E6A1FF09103AC2CE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032470Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:58.049{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE2CAAFA90FCB0B7C2D0E545ACBB7773,SHA256=6F6FC48B1C23C4B2386588756E34A44C79D5C16C04E8B50F8D65669B1D608473,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067903Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:41:59.072{6F5BEE90-1CB8-61E9-7203-000000002102}6636ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3zus1al1.default-release\datareporting\glean\db\data.safe.binMD5=3903D72BFD08008A1C33F742AA80F9F4,SHA256=D3EFFB3E2D86A85D826F0705B9CE5A3AC034B0D698DC8FDFCC1E640E8C82DD73,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000032472Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:55.918{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51425-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032471Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:41:59.080{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F80F28DD26A086D92AA3F89F3BD849B5,SHA256=B5ACF4255082589B8FA1E0ABE4379D325BF37D67716569C464F54B5C14F6FC96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032473Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:42:00.096{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A109C45307C20F701DBC39FB421E51CF,SHA256=8959074365D0F5A9586439DB19425B4F50ABD0FB80530D3787C800F944B46475,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067904Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:42:00.018{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=23E8B300F39B2D5DADDFB79D6A9895C4,SHA256=AEF268FB723E4E307115A984C7DF8F6D454E4D085C980C59A61C92BFD41616CC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032474Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:42:01.111{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=648AA194C6D40380805703CEAFB811AA,SHA256=A9DE49084A17992E46764F9C821F9CD1300DEB0FE19ADACBD2E7709176356BCE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067905Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:42:01.037{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=35E1042565F7C2A2D4565CAB55EC4B48,SHA256=D0C8662DF5AE31AB35E24BC1E3C5ACBF07C326D5020C4F673D60EA1AED9814B7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032476Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:42:02.408{CE7C8936-1A7C-61E9-1200-000000002202}1000NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=4534CA3243EAEFAFC07E5B1C70FD0817,SHA256=8AEE195D36910B0F3A31B1C3F00FBFD205C4AF57FE4532816FEFCF6475EEAE9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032475Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:42:02.142{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F214DFE32D206B60133D16DB3E2C79C8,SHA256=F884ABF829A18393F3328402093E4458B6011C8CF20E16D3FB18D116D2375D74,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000067907Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:42:01.426{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53455-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000067906Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:42:02.056{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9CF280819E7D045DFCF8DBF135842E3,SHA256=30BDC15B8138BD611EDCA37ED872FE1C68F113C0CEB9C255F75F4CC2FB3255BA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000032478Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:42:01.918{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51426-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032477Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:42:03.158{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D9819C5112140EA090A7EA8C201A068,SHA256=249897F16EBA3E9B02E6A56FB0FF3A4835D137AB01296853597468F67F1D8CA2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067908Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:42:03.071{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0863CB7C8140DE29B3DF7450A4384477,SHA256=9E748B8AADB37D23C26874166312D5C45C9D14F9B11DEAC0D2CAC7E569190E7D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032479Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:42:04.158{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FBF67477D416FC5E91686266D3BFCD5A,SHA256=190148C4CCA62361D1E928E9A75C5167EF32023C8528DDA91B541A30A73537A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067909Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:42:04.086{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FFC8A1F99665C4F027A1EB77CB7DFCD,SHA256=ADCBDCED539D688EDD7A91EE37B8552A3E9E240CCEC05905F4E64C45C5E66AB4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032480Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:42:05.159{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E52286639194A29C97A784554C596D3E,SHA256=4C60858438A2B845A95E81A64F370E805A2A28173F8B87163FEAE802CA4C96D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067910Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:42:05.101{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F03580E507CE56258A776511C13D1430,SHA256=FB1B23D12F8451BA2A9FF58A182CF589D7F53A2566A0E904FF9D9DB3538964C7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032481Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:42:06.175{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1EA4DEE0D00E031E1683490F7AA8C2E3,SHA256=87E612B8A1C758B17E450FB28F5702F6C77B561FE94DC368F3ADF4CBB4A93AB1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067911Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:42:06.116{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB71237ACC481C02BF84BCF35A64BBC0,SHA256=9CF60EAE7ED96A8FC82CBE31A29CAEC7DD89593107A16A0B1CDCB28C1739A281,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067912Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:42:07.136{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=433556F641A056EC2A83AB185966BF82,SHA256=1A6339F485E33CFFC808624CFA9E1A3C92239537F944CDAE65C524DE50047BC7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032482Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:42:07.177{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15545F7AF6E897BE8A3485F4E8F173F8,SHA256=E162A14DE3C45BF24968CF223183EBACEEDD07CAB906F786D06CACE4B4EC7D9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000032483Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:42:08.190{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1ABDD989F2FD8192E7F590DE2BA20203,SHA256=BD51D17DAE60346D81002999BF3D39A3F498B71FD8FB924D7379251CCECBD475,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067914Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:42:08.154{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=895C0B54D75119646D3D6EC12172926B,SHA256=D53BBBCD3B9AE2D46C5583B56890DED9A1B7BEB3EA5E6247D0772FBA185994F7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000067913Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:42:06.446{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53456-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000032485Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:42:07.810{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51427-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000032484Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:42:09.206{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EAF2AB4766BD9AC2FA18991AF5E458C,SHA256=1BF4A3EAA1EDB78A37A2239BAB5290AF25287F1CF1F3DB52593DD74F75CF8193,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067915Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:42:09.169{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=734BA8E1B22513B8B3662F1C04E2F6C5,SHA256=379C4B6E441063EFFCD452AA53578E4D43C7F0C844496BEBF8D000F2D99480F8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032486Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:42:10.221{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0FF3454BA825D73278BD1F7E5B85611F,SHA256=0B5AEB5E16DAF1B6BD85A4460A2D5484FA7CBF246087E9B49E02E4D19BD39BD3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067916Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:42:10.184{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A526907B6F0B06F39EEAA6506118E210,SHA256=C66BA509D4019A7CC59F7A2617882D3B27650E85690FC89CE7ECAEC256BA7D07,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000067917Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:42:11.199{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A32704389708C91FFD6D0209D2684938,SHA256=135CA6AFC7E8A6A83C5955C25217E448B0EE669791888D70E6E383DD826ACA7C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000032487Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:42:11.237{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9009B457450687F8483A145E875B8447,SHA256=D25F33F54B5EA593679D3F99859DEB1B150993CA0C0A6D9D67DB6429B3493A7E,IMPHASH=00000000000000000000000000000000falsetrue